Did WoT just leak my password?

Apollo702
Posts: 1213
Joined: Thu Sep 12, 2013 4:40 pm

RE: Did WoT just leak my password?

Post by Apollo702 » Fri Nov 06, 2015 8:12 pm

As I have said several other times in a single sentence. Just use a PW manager such as LastPass and set your PWs to a minimum of 14 characters and be done with it.

I am going to help you out here. Knowing things isn't enough- in the real world in many ways possession of knowledge and banging it over other people's heads can hurt your cause. When I was young I discovered that I was gifted. In many ways other people from my POV were stupid. At that age I made the mistake that you are making right now and it hurt me. It took time and effort to know when to show humility and to learn to build others up. Communication and presentation tend to trump substance. Many of the top salespeople don't sell the best products. People never were buying the product. They are buying the salesperson.

Technically all the points about entropy and the like are correct. None of that is going to matter. What people are going to read is all of the negativity. This is a chance for you to learn and grow.

Good luck.

destinationtruth
Posts: 806
Joined: Tue May 12, 2015 7:47 pm
Location: Cherokee Nation

RE: Did WoT just leak my password?

Post by destinationtruth » Fri Nov 06, 2015 11:23 pm

<quote user="gness">
As I explained to you in PM and am willing to explain to the public here:
Server was acting very weird. I was not getting messages correctly and when they finally arrived after all this time — they are jumbled around to the point where I can't anymore keep track of their order as the timestamps are bugged.
The mod — shazza, as it turned out after I read the long-awaited messages, was nice and cooperative.
I nagged her too. My apologies where appropriate.
[/quote]

First I was one that flagged your post for profanity. Second you're acting more like a troll then a concerned member. Third if you really had major issues then you should have taken them to the "Support" forum.

I would suggest to others to stop feeding him.

Gness
Posts: 28
Joined: Sat Jul 25, 2015 6:45 am

RE: Did WoT just leak my password?

Post by Gness » Sat Nov 07, 2015 1:27 pm

<quote user="apollo702">
In many ways other people from my POV were stupid. At that age I made the mistake that you are making right now and it hurt me. It took time and effort to know when to show humility and to learn to build others up. Communication and presentation tend to trump substance. Many of the top salespeople don't sell the best products. People never were buying the product. They are buying the salesperson.
Technically all the points about entropy and the like are correct. None of that is going to matter. What people are going to read is all of the negativity. This is a chance for you to learn and grow.
[/quote]

I'm sorry but I advocate freedom of knowledge. I will share information regardless of whether people are capable to understand it. If even one person learns a thing due to my efforts — it's worth it.
More over, my most important point there was about building up awareness. WoT is plagues with people possessing none of the awareness skills rating websites based on stereotypes and leading others to the same fate.

<quote user="scamkiller73">In WOT M8?[/quote]
In Internet. If you missed it from my previous posts — no major service in Internet 9 years ago let users set "123" as their password.
But WoT apparently did? WoT admins couldn't not know this for 9 years. They could've changed it at any point, yet they didn't.
<quote user="scamkiller73">As far as I know administration (not WOT, other forums) can reset passwords just like that, without leak or other problems, for safety of users because they need to be changed often, but users generally because of laziness don't change, and reset of the password and helps to overcome this laziness.[/quote]
AFAIK it never happens without a concerning precedent.
Also keep in mind they didn't just increase requirements — they completely locked out anyone who didn't change their password.
Here's an example: Steam recently slightly increased requirements for their service' passwords. Guess what. Nobody was locked out. It's just that if you decided to change your password voluntarily after that point — you had no way of going back to the old one in case your old password was not compliant to current requirement.
Botnet protection is still only a protection. Not immunity. Everything can be hacked especially if given 9 years.

Also as a funny sidenote:
xkcd.com/936
Keep in mind that "correcthorsebatterystaple" would actually be bruteforced very quickly with a dictionary.
But Randall Munroe is generally right in this vector of thought. It just has to be spliced by some measures against dictionaries like "corr!ecthorsebatt!erystaple" or "curructhursubutturustuplu" while still being as easy to memorize with addition of one simple rule(exclamation mark after double-letters or substitute every vowel with "u" respectively).

Apollo702
Posts: 1213
Joined: Thu Sep 12, 2013 4:40 pm

RE: Did WoT just leak my password?

Post by Apollo702 » Sat Nov 07, 2015 8:54 pm

I have said all I have to say. Enjoy posting to yourself.

alphacentauri
Posts: 3291
Joined: Mon Nov 02, 2009 12:52 pm

RE: Did WoT just leak my password?

Post by alphacentauri » Sun Nov 08, 2015 2:57 am

RE: Did WoT just leak my password?
Since I don't use the same password here as I do anywhere else, the damage would be limited, even if they had.

If you are conditioning your participation on a website with the expectation that you are guaranteed it will never be breached, turn off your computer now and go read a book.

Since WOT is under new management, I don't find it surprising they would want to get a fresh start with member usernames and passwords.

Gness
Posts: 28
Joined: Sat Jul 25, 2015 6:45 am

RE: Did WoT just leak my password?

Post by Gness » Tue Nov 24, 2015 4:25 am

<quote user="alphacentauri">
If you are conditioning your participation on a website with the expectation that you are guaranteed it will never be breached, turn off your computer now and go read a book.
[/quote]

Oh God no. I'm not a privacy freak as most people on Internet seem to be nowadays. There are infinite safety nets for cases when your private information gets exposed. The only people who get "scammed" are the people dumb enough not to take counter-measures even after the fact of leakage.
In fact I fight against privacy. What I'm angry about is that no major company ever mans up to admit they ****ed you over until pinned down. I hate lies and concealing the truth is a direct equivalent of a lie.

Story time:
Of course my password was stolen a couple of times over the many years of diverse Internet activity and, as I stated above — its strength makes no difference.
The funniest case was when I was hosting a server for a game, a homepage website for it and an FTP with a cracked download of the game I cracked myself publicly.
Some guy was randomly scanning FTPs and found mine. He downloaded the game and gained access to my Skype.
The thing is: while cracking the game I had to put in my real credentials as I bought the game as most crackers do to trace callbacks in the code and they happened to be the same credentials as in my Skype account. I could've purged them after I cracked it but I made a mistake. The game applied some pathetic static encryption algorithm to it which the guy decrypted with a publicly available automated tool.

Imagine my surprise when I realized that, firstly — you can be logged into one Skype account from two different IPs at the same time, and secondly — I see how my Skype client presumably sends messages to other people without my interaction. Not immediately did I realize this as that is a major security flaw and I thought better of Skype at the time. I thought someone had a rootkit on my PC. Remote administration kinda deal. But then we started conversing. He and I. From Skype's message history point of view — it was just me talking to myself being a total schizophrenic. The guy turned out to be a friendly hacking hobbyist fella. He explained his scheme, then we added each other as contacts and I changed the password :)

If you didn't know it already — Skype was originally written by a band of high-skilled hackers.
You can't debug it properly and it uses network in a very weird advantageous way. Good stuff. I've had my fun with it.
None of this is the reason I ditched Skype. I just grew very unhappy with the way it was developed as a product over the years.
Now it's only Discord for me.

P.S.
Did you imply the password lockout could be due to a new management team? I have to admit I did not know WOT has new owners. This sounds plausible, to be frank.

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests