Got to love those thieving asians. Too stupid to develop their own stuff, just steal everything.
Thank god for sweatshops and ocean containers.
Do not label all asians as thieves and/or too stupid to develop anything This is mainly a CHINESE problem. Japanese and Koreans do develop their own IP, and get along better with the West.
Do not label all asians as thieves and/or too stupid to develop anything This is mainly a CHINESE problem. Japanese and Koreans do develop their own IP, and get along better with the West.
Koreans and Japanese had the same exact issues when they were just starting to make headway in technology. The only problem with china is that there is a lot more people and they have nearly all the manufacturing in the world there to allow for better copying.
Not sure what countries are "the West" but they do have better relations with the US, partly because US is their defense policy against China and North Korea.
On topic though, I would like to know if they are selling the cards themselves, or just the accounts of people. If it's just the accounts, how can there be a limit on spending (say $100) like on the picture.
A false assumption for non-critical user data. Studies show most "long and strong" passwords systemically are more vulnerable to social engineering because people write them down. Shorter passwords not made of a single word vulnerable to a dictionary attack may be crackable in a few years worth of CPU time, but the info behind a non-special users short but well constructed password isn't worth that effort, so are reasonable safe.
Doubt writing down my password on a sticky is going to risk it being stole by thieves in China. You are wrong about how much it takes to crack a password, that might have been true 5 years ago but as computers get faster & hackers get smarter about they throw random passwords at a machine.
You need to study some combinatorics and probability, and sprinkle that with performance measurement. An intelligence agency has the computing power to put real dents in how long it would take, but in a desktop/laptop a good 8 character password crack is still measured with a mean time in years. Petty thieves won't have the patience.
Look up 96 characters (potential per place), 8 characters long. Use ClassE unless you work in an intelligence agency.
As for written passwords on stickies, do you have roommates, friends, coworkers, housekeepers/maintenance personnel? Friends of friends with access to your storage space ever? How secure do you think everyone else is given the above list. You may not have a problem, you think, but might it be possible for a couple of every 100,000 folks using iTunes users to insecurely store and have their passwords compromised and forwarded to an aggregator given the above?
Quote:
I totally agree with many posts though that phishing is probably biggest way accounts get hacked, but not the only way.
This is the gold standard tactic. Keylogging in botnets is popular too.
And if you increased your examples to twelve characters, they would be orders of magnitude stronger as with each character, the numbers of permutations for a password increases exponentially.
Pasword length, more than anything else, is what is important.
And "password' is really a poor name - think pass-phrase more than password and you will have a far easier time coming up with something that is of a decent length (I shoot for at least 12 characters on any account with a credit card involved).
And as you can tell from the dates on these articles, this is not a new concept - and yet common misconception about real world password strength persists.
If you think it's annoying to have to remember a more complex password or use captcha, try cleaning up your name after being a victim of identity theft. I guarantee that it will change your view on the inconvenience of security.
No kidding. Anyone who isn't using a password manager like 1Password is a fool and compromise waiting to happen. Especially those who use the same password(s) on more than one site.
Just look at what happened with the Gawker sites - that was pretty public, but companies are hacked all the time. And those are the ones we know about! How many undetected compromises are out there? It's pretty hard to know for sure since they are undetected but if you just look at the way many people view information security (as a bother against something that won't ever happen to me) you can pretty much assume it's happening all the time.
At least that's the safe assumption - and no, I am not a tin-foil-hat wearing conspiracy theorist. For a conspiracy there is necessarily an implication of intelligence to implement it; far to often what we have instead is a combination of apathy and ignorance.
No kidding. Anyone who isn't using a password manager like 1Password is a fool and compromise waiting to happen. Especially those who use the same password(s) on more than one site.
Just look at what happened with the Gawker sites - that was pretty public, but companies are hacked all the time. And those are the ones we know about! How many undetected compromises are out there? It's pretty hard to know for sure since they are undetected but if you just look at the way many people view information security (as a bother against something that won't ever happen to me) you can pretty much assume it's happening all the time.
At least that's the safe assumption - and no, I am not a tin-foil-hat wearing conspiracy theorist. For a conspiracy there is necessarily an implication of intelligence to implement it; far to often what we have instead is a combination of apathy and ignorance.
It's an even deadlier combination
Every 3 months we should all be forced to re cycle to apple itunes a new password and credit card info .Maybe even a secret question part too.
or apple should 3rd party all itunes accounts like a paypal type deal .
Every 3 months we should all be forced to re cycle to apple itunes a new password and credit card info .Maybe even a secret question part too.
or apple should 3rd party all itunes accounts like a paypal type deal .
There are several research papers in the past couple years that show this is not the good idea it seems on the surface. Users tend to generate significantly more trivial passwords when forced to change on short intervals, and/or write them down, making the overall system less secure.
Strong pass-phrases with special characters are FAR safer and easier to use, even if used over long periods.
They took out my balance of a gift card and charged about $12.
Definitely Chinese, because I got on my iPhone one morning and all my iTunes account stuff was in Chinese.
Apple doesn't refund gift cards, but my bank easily cut the charges off. And I ended up not being able to delete the 3 Beyonce albums from my downloads, so I ended up having to put them on my computer just to delete them. I don't like Beyonce. LOL
I pestered Apple enough, however, that they ended up giving me a $25 gift card (I lost $32 in gift card money). I also removed my credit card from the account and only use gift cards to buy anything now, and I only keep at most about $10 active on the account at any time.
Comments
...doh!
I guess I'll have to change it now.
PS it won't be "Chrome".
Got to love those thieving asians. Too stupid to develop their own stuff, just steal everything.
Thank god for sweatshops and ocean containers.
Do not label all asians as thieves and/or too stupid to develop anything
Do not label all asians as thieves and/or too stupid to develop anything
Koreans and Japanese had the same exact issues when they were just starting to make headway in technology. The only problem with china is that there is a lot more people and they have nearly all the manufacturing in the world there to allow for better copying.
Not sure what countries are "the West" but they do have better relations with the US, partly because US is their defense policy against China and North Korea.
On topic though, I would like to know if they are selling the cards themselves, or just the accounts of people. If it's just the accounts, how can there be a limit on spending (say $100) like on the picture.
A false assumption for non-critical user data. Studies show most "long and strong" passwords systemically are more vulnerable to social engineering because people write them down. Shorter passwords not made of a single word vulnerable to a dictionary attack may be crackable in a few years worth of CPU time, but the info behind a non-special users short but well constructed password isn't worth that effort, so are reasonable safe.
Doubt writing down my password on a sticky is going to risk it being stole by thieves in China. You are wrong about how much it takes to crack a password, that might have been true 5 years ago but as computers get faster & hackers get smarter about they throw random passwords at a machine.
http://www.lockdown.co.uk/?pg=combi#classF
Look up 96 characters (potential per place), 8 characters long. Use ClassE unless you work in an intelligence agency.
As for written passwords on stickies, do you have roommates, friends, coworkers, housekeepers/maintenance personnel? Friends of friends with access to your storage space ever? How secure do you think everyone else is given the above list. You may not have a problem, you think, but might it be possible for a couple of every 100,000 folks using iTunes users to insecurely store and have their passwords compromised and forwarded to an aggregator given the above?
I totally agree with many posts though that phishing is probably biggest way accounts get hacked, but not the only way.
This is the gold standard tactic. Keylogging in botnets is popular too.
Applerocks (Not strong, only a matter of time before you are hacked)
Apples01 (Ok but not strong)
Apples0001 (Much better but good programmer could create cracker that guesses common words)
@pples0001 (Even better, no common word)
@ppleS0001 (Very strong, uses upper & lowercase, symbol, & numbers)
And if you increased your examples to twelve characters, they would be orders of magnitude stronger as with each character, the numbers of permutations for a password increases exponentially.
Pasword length, more than anything else, is what is important.
And "password' is really a poor name - think pass-phrase more than password and you will have a far easier time coming up with something that is of a decent length (I shoot for at least 12 characters on any account with a credit card involved).
http://www.infoworld.com/d/security-...oes-matter-531
http://www.schneier.com/blog/archive...rld_passw.html
And as you can tell from the dates on these articles, this is not a new concept - and yet common misconception about real world password strength persists.
Sigh...
If you think it's annoying to have to remember a more complex password or use captcha, try cleaning up your name after being a victim of identity theft. I guarantee that it will change your view on the inconvenience of security.
No kidding. Anyone who isn't using a password manager like 1Password is a fool and compromise waiting to happen. Especially those who use the same password(s) on more than one site.
Just look at what happened with the Gawker sites - that was pretty public, but companies are hacked all the time. And those are the ones we know about! How many undetected compromises are out there? It's pretty hard to know for sure since they are undetected
At least that's the safe assumption - and no, I am not a tin-foil-hat wearing conspiracy theorist. For a conspiracy there is necessarily an implication of intelligence to implement it; far to often what we have instead is a combination of apathy and ignorance.
It's an even deadlier combination
No kidding. Anyone who isn't using a password manager like 1Password is a fool and compromise waiting to happen. Especially those who use the same password(s) on more than one site.
Just look at what happened with the Gawker sites - that was pretty public, but companies are hacked all the time. And those are the ones we know about! How many undetected compromises are out there? It's pretty hard to know for sure since they are undetected
At least that's the safe assumption - and no, I am not a tin-foil-hat wearing conspiracy theorist. For a conspiracy there is necessarily an implication of intelligence to implement it; far to often what we have instead is a combination of apathy and ignorance.
It's an even deadlier combination
Every 3 months we should all be forced to re cycle to apple itunes a new password and credit card info .Maybe even a secret question part too.
or apple should 3rd party all itunes accounts like a paypal type deal .
Every 3 months we should all be forced to re cycle to apple itunes a new password and credit card info .Maybe even a secret question part too.
or apple should 3rd party all itunes accounts like a paypal type deal .
There are several research papers in the past couple years that show this is not the good idea it seems on the surface. Users tend to generate significantly more trivial passwords when forced to change on short intervals, and/or write them down, making the overall system less secure.
Strong pass-phrases with special characters are FAR safer and easier to use, even if used over long periods.
Definitely Chinese, because I got on my iPhone one morning and all my iTunes account stuff was in Chinese.
Apple doesn't refund gift cards, but my bank easily cut the charges off. And I ended up not being able to delete the 3 Beyonce albums from my downloads, so I ended up having to put them on my computer just to delete them. I don't like Beyonce. LOL
I pestered Apple enough, however, that they ended up giving me a $25 gift card (I lost $32 in gift card money). I also removed my credit card from the account and only use gift cards to buy anything now, and I only keep at most about $10 active on the account at any time.
So Apple facilitates these thefts through their iTunes app store, collected a percentage of the stolen proceeds as commission, and this is legal how?
How is Apple not guilty of illegal money laundering?
Shouldn't they at least be required by law to return these I'll-gotten profits?
What's their motivation to fix this problem if they can make money on iTunes gift cards AND the profits from illegal purchases using stolen accounts?