Topic: [self-moderated] Report unmerited good posts to Merit Source - page 26. (Read 51883 times)

Quote from: YourNeko on August 05, 2019, 01:24:34 PM

I was recently pwned and sent a few emails like “I have your password (they did, an old one), I also have you on camera watching porn and will send to all your contacts if you don’t send me $2,000 in bitcoin In 24hrs”.

That's just standard spam, I've seen them too and happily ignored them. Of course, it doesn't hurt to have a sticker on your laptop camera, with or without NSFW activities.

both the telecom companies and companies have created a false sense of security around phone numbers.

Gmail, eBay and Paypal all ask for my phone number "to secure my account", and although I've never tested it, I assume that means my phone number can be used to regain access to my account. And considering my phone is less secure than my PC, that is indeed a risk. Nobody will ever brute-force my passwords, but several third parties can get access to my phone (number).
It's basically an extention of the "security question", which also gives attackers a chance through social engineering.

Post Merited!

It was kinda spam. They stole emails and passwords, likely bought on the dark web, and tried to put it to use in two ways ..a fake porn claim ( I shutter or sticker all my cameras so I knew they were on bs) plus they tried logging in to my email. So the attempt was def above and beyond the classic Nigerian prince try.

Yeah I removed my number from PayPal, Gmail etc. The only dumb asses still forcing it is Yahoo email. They don’t allow for a third party 2 FA. Loyce how do you come up with your passwords? I hear using a phrase is more secure than random characters, but that seems like it’d be easier to crack?

Edit : and thanks btw!

Remember that the sims swapping vulnerabilities are not completely a password issue because once a hacker is able to swap sims, then they can reset any password that you have.

Of course, there is a bit of a chicken and egg, here because they have to somehow get into your phone account and usually that would be by having access to something in which you had used to secure your phone account, such as an email... and some of the phone companies seem to be becoming more sensitive to ensuring your security, but sims swapping does seem to continue to be a pretty BIG vulnerability area, especially in the USA, where I believe that there is a bit more laxness in terms of laws that require phone companies to allow people to swap their phones.. but then those seemingly lax procedures are used by hackers (criminals).

Oh for sure, I always paid close attention when watching Mr Robot lol. I have also been trying to clean my shit up and resetting passwords and setting up 2FA where possible. I used too many of the same ones, and they weren’t hard enough. Pure laziness can get ya! ( https://www.google.com/amp/s/abcnews.go.com/amp/Technology/fbi-wanted-hacker-jeremy-hammond-cats-password/story%3Fid%3D26884738 )

With the phone companies, you’re talking about when giving up your number and it’s passed on right ? Signal has a feature to make sure this can’t happen if I’m not mistaken.

Well from my understanding if anyone has your phone number and your account number then they can swap your sim.

That means that they get issued a new sim that has your phone number, and all of a sudden your phone is not working anymore.

So when they get a text message to reset the password to whatever email service you have or whatever other location that they are seeking access, such as bank account or apple.com or some exchange that they know you use, then they can reset any of those passwords. The e-mail is one of the sensitive ones because maybe you use an email to log into an exchange or some other service, and then they already know your log in name and your e-mail. But maybe they do not know all the exchanges that you use, but when they get access to your email then they scan through your e-mails that are stored in the account and they find various services that you use and maybe your log in name and maybe even some transactions that you have made in the past. So then they have more information to make more attacks that might lead them to more information... so maybe they do not give any shits about stealing your credit card information, but once they log into that account then maybe they will find out another e-mail that you use or they might find your mother's maiden name or they might find your address or social security number, so then at that point they have more information about you that they can use in other locations or even to call up and manually change something like your phone account or even getting into your phone account that you happen to log into ono line... and maybe they will not attack any of these until they have many of their ducks in a row so that they can attack them all at once, once they start attacking they can do it more quickly before you notice, and surely with bitcoin (or some other cryptos), they can fuck you up (drain your accounts or otherwise) in a matter of minutes (after getting into such accounts)..

ChiBitCTy

legendary

Activity: 2240

Merit: 3002

Quote from: JayJuanGee on May 03, 2020, 03:34:51 PM

Quote from: YourNeko on August 05, 2019, 01:24:34 PM

I was recently pwned and sent a few emails like “I have your password (they did, an old one), I also have you on camera watching porn and will send to all your contacts if you don’t send me $2,000 in bitcoin In 24hrs”.

That's just standard spam, I've seen them too and happily ignored them. Of course, it doesn't hurt to have a sticker on your laptop camera, with or without NSFW activities.

both the telecom companies and companies have created a false sense of security around phone numbers.

Gmail, eBay and Paypal all ask for my phone number "to secure my account", and although I've never tested it, I assume that means my phone number can be used to regain access to my account. And considering my phone is less secure than my PC, that is indeed a risk. Nobody will ever brute-force my passwords, but several third parties can get access to my phone (number).
It's basically an extention of the "security question", which also gives attackers a chance through social engineering.

Post Merited!

It was kinda spam. They stole emails and passwords, likely bought on the dark web, and tried to put it to use in two ways ..a fake porn claim ( I shutter or sticker all my cameras so I knew they were on bs) plus they tried logging in to my email. So the attempt was def above and beyond the classic Nigerian prince try.

Yeah I removed my number from PayPal, Gmail etc. The only dumb asses still forcing it is Yahoo email. They don’t allow for a third party 2 FA. Loyce how do you come up with your passwords? I hear using a phrase is more secure than random characters, but that seems like it’d be easier to crack?

Edit : and thanks btw!

Remember that the sims swapping vulnerabilities are not completely a password issue because once a hacker is able to swap sims, then they can reset any password that you have.

Of course, there is a bit of a chicken and egg, here because they have to somehow get into your phone account and usually that would be by having access to something in which you had used to secure your phone account, such as an email... and some of the phone companies seem to be becoming more sensitive to ensuring your security, but sims swapping does seem to continue to be a pretty BIG vulnerability area, especially in the USA, where I believe that there is a bit more laxness in terms of laws that require phone companies to allow people to swap their phones.. but then those seemingly lax procedures are used by hackers (criminals).

Oh for sure, I always paid close attention when watching Mr Robot lol. I have also been trying to clean my shit up and resetting passwords and setting up 2FA where possible. I used too many of the same ones, and they weren’t hard enough. Pure laziness can get ya! ( https://www.google.com/amp/s/abcnews.go.com/amp/Technology/fbi-wanted-hacker-jeremy-hammond-cats-password/story%3Fid%3D26884738 )

With the phone companies, you’re talking about when giving up your number and it’s passed on right ? Signal has a feature to make sure this can’t happen if I’m not mistaken.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Loyce how do you come up with your passwords?

My password manager creates them.

Quote

I hear using a phrase is more secure than random characters, but that seems like it’d be easier to crack?

You mean like this:
Image loading...

I don't believe this. A dictionary attack using only commonly used words makes it much more likely to crack those 4 words than they claim here. If you have to come up with those words on your own, they won't be random.

An example from passwordsgenerator.net (Note: I would never use an online password generator):

Code:

5`*t"A9TUYNW!?34yEXvu&%4&>`r:"

Something like this is beyond brute-forcing, as long as you keep it safe (so don't use a website to create it).

I now realize this is completely off-topic in my own topic, but I like the subject. I typed it already, but I suggest to take this discussion elsewhere if there's anything else to add.

JayJuanGee

legendary

Activity: 3710

Merit: 10196

Self-Custody is a right. Say no to"Non-custodial"

Quote from: YourNeko on August 05, 2019, 01:24:34 PM

I was recently pwned and sent a few emails like “I have your password (they did, an old one), I also have you on camera watching porn and will send to all your contacts if you don’t send me $2,000 in bitcoin In 24hrs”.

That's just standard spam, I've seen them too and happily ignored them. Of course, it doesn't hurt to have a sticker on your laptop camera, with or without NSFW activities.

both the telecom companies and companies have created a false sense of security around phone numbers.

Gmail, eBay and Paypal all ask for my phone number "to secure my account", and although I've never tested it, I assume that means my phone number can be used to regain access to my account. And considering my phone is less secure than my PC, that is indeed a risk. Nobody will ever brute-force my passwords, but several third parties can get access to my phone (number).
It's basically an extention of the "security question", which also gives attackers a chance through social engineering.

Post Merited!

It was kinda spam. They stole emails and passwords, likely bought on the dark web, and tried to put it to use in two ways ..a fake porn claim ( I shutter or sticker all my cameras so I knew they were on bs) plus they tried logging in to my email. So the attempt was def above and beyond the classic Nigerian prince try.

Yeah I removed my number from PayPal, Gmail etc. The only dumb asses still forcing it is Yahoo email. They don’t allow for a third party 2 FA. Loyce how do you come up with your passwords? I hear using a phrase is more secure than random characters, but that seems like it’d be easier to crack?

Edit : and thanks btw!

Remember that the sims swapping vulnerabilities are not completely a password issue because once a hacker is able to swap sims, then they can reset any password that you have.

Of course, there is a bit of a chicken and egg, here because they have to somehow get into your phone account and usually that would be by having access to something in which you had used to secure your phone account, such as an email... and some of the phone companies seem to be becoming more sensitive to ensuring your security, but sims swapping does seem to continue to be a pretty BIG vulnerability area, especially in the USA, where I believe that there is a bit more laxness in terms of laws that require phone companies to allow people to swap their phones.. but then those seemingly lax procedures are used by hackers (criminals).

ChiBitCTy

legendary

Activity: 2240

Merit: 3002

Quote from: YourNeko on August 05, 2019, 01:24:34 PM

I was recently pwned and sent a few emails like “I have your password (they did, an old one), I also have you on camera watching porn and will send to all your contacts if you don’t send me $2,000 in bitcoin In 24hrs”.

That's just standard spam, I've seen them too and happily ignored them. Of course, it doesn't hurt to have a sticker on your laptop camera, with or without NSFW activities.

both the telecom companies and companies have created a false sense of security around phone numbers.

Gmail, eBay and Paypal all ask for my phone number "to secure my account", and although I've never tested it, I assume that means my phone number can be used to regain access to my account. And considering my phone is less secure than my PC, that is indeed a risk. Nobody will ever brute-force my passwords, but several third parties can get access to my phone (number).
It's basically an extention of the "security question", which also gives attackers a chance through social engineering.

Post Merited!

It was kinda spam. They stole emails and passwords, likely bought on the dark web, and tried to put it to use in two ways ..a fake porn claim ( I shutter or sticker all my cameras so I knew they were on bs) plus they tried logging in to my email. So the attempt was def above and beyond the classic Nigerian prince try.

Yeah I removed my number from PayPal, Gmail etc. The only dumb asses still forcing it is Yahoo email. They don’t allow for a third party 2 FA. Loyce how do you come up with your passwords? I hear using a phrase is more secure than random characters, but that seems like it’d be easier to crack?

Edit : and thanks btw!

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021