Thread: General Virgin Media urges password change over hacking risk
View Single Post
Old 27-06-2017, 12:43   #49
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 68
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,658
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by Kushan View Post
Even a cluster that size will struggle to brute for a decent long passphrase. 15 characters? Sure, probably in hours, but when you get to the likes of 30+ characters then it becomes an issue even at that scale.

That's only really achievable with a passphrase. To be clear, the most secure password is completely random string of characters, with symbols, letters, numbers (and ideally even unprintable characters :P) however I would argue that this is not the best password. You have to be able to remember a password, or you'll end up writing it down*. That's what I mean when I say "Best" - something that is the correct trade-off between "memorable" and "secure". A pass-phrase with some substitutions is by far the best compromise there.

* Please note that I strongly advocate the use of a password manager for your day-to-day passwords.
That's the thing, you understand that but when people say a passphrase is the best it actually isn't unless you actually use substitutions. Without the subs it just becomes a simple dictionary attack and that will be quicker than brute forcing a random string even if your phrase uses the maximum amount of characters.

You also have to be careful what subs you use. e.g. subbing a 4 for the letter A etc is useless the mask and rule set used in the attack will soon find that. Symbols (AKA special characters) and the odd number thrown in is the way to go as far as a passphrase is concerned.

---------- Post added at 12:43 ---------- Previous post was at 12:39 ----------

Quote:
Originally Posted by tidder23 View Post
they could do a man in the middle attack which means they can funnel all your traffic through them

one thing they could do redirecting online banking sites to trick you to give up your information

years ago I used to take over my brother's Facebook account and write stupid messages on his wall

and if you are thinking there is no master hacker living near you
the hacking tools i used was basically a numbered list (press 1 to hack and press 2 to evil laugh)

only thing stopping them is your Wi-Fi password
I don't think you realise what a "Man in the middle" actually is. It is a means to get your wifi password as well as getting everything passing through their connection which will record everything.

Man in the middle is a way of fooling you into thinking you are connecting to your network when you are in fact connecrting to another one entirely. If done correctly you wouldn't even know.
pip08456 is offline   Reply With Quote