Discussion Topic |
|
This thread has been locked |
Winemaker
Sport climber
Yakima, WA
|
|
|
Sep 16, 2017 - 12:51pm PT
|
If you want to make it REALLY tough to brute force crack a password, add some characters the hacker wouldn't even try. For example there are all the ASCII codes most people don't even know exist; press and hold Alt and then type the code number. Alt 214 = ±, Alt 248 = °, Alt 227 = π, Alt 228 = Σ, Alt 178 = ▓. There are all the Greek letters, mathematical symbols, plus lots of other stuff. That would throw a hacker off! Of course ASCII codes generate numbers and letters also; Alt 66 = B for example, so with the extended ASCII code there are 255 characters available.
|
|
DM88T
climber
Dave Tully SanDimas,California
|
|
|
Sep 16, 2017 - 01:23pm PT
|
I found that sites that ask you to create a password have a very limited set of special characters that they will accept.
|
|
zBrown
Ice climber
|
|
|
Topic Author's Reply - Sep 16, 2017 - 06:23pm PT
|
I've had success with all three in the past in getting my credit report. I even got them to correct items which I disputed.
I have never had to s-mail anything in the past.
The last time I tried (can't remember which one) I was informed that I'd already gotten my report for the year (untrue). I was busy so I didn't follow up.
I will now.
Equifax, under duress, is supposed to be waiving fees for credit freezes.
But, who ya gonna call Ghostbusters?
The tale began on July 29, when the company’s security team detected suspicious network traffic associated with the software that ran its U.S. online-dispute portal. After blocking that traffic, the company saw additional “suspicious activity” and took the portal’s software offline.
At this point, Equifax’s retelling grows cloudy. The company said an internal review then “discovered” a flaw in an open-source software package called Apache Struts used in the dispute portal, which it then fixed with a software patch. It subsequently brought the portal back online.
But that vulnerability had been known publicly since early March 2017, and a fix was available shortly thereafter — facts that Equifax acknowledged in its Friday statement. The company did not say why the software used in the online-dispute portal hadn’t been patched earlier, although it claimed that its security organization was “aware” of the software flaw in March, and that it “took efforts” to locate and fix “any vulnerable systems in the company’s IT infrastructure.”
|
|
zBrown
Ice climber
|
|
|
Topic Author's Reply - Sep 18, 2017 - 08:19am PT
|
Ain' that some crap?
Hackers have successfully breached CCleaner’s security to inject malware into the app and distribute it to millions of users
...
CCleaner has been downloaded more than 2 billion times according to Avast, making it a popular target for hackers. Dubbed “crap cleaner,” it’s designed to wipe out cookies and offer some web privacy protections. 2.27 million users have been affected by the attack, and Avast Piriform believes it was able to prevent the breach harming customers. “Piriform believes that these users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm,” says an Avast spokesperson.
|
|
zBrown
Ice climber
|
|
|
Topic Author's Reply - Sep 18, 2017 - 09:11am PT
|
The U.S. Justice Department has opened a criminal investigation into whether top officials at Equifax Inc. violated insider trading laws when they sold stock before the company disclosed that it had been hacked, according to people familiar with the investigation.
|
|
Reilly
Mountain climber
The Other Monrovia- CA
|
|
|
Sep 18, 2017 - 09:11am PT
|
My financials are behind my password, of course, but then if a 'puter other than one of our known ones tries to enter they will have to answer our security questions. And even on the odd occassion when I use my phone I have to answer the security questions, which are case sensitive, Sergei or Hung Way Short are only gonna get five cracks at getting in.
|
|
fear
Ice climber
hartford, ct
|
|
|
Sep 18, 2017 - 10:21am PT
|
The U.S. Justice Department has opened a criminal investigation into whether top officials at Equifax Inc. violated insider trading laws....
lol... right... I'm sure that'll go anywhere.
|
|
zBrown
Ice climber
|
|
|
Topic Author's Reply - Sep 18, 2017 - 03:11pm PT
|
What do u want for nothing - rubber biscuits?
Have we ever seen any big insider cases?
Well yeah, Mama Stewart. She got 5+5+23 months.
Others?
What were the penalties at Enron?
Skilling, though he had more than IT going on got 24 years (reduced to 14) and $40 million of his ill-gotten gains to be distributed to victims
|
|
Jon Beck
Trad climber
Oceanside
|
|
|
Sep 18, 2017 - 03:44pm PT
|
I like the security layer that requires you to receive a code on your phone and re-enter it on their website. Google and Wells Fargo use it.
Of course if the thief gets your phone?
|
|
NutAgain!
Trad climber
South Pasadena, CA
|
|
|
Sep 20, 2017 - 10:50am PT
|
Nice one DMT.
More info about the evolving clvsterfvuck of Equifax:
https://www.theverge.com/2017/9/20/16339612/equifax-tweet-wrong-website-phishing-identity-monitoring
In short, their systems are so screwed up that their recovery websites are associated with a different domain than the company, so you can't tell if you are dealing with hackers taking more advantage of the mess or the official company. In fact, Equifax support personnel have wrongly directed customers to a website set up as a hacker proof-of-concept website, showing how untrustworthy the whole shebang is.
In short, you are almost as well off not trying to freeze your account as you are to freeze it, if you can't verify you are giving your private details to an entity posing as Equifax.
|
|
Lollie
Social climber
I'm Lolli.
|
|
|
Oct 19, 2017 - 02:35pm PT
|
"The GDPR also expands the definition of what personal data is, and brings additional requirements such as a right for consumers to see what information is held about them and have it deleted on request — so there are other big changes incoming."
This is not new. We've had that right for ages. There are excepted records of course, one cannot demand records of criminal acts removed, and such things.
I've used it against Facebook like maybe 10 years ago. Back then one wasn't allowed to have any other account but your real name account, so they closed my Lollipop account. But they kept all the photos, information etc, without me being able to remove anything. As I was pissed off, I threatened to take them to court as it was against the law in Sweden and Europe, and they - at least they said they did - backed down and erased all my material. (I didn't bother to actually drag them to court so they would have to prove that it was really deleted from their servers).
But this new variety of the law is tough. It affects almost everyone, businesses and authorities alike. And we better comply. But as most over here agree with the basic viewpoint, the right of the citizen, we just do it. No big deal. In the long run it ensures the freedom and protection for the individual.
As you maybe know, we do not consider corporations people, (extremely funny notion as I see it:-D) so therefore any individual EU citizen has greater civil rights than a corporation does, and therefore it will be no contest about who has the right to a higher degree of protection.
|
|
|
SuperTopo on the Web
|
Let us know!