Jump to content


Welcome to DBSTalk


Sign In 

Create Account
Welcome to DBSTalk. Our community covers all aspects of video delivery solutions including: Direct Broadcast Satellite (DBS), Cable Television, and Internet Protocol Television (IPTV). We also have forums to discuss popular television programs, home theater equipment, and internet streaming service providers. Members of our community include experts who can help you solve technical problems, industry professionals, company representatives, and novices who are here to learn.

Like most online communities you must register to view or post in our community. Sign-up is a free and simple process that requires minimal information. Be a part of our community by signing in or creating an account. The Digital Bit Stream starts here!
  • Reply to existing topics or start a discussion of your own
  • Subscribe to topics and forums and get email updates
  • Send private personal messages (PM) to other forum members
  • Customize your profile page and make new friends
 
Guest Message by DevFuse

Photo

Most common passwords 2012


  • Please log in to reply
58 replies to this topic

#41 OFFLINE   djlong

djlong

    Hall Of Fame

  • Registered
  • 4,189 posts
  • LocationNew Hampshire
Joined: Jul 08, 2002

Posted 17 November 2012 - 05:50 PM

Any site that lets a 'bot slam an account for a million tries without shutting it off is NOT a secure site.

...Ads Help To Support This SIte...

#42 OFFLINE   AntAltMike

AntAltMike

    Hall Of Fame

  • Registered
  • 2,725 posts
  • LocationCollege Park MD (just outside Wash, DC)
Joined: Nov 20, 2004

Posted 16 January 2014 - 08:36 PM

It was just reported on Russia Today that, until 1977, the passcode to launch United States nuclear missles was 00000000.



#43 OFFLINE   AntAltMike

AntAltMike

    Hall Of Fame

  • Registered
  • 2,725 posts
  • LocationCollege Park MD (just outside Wash, DC)
Joined: Nov 20, 2004

Posted 16 January 2014 - 08:50 PM

It must be true.  it's on the internet.

http://gizmodo.com/f...n-si-1473483587

For 20 Years the Nuclear Launch Code at US Minuteman Silos Was 00000000
197u0mkeaf3x0jpg.jpg

Today I found out that during the height of the Cold War, the US military put such an emphasis on a rapid response to an attack on American soil, that to minimize any foreseeable delay in launching a nuclear missile, for nearly two decades they intentionally set the launch codes at every silo in the US to 8 zeroes.

We guess the first thing we need to address is how this even came to be in the first place. Well, in 1962 JFK signed the National Security Action Memorandum 160, which was supposed to ensure that every nuclear weapon the US had be fitted with a Permissive Action Link (PAL), basically a small device that ensured that the missile could only be launched with the right code and with the right authority.

There was particularly a concern that the nuclear missiles the United States had stationed in other countries, some of which with somewhat unstable leadership, could potentially be seized by those governments and launched. With the PAL system, this became much less of a problem....

To give you an idea of how secure the PAL system was at this time, bypassing one was once described as being "about as complex as performing a tonsillectomy while entering the patient from the wrong end." This system was supposed to be essentially hot-wire proof, making sure only people with the correct codes could activate the nuclear weapons and launch the missiles.

However, though the devices were supposed to be fitted on every nuclear missile after JFK issued his memorandum, the military continually dragged its heels on the matter. In fact, it was noted that a full 20 years after JFK had order PALs be fitted to every nuclear device, half of the missiles in Europe were still protected by simple mechanical locks. Most that did have the new system in place weren't even activated until 1977.

Those in the U.S. that had been fitted with the devices, such as ones in the Minuteman Silos, were installed under the close scrutiny of Robert McNamara, JFK's Secretary of Defence. However, The Strategic Air Command greatly resented McNamara's presence and almost as soon as he left, the code to launch the missile's, all 50 of them, was set to 00000000.

Oh, and in case you actually did forget the code, it was handily written down on a checklist handed out to the soldiers. As Dr. Bruce G. Blair, who was once a Minuteman launch officer, stated:....

This ensured that there was no need to wait for Presidential confirmation that would have just wasted valuable Russian nuking time. To be fair, there was also the possibility that command centers or communication lines could be wiped out, so having a bunch of nuclear missiles sitting around un-launchable because nobody had the code was seen as a greater risk by the military brass than a few soldiers simply deciding to launch the missiles without proper authorization.

Dr. Blair, whose resume to date is far to long to write out here, is the one who broke this "8 zeros" news to the world in his 2004 article "Keeping Presidents in the Nuclear Dark." He also outlined the significant disconnect between the nation's elected leaders and the military when it came to nuclear weapons during the Cold War....


Edited by AntAltMike, 16 January 2014 - 08:51 PM.


#44 OFFLINE   AntAltMike

AntAltMike

    Hall Of Fame

  • Registered
  • 2,725 posts
  • LocationCollege Park MD (just outside Wash, DC)
Joined: Nov 20, 2004

Posted 16 January 2014 - 08:56 PM

The source report that the world ignored was published on February 11, 2004.  http://web.archive.o...ction-links.cfm



#45 OFFLINE   yosoyellobo

yosoyellobo

    Icon

  • Registered
  • 1,778 posts
Joined: Nov 01, 2006

Posted 16 January 2014 - 09:05 PM

At least it was not 12345.

#46 OFFLINE   carl6

carl6

    Hall Of Fame

  • Moderators
  • 10,853 posts
  • LocationSeattle, WA
Joined: Nov 15, 2005

Posted 16 January 2014 - 11:54 PM

Having worked with quite a few nuclear weapons in that time frame, some with and some without Permissive Action Link locks, I will assure you that at least part of that report is not accurate. Other parts I do not have first hand knowledge of to comment on, other than to seriously doubt the validity or accuracy of the report.



#47 OFFLINE   AntAltMike

AntAltMike

    Hall Of Fame

  • Registered
  • 2,725 posts
  • LocationCollege Park MD (just outside Wash, DC)
Joined: Nov 20, 2004

Posted 17 January 2014 - 03:30 AM

At least it was not 12345.

I remember back when vanity plates were uncommon, and a university professor I was with noticed the license plate of the car in front of us, 0 2 4 6 8 0, and said "Look at that!  If it wasn't for the "6", they'd be in a pattern."



#48 ONLINE   Laxguy

Laxguy

    Fortuna! Fameux des Halles

  • DBSTalk Club
  • 11,941 posts
  • LocationWinters, California
Joined: Dec 02, 2010

Posted 17 January 2014 - 09:40 PM

My password strength varies by the site.

My bank ones? Capitals, lower case letters, symbols and numbers. And long. Long is the best bet.

But, but, that's only four letters!


"Laxguy" means a guy who loves lacrosse.

#49 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 12,710 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 17 January 2014 - 10:02 PM

I think Fidelity's password policy is the worst I've ever seen. Even to log in online, it's all based on a phone compatible password. So for the letter b in a password, the system will accept a,b, c or the number 2. And of course it's case insensitive.



#50 ONLINE   dennisj00

dennisj00

    Hall Of Fame

  • DBSTalk Club
  • 8,372 posts
  • LocationLake Norman, NC
Joined: Sep 27, 2007

Posted 18 January 2014 - 07:49 AM

But you're always behind a https page even before you login with Fidelity and most banks.(all banks that I use)



Spending to stimulate the economy as fast as the credit cards will allow!

My Setup / Weather at Lake Norman!/ Boathouse BEES
DLB, MRV, nomad, HDGUI are HERE! . . . We're DONE!


#51 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 12,710 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 18 January 2014 - 09:21 AM

Yes, but if their database is ever hacked, every single Fidelity password would very easily be cracked. Capital One's passwords aren't case sensitive. There is just no good reason for it.



#52 ONLINE   dennisj00

dennisj00

    Hall Of Fame

  • DBSTalk Club
  • 8,372 posts
  • LocationLake Norman, NC
Joined: Sep 27, 2007

Posted 18 January 2014 - 09:57 AM

And I would expect the passwords in the database to be encrypted with additional keys from your information.



Spending to stimulate the economy as fast as the credit cards will allow!

My Setup / Weather at Lake Norman!/ Boathouse BEES
DLB, MRV, nomad, HDGUI are HERE! . . . We're DONE!


#53 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 12,710 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 18 January 2014 - 12:46 PM

Yeah, that alone just isn't good enough to make me comfortable, but for my HSA, i'm required to use them for pretax deposits from my pay. But then I use two factor whereever I can. No one should be prevented from choosing a random mixed case 20 character password with symbols. If the passwords are hashed and salted properly, there is no reason to not allow it.



#54 OFFLINE   billsharpe

billsharpe

    Hall Of Fame

  • Registered
  • 2,221 posts
  • LocationSouthern California
Joined: Jan 25, 2007

Posted 18 January 2014 - 03:56 PM

I think Fidelity's password policy is the worst I've ever seen. Even to log in online, it's all based on a phone compatible password. So for the letter b in a password, the system will accept a,b, c or the number 2. And of course it's case insensitive.

That's enough reason to make your password lengthy and not a combination of real words. First letters of phrases or sentences that you can easily remember (but no one else can) work well. Put in a number 4 instead of an F for "for", as an example.

 

The sites I dislike are the ones that limit the length of your password to 8 or 10 characters.

 

And which is the better password -- 00000000, 12345, EGBDF (for a musician), LETMEIN, or PASSWORD?


Bill

Family room: Sony Bravia KDL-40SL130
Living room: Sceptre 32 inch

#55 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 12,710 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 18 January 2014 - 04:26 PM

That's enough reason to make your password lengthy and not a combination of real words. First letters of phrases or sentences that you can easily remember (but no one else can) work well. Put in a number 4 instead of an F for "for", as an example.

 

The sites I dislike are the ones that limit the length of your password to 8 or 10 characters.

 

And which is the better password -- 00000000, 12345, EGBDF (for a musician), LETMEIN, or PASSWORD?

 

But that's the point, it doesn't matter how complex the password is. In Fidelity's case, the max length is 12 characters, minimum 6. Since it accepts 4 different options for each character in the password as valid, that reduces the entropy.

 

Now, I did just log in and it looks like they added a secret answer portion. Two of the four allow up to 31 characters, one only takes 10, and the last only allows a 4 digit number.  :bang



#56 OFFLINE   AntAltMike

AntAltMike

    Hall Of Fame

  • Registered
  • 2,725 posts
  • LocationCollege Park MD (just outside Wash, DC)
Joined: Nov 20, 2004

Posted 18 January 2014 - 04:35 PM

Back in the early 1970s, before "control" characters were widely used, if someone entered their system into Dartmouth's time sharing system, the characters would actually get typed on the teletype paper and then the teletype would take over and type maybe half a dozen characters over each.  A friend of mine used to be able to evenly erase the overstrikes and retrieve those passwords.  He could also end long distance telephone calls by whistling 1,300 cycles into the phone.



#57 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 12,710 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 18 January 2014 - 06:27 PM

I actually have a Captain Crunch whistle, the one that could be used to get into the system.



#58 OFFLINE   Cyber36

Cyber36

    Legend

  • Registered
  • 274 posts
  • LocationByron NY
Joined: Mar 20, 2008

Posted 20 January 2014 - 08:15 AM

I have the Pierre LaFoote version...... :hurah:



#59 OFFLINE   RasputinAXP

RasputinAXP

    Hall Of Fame

  • Registered
  • 3,135 posts
Joined: Jan 23, 2008

Posted 27 January 2014 - 02:57 PM

I actually have a Captain Crunch whistle, the one that could be used to get into the system.

2600!


"Belligerent and numerous."

Sometimes I update the Dish Network FAQ

AT200, Hopper & 360 via HDMI to Onkyo 505 to basement 42" Westy, Hopper via Comp-over-Cat5 to living room 42" Vizio with a Roku 3, Joey to Toshiba 32" LCD with a Logitech Revue. You want fries with that? Pull up to the 2nd window.





spam firewall