Recommended Posts

HawkMan

Maybe my understanding of password decryption tools are wrong but I was under the impression the tools were smart enough to work out when more than one character were the same therefore knowing that once it's got one character, if there are others with the same value then it makes a safe assumption to repeat that part, therefore making it quicker.

 

I've not used LastPass for Android but I know it's available so I would assume it's available for iOS too which would give you the answer to your iDevice :). Sure it's a premium feature but given the nature of this topic, these victims can probably afford it! In fact I bet LastPass would probably jump at the chance to get anyone of these on board as a "I know use LastPass" to secure my data kinda advertisement and offer it for free.

 

lastpass foe iOS won't have access to system/app logins. 

 

also, a properly salted password hash won't have discernable repeat characters. 

Link to post
Share on other sites
x-scratch

The Kate Upton ones were the most embarrassing.

Then again, we live in an age where celebrity sex tapes can actually boost a career.

 

 

nah jennifers were if you know what i mean :)

Link to post
Share on other sites
Praetor

Maybe my understanding of password decryption tools are wrong but I was under the impression the tools were smart enough to work out when more than one character were the same therefore knowing that once it's got one character, if there are others with the same value then it makes a safe assumption to repeat that part, therefore making it quicker.

 

I've not used LastPass for Android but I know it's available so I would assume it's available for iOS too which would give you the answer to your iDevice :). Sure it's a premium feature but given the nature of this topic, these victims can probably afford it! In fact I bet LastPass would probably jump at the chance to get anyone of these on board as a "I know use LastPass" to secure my data kinda advertisement and offer it for free.

 

this isn't John Conner ATM hacking, when once you find the first digit you move into the next one :)

 

2d20a03.jpg

 

you need to find the whole thing.

Link to post
Share on other sites
Skiver

lastpass foe iOS won't have access to system/app logins. 

 

also, a properly salted password hash won't have discernable repeat characters. 

 

Maybe not in the form of an auto populate for system but for applications it certainly does on android at least. But speaking from a quick trial of it on Android, it did allow me to copy a password to the clipboard and then paste it into things like websites (my Neowin password being the example I did use it for). Being an Android I can only assume the same would work on iOS in a similar way so for the system if an app didn't integrate well.

Link to post
Share on other sites
DocM

Does that mean, that according to US law, the underage girl is also guilty of production and possibly distribution (if she sent them to someone) of child porn?

Yes. Also true in Canada,

US

http://www.washingtonpost.com/local/teen-sexting-case-goes-to-trial-in-fairfax-county/2013/04/17/4936b768-a6b7-11e2-b029-8fb7e977ef71_story.html

Canada

http://www.washingtontimes.com/news/2014/jan/12/canadian-teen-girl-charged-child-pornography-sexti/

  • Like 2
Link to post
Share on other sites
HawkMan

Maybe not in the form of an auto populate for system but for applications it certainly does on android at least. But speaking from a quick trial of it on Android, it did allow me to copy a password to the clipboard and then paste it into things like websites (my Neowin password being the example I did use it for). Being an Android I can only assume the same would work on iOS in a similar way so for the system if an app didn't integrate well.

 

yes, but android isn't iOS, iOS doesn't allow other apps access to other apps like that. a function that would also allow malicious apps to "listen"/snoop for passwords as you input them.  as for pasting, well you can certainly paste to websites, but I'm not sure iOS allows you to paste passwords in apps and system apps. You're talking about the OS that doesn't allow you to save the password so you have to re-enter everything when you buy something on the store. 

Link to post
Share on other sites
taim

I didn't even know a few of the celebrities, marketing at its best.

Link to post
Share on other sites
Skiver

this isn't John Conner ATM hacking, when once you find the first digit you move into the next one :)

 

2d20a03.jpg

 

you need to find the whole thing.

 

I'm aware of that, ok here's an example to try and explain;

 

Using a stupidly simple Caseer Cipher with a 6 letter shift;

 

Password becomes Vgyycuxj

 

note the ss is now replaced with yy so once an application understands the method of encyption and it's logic it can use that to work out that there is a repeative character in the password making its attempts at figuring out the entire password a bit easier.

 

I know the above encryption method is stupidly simple compared to what online providers are using but I assume there is a logic that can be followed in the same way.

Link to post
Share on other sites
Skiver

yes, but android isn't iOS, iOS doesn't allow other apps access to other apps like that. a function that would also allow malicious apps to "listen"/snoop for passwords as you input them.  as for pasting, well you can certainly paste to websites, but I'm not sure iOS allows you to paste passwords in apps and system apps. You're talking about the OS that doesn't allow you to save the password so you have to re-enter everything when you buy something on the store. 

So my assumptions are horribly wrong!

 

Quite ironic that they were hit by this given that they do seem to go someway to prevent this sort of thing!

Link to post
Share on other sites
Depicus

With all the hacks iCloud has suffered, I can't help but picture iCloud as a giant cloud with an old western style swinging door, where anyone can just walk in as they please. I wonder how many more breaches they'll have to suffer before Apple takes security as more than a joke?

 

I'll give you the "Find my iPhone" crass stupidity of allowing brute force attacks but in slight mitigation it was fixed within a day.

 

However I will call you on Apple taking security seriously. As the initial bulls**t dies down and the finger pointing stops let's think about where these pictures actually came from. As has been noted there are Android and Blackberry images in the mix (no Windows Phone as who has one of those !!!) but there are also some very professional looking pictures which look like they were taken with a DSLR. Also some of these images date back a few years. So it looks like a mixture of sources and not just Apple.

 

I suspect most of the images were gained by simply logging into accounts with well known passwords, here it doesn't really matter how long it takes if I have a list of 5000 top passwords and try 50 a day so as to bypass any brute force filters, it may take me a week or a year but once I'm in that's me set.

 

Password sharing probably didn't help either. 

Link to post
Share on other sites
Praetor

I'm aware of that, ok here's an example to try and explain;

 

Using a stupidly simple Caseer Cipher with a 6 letter shift;

 

Password becomes Vgyycuxj

 

note the ss is now replaced with yy so once an application understands the method of encyption and it's logic it can use that to work out that there is a repeative character in the password making its attempts at figuring out the entire password a bit easier.

 

I know the above encryption method is stupidly simple compared to what online providers are using but I assume there is a logic that can be followed in the same way.

 

but that would mean that a big number of encrypted passwords had to be gained in order to understand the algorithm used to encrypt them, without any guarantees that is even possible at all.

 

having a big or small password doesn't matter is the encryption algorithm is weak, that's for sure, but assuming the best practices are taking place and a strong algorithm is used then a strong password does make sense.

Link to post
Share on other sites
Skiver

but that would mean that a big number of encrypted passwords had to be gained in order to understand the algorithm used to encrypt them, without any guarantees that is even possible at all.

 

having a big or small password doesn't matter is the encryption algorithm is weak, that's for sure, but assuming the best practices are taking place and a strong algorithm is used then a strong password does make sense.

Agreed, don't get me wrong I'm not trying to suggest "@1bT" is stronger than "ilovemylittlepony", length is obviously a big factor but I think the randomness is probably the better thing to aim for.

Link to post
Share on other sites
Dot Matrix

You realise that not everything that's illegal in the US is illegal in other countries, right?

I don't condone the photo leak. But going 'Oh no, she was only 17 when the photo was taken - avert your eyes!' is downright ridiculous.

The laws over here about under aged people are very strict. The difference between 17 and 18 is like night and day. I was just warning people.

Link to post
Share on other sites
Skiver

The laws over here about under aged people are very strict. The difference between 17 and 18 is like night and day. I was just warning people.

 

I have to say I'm with you on this one, it doesn't matter what the laws of other countries state when I'm on an interntional forum, I live by the laws of my country.

 

Secondly, I personally think 17 is a little too young. I know legally it may be ok but it doesn't feel right to me. 

Link to post
Share on other sites
HawkMan

Agreed, don't get me wrong I'm not trying to suggest "@1bT" is stronger than "ilovemylittlepony", length is obviously a big factor but I think the randomness is probably the better thing to aim for.

 

Not really, with a password over 8-16 characters there really is no benefit to randomness and special characters, besides the sentence I used as a password above is random enough in itself. 

 

and as far as I know, even in their basic form, the encryptions used on password hashes don't show repeatable patterns, and the best of them haven't been hacked yet either. add in a Salt and you make it really impossible and you remove other ways to exploit the hash directly as well. 

Link to post
Share on other sites
techbeck

The laws over here about under aged people are very strict. The difference between 17 and 18 is like night and day. I was just warning people.

 

Agreed.  Not to mention that the underage pics were taken by a US citizen where under the age of 18 is considered illegal.  So have to abide by the laws of the country and where said incident took place.

  • Like 1
Link to post
Share on other sites
Haggis

no you dont

 

If the age to make porn here was 16 and the age to make porn in the USA is 18 i would not be jailed for watching two 17yr old americans go at it

Link to post
Share on other sites
techbeck

no you dont

 

If the age to make porn here was 16 and the age to make porn in the USA is 18 i would not be jailed for watching two 17yr old americans go at it

 

Not what I meant.  You are an american citizen.  You take a nude pic of yourself underage and put it online or send it to people.  Under US law, that can be considered child porn and you can get in trouble sending it even if it was of yourself and if you took the pic yourself.

Link to post
Share on other sites
+warwagon

what do you think is the safer password,, that impossible to remember mess you put up there or "onedaythehorseateallthecheeseforthewin"

 

it's called "The Death of Clever"

Link to post
Share on other sites
vcfan

As has been noted there are Android and Blackberry images in the mix (no Windows Phone as who has one of those !!!) but there are also some very professional looking pictures which look like they were taken with a DSLR. Also some of these images date back a few years. So it looks like a mixture of sources and not just Apple.

or, people are likely to use the same user/pass for all their accounts,and having gained access to one means a high chance that they got access to different services using the same user/pass combos.

  • Like 1
Link to post
Share on other sites
+warwagon

As a warning, it's going around now that some of the images might have been taken at a time when some of the people were underage.

 

5205378+_67cd86828d4d08feaf0b762436b5c7a

Link to post
Share on other sites
Dot Matrix

5205378+_67cd86828d4d08feaf0b762436b5c7a

What are you doing here? Why don't you have a seat right over there.

Link to post
Share on other sites
vcfan

What are you doing here? Why don't you have a seat right over there.

I just came here to talk and only for friendship

Link to post
Share on other sites
Nagisan

What are you doing here? Why don't you have a seat right over there.

I just wanted to come here and talk...and warn her about people who might take advantage of her. Nothing bad, just making sure she's safe, I swear.

Link to post
Share on other sites
Sonne

yeah and this fifth of gin and box of condoms are just...you know things i keep with me

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By zikalify
      Instagram changes nudity policy after backlash
      by Paul Hill

      Instagram has changed its nudity policy following backlash from users after it deleted posts from the account of plus-size model Nyome Nicholas-Williams. According to The Guardian, the deleted posts showed Nicholas-Williams with her eyes closed and arms around her breasts; this apparently violated the firm’s nudity policy and it turns out not everyone may have been held to the same standards.

      Instagram was accused of discrimination in August after black people and plus-size models reported that the platform had been deleting their posts. In the case of Nyome Nicholas-Williams, Instagram also threatened to delete her account despite it being verified and having more than 62,000 followers.

      Responding to the deletions of posts and the racism accusations, a spokesperson for Instagram said:

      People like Nicholas-Williams will not have to wait long before they can begin posting on Instagram unimpeded because the company confirmed that the policy change will apply across both Instagram and Facebook starting this week.

      Source: The Guardian

    • By zikalify
      UN body raises concerns over digital assistants defaulting to female voices
      by Paul Hill

      A new publication from UNESCO has raised concerns over digital assistants which default to a female voice and the impact this could be having on people. In the new report, called ‘I’d blush if I could’, UNESCO raises the concerns that it has and how they can be addressed.

      The naming of the report highlights the issue the UN is trying to address. ‘I’d blush if I could’ is the response that Apple’s Siri gives when a user says “Hey Siri you’re a bi***.” In the report, UNESCO working with Germany and EQUALS Skills Coalition, set out five concerns that they have regarding the widespread usage of female voices for assistants, they are:

      Google has already implemented features which encourage users to use manners when speaking to their digital assistant, however, UNESCO’s report still shows there are a couple more things that could be improved. In the document, the United Nations’ recommendations around AI gendering are included. They implore companies and governments to:

      Discussing the findings, Saniye Gülser Corat, Director of Gender Equality at UNESCO, said:

      Another suggestion UNESCO gave was for the teams building the software to be better balanced. It pointed out that today women only makeup 12% of AI researchers, represent just 6% of software developers, and are 13 times less likely to file an ICT patent than men. A section in the publication recommends that this gap can be closed with gender-equal digital skills education and training.

    • By zikalify
      Gmail Smart Compose stops guessing gender pronouns
      by Paul Hill

      Looking not to cause offence, Google has altered Gmail’s Smart Compose in order to avoid guessing someone’s gender incorrectly. Before the change, Google’s AI might interpret that you’re discussing meeting an engineer and because engineers are more likely to be men, Smart Compose would auto-suggest ‘him’ even if the person you’re talking about is a woman. With the update, you have to write exactly what you mean rather than accidentally tabbing and getting the wrong gender.

      Discussing the change, Gmail product manager, Paul Lambert, said the issue was discovered earlier this year when he wrote “I am meeting an investor next week,” to which, Smart Compose, suggested the follow up question “Do you want to meet him?” even though the investor was a she. Due to the political sensitivities around gender, Google decided to stop guessing gender so it doesn’t get complaints from people down the road.

      Google’s Smart Compose uses natural language generation (NLG) to learn how to write sentences. NLG consists of collecting up sentences and studying patterns between words. When it comes to sectors such as finance and technology, Smart Compose learned that it’s usually men in those fields so it began suggesting “he” or “him”.

      According to Lambert, Smart Compose helps on 11% of the messages sent worldwide from Gmail.com. Meanwhile, the gender pronoun ban affects less than 1% of cases where Smart Compose would suggest something, so you’re experience is hardly going to change and you’re less likely to mess up your email.

      Source: Reuters via The Verge

    • By +Mirumir
      New app creates legally binding contracts for consensual sex
       
      Full coverage
       
      LegalFling - Get explicit about sexual consent, secured in the blockchain
       
      "Is this the future of consensual sex?"
       
       
    • By Hamza Jawad
      Microsoft and Amazon employees involved in sex trafficking scandal
      by Hamza Jawad

      Although tech giants like Google have been in the center of controversy surrounding sexism, this time, Microsoft and Amazon are involved in a somewhat different side of the tech industry. According to a report published recently by Newsweek, hundreds of emails sent from high ranking officials of these companies to trafficked sex workers in the past few years have been uncovered.

      Among the emails, 67 were sent from Microsoft employee email accounts, in comparison to 63 from Amazon. Quite a few more emails were also sent via employee accounts from various tech companies such as T-Mobile, Oracle, Boeing, and other local Seattle firms. Apparently, initial communications occurred via workplace accounts because Seattle pimps require an employee email or badge to make sure that their is no police involvement. Importantly, the men who sent these emails have not been charged as of yet, and not identified by Newsweek either.

      Most of the emails were obtained by the publication through a public records request to the King County Prosecutor’s Office. Some were collected by law enforcement authorities back in 2015, amid a sting operation involving several high-level Microsoft and Amazon directors. These emails document the purchase of services from trafficked sex workers, and even the tech industry's control over brothels. According to authorities, trafficked Asian women service hundreds of men each day in Seattle.

      In a statement emailed to Newsweek, Microsoft has made clear its strict policy against any employees involved in such "unethical" actions, noting:

      Amazon made a similar statement to the publication, highlighting its investigations of the matter and referring to the company's Owner's Manual, which states that, "It is against Amazon's policy for any employee or Contingent Worker to engage in any sex buying activities" in the workplace, or any work-related setting.

      Alex Trouteaud, Director of Policy and Research at Demand Abolition, a national anti-trafficking organization, noted that the tech industry is a “culture that has readily embraced trafficking.” He also felt that the tech sector was surprisingly nonchalant, with regards to this issue. In fact, according to Polaris, another leading anti-human trafficking organization, more than 700 Asian brothels are based in silicon valley.

      It will be interesting to see what more will be uncovered as in-house investigations are conducted into this matter by tech giants such as Microsoft, and whether or not the matter will eventually fall into the hands of law enforcement agencies.

      Source: Newsweek via Engadget