Page 4 of 4 FirstFirst ... 234
Results 31 to 33 of 33

Thread: FYI: Steam accounts were hacked (around 10th November)

  1. #31
    Quote Originally Posted by User137 View Post
    And like i said, if you fake your IP you can't hack, only DoS.
    Fake IP? What are you talking about?

    Quote Originally Posted by User137 View Post
    I can prove the subnetting restriction with example: From your home computer, it is not possible to directly connect to local universitys internal network even if you fake your own IP network mask same. That is why schools have SSH or VPN login systems.
    That's becouse in this case your computer doesn't physicly belongs to the same network. Computers belonging to local network actualy belongs to same physical network and acces the web trough router wich transmits local network data to WAN network and vice versa. In a way router is come kind of a bridge between LAN and WAN networks.
    But if you have some system wich needs to run on miltiple servers wich are spreaded troughout the globe you can't connect all theese servers to same physical network wich means that your network is somehow exposed to internet and this also increases its vulnerability.

    Quote Originally Posted by User137 View Post
    About easy passwords people make, ok, could be that large amount of people try to make them as easy as possible for them. However this topic was about hackers trying to guess them. I have been trying to make it clear that most systems will not let them try it many times in a row. They have to guess it right in 10 attempts in most cases. I don't want to try how many times Steam actually allows. Login policies for admins can be built even stricter.
    Yes this topic is about hackers and what do you mean what have been hackers thinking even before they have done the hacking. One of the subjects was definitly thinking of whatkindoff passwords are most offtenly used. What do you think how was dictionary approach off breaking passwords developed in a first place?
    And yes most systems have some safty feture wich prevents quesing passwords by trying thousands off different passwords in a short period. But since most of theese passwords is the same for longer periods the hacker actualy has so much time as that period lasts. Becouse of this there are a lot off systems wich actualy forces their users to change the passwords regulary. But since most humans have difficultis remembering their passwords they actually just use the same base password and just ads number a the end (predictable pattern wich makes guesing easier).

  2. #32
    Quote Originally Posted by User137 View Post
    And like i said, if you fake your IP you can't hack, only DoS.
    This is an interesting point. Actually, I think you can if you use a combination of IP spoofing and sniffing so that you have continuous communication with the server, which believes you are somebody else. This may not be as easy as it sounds, but it is certainly a possibility.

    In either case, both issues are related as you are trying to protect against hacking by making the server vulnerable to DOS attacks.

    Quote Originally Posted by User137 View Post
    Subnetting is about communicating with computers in same network group. You cannot form a network group with a computer out in the Internet, especially if he is using a fake IP.
    Actually you can by using NAT and ports translated to local addresses, this is how actually subnetting works. In addition, you can always resort to using proxies, including those running as trojans on random user's machines.

    Quote Originally Posted by User137 View Post
    I can prove the subnetting restriction with example: From your home computer, it is not possible to directly connect to local universitys internal network even if you fake your own IP network mask same. That is why schools have SSH or VPN login systems.
    Again, please be careful with red herring. SSH, VPN, Subnetting and IP spoofing are four different independent topics not directly related to each other.

    Quote Originally Posted by User137 View Post
    About easy passwords people make, ok, could be that large amount of people try to make them as easy as possible for them. However this topic was about hackers trying to guess them. I have been trying to make it clear that most systems will not let them try it many times in a row.
    Good, now let's take the premise to which you have agreed, that many people use simple passwords instead of strong ones. Now take another premise that Stream accounts were hacked. Therefore, even if data was encrypted, it is easier to crack these passwords than the best-case scenario as these passwords are prone to guessing and once the hackers have this data, their guessing potential is unrestricted by delays, processing power and so on. Therefore, there is a high chance that they actually acquire user's private information. This was my original point.

    Quote Originally Posted by SilverWarior View Post
    Fake IP? What are you talking about?
    IP spoofing is a technique of modifying IP packet header to change the source address to fool the server into thinking that the packet was sent by somebody else. This is sometimes accompanied by a sniffer, which can also intercept the packets to interpret their contents.

    Btw, is it just me or there have been no discussions on PGD other than this one lately? We urgently need more controversial topics!

  3. #33
    Quote Originally Posted by Lifepower View Post
    Btw, is it just me or there have been no discussions on PGD other than this one lately? We urgently need more controversial topics!
    I agree...and I started this thread! haha

    More other topics please!

    cheers,
    Paul

Page 4 of 4 FirstFirst ... 234

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •