Here is a lesson for everyone, USE your god damn brain!

8 comments

That's a quote from hackmatt.blogspot.com. Some socially challenge cracker guessed Matt mullenweg's self-admittedly-lame password and go excited enough to play with himself. When that wasn't satisfying, he made a blog post about it:

Quote:
After reading one of his [Matt's] comments, it only took me 5 minutes to find out Matt's password, the funny thing is that i tried to convince myself that he wouldn't be that silly, but guess what? he is that silly!.

It is not that i only got access to his blog, he was using the SAME password —really crappy one— for ALL of his information/server/data/etc, I've got access to EVERYTHING MATT, trust me he is hanging from one of his balls right now.

Matt acknowledged the slip and has moved on. Some have suggested the revealing published comment may have been this:

Quote:
Here's a hash of my database password: ce5f9c026dbec8ca821ea3c702dc540c When you figure it out, post to my blog.

The cracker offers some insight into his own "personality" as well:

Quote:
Fortunately for him[Matt], as i said before I'm not a hacker, nor a cracker, nor a dirty bastard who did not receive enough love when i was a baby, but imagine what i could have done with that information... just think for a minute. Here is a lesson for everyone, USE your god damn brain!

Wow. What a big brain this guy has. Not only did he guess an easily guessed password based on published clues, but he -- a non hacker -- figured out what to do with that knowledge to make an ass of himself!

Comments

Ooooh MD5, not very impressive

Rainbow crack for MD5 on your own PC: http://www.antsight.com/zsl/rainbowcrack/
Site that will queue and then crack an MD5 for you: http://www.milw0rm.com/md5/list.php

You try and generate a

You try and generate a random password (letter+numbers+special chars) for every god damn website you use. You can't do that.

here's a trick

Sing a verse of your favorite song. Use the first letters of the words as your password. Append the day and month (or prepend) of some memorable date. It's good for dozens of decent passwords across numerous websites and services.

"Oh I wish I was in Dixie" --> oiwiwid062006

add semicolons when the site is "secure-ish" (finance, personal email, etc)
o;i;w;i;w;i;d;062006

They key is the thought pattern, which makes it memorable.

IMHO the biggest problem is not that users can't use safe passwords... but that coders can't stick to a consistent standard for password length and contents. I am sick and tired of companies like Verizon saying my password must be 8 characters and cannot have a semicolon or "must have a number in it" or whatever. Those coders have not earned such authority.

Actually...

I do just that! I sprigged $50 for a USB smart card reader + writer and actually demand any employer purchase one as well for my use in the office. Once they realize how cheap the smart cards are and how much more secure you can make an office (no more changing corporate-wide passcodes, just deactivate a card), they have always put me in charge of that department as well.

It's "simple". You save your firefox password cache (encrypted, please) to your smart card. Voila. The smartcard authenticity we use for corporate passworded things (email, etc) use GnuPG-based public/private key encryptions w/ the private keys residing on the smart card (which are password protected by the employees).

I only have a "junk" password i use for promotional gigs that i probably wont' visit more than once or really don't give a damn if it is hijacked, but I really only have one 'standard' password that i type in...and that's the key to the smart card.

which on hopeseeker?

What do you use, and what software? Let's see if it's "easy" or not.

asdf

Expertu

Quote:
You try and generate a random password (letter+numbers+special chars) for every god damn website you use. You can't do that.

I do. Using Keypass, I store the password database on a USB drive. I generate 8-24 character passwords for each new entry for any website that I may reuse (and am therefore using a real email address, rather than a mailinator/dodgeit one). You can even force passwordsto expire, at which point you'll have to generate a new one.

I have not one clue what the passwords I've been using for the last year are. Its great.

I have not one clue what the

I have not one clue what the passwords I've been using for the last year are. Its great.

That's awesome man. Can you message me some more info on that ?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.