Guessing Passwords?

[bobbyb1980]

Came across this on CNN. http://edition.cnn.com/2011/10/12/showbiz/hacking-arrest/

Looks like some guy was actually guessing passwords. I guess he made a script to analyze the information available and randomly pick words from Facebook posts and whatnot to guess passwords. Pretty clever way of getting in, but sounds like a long, monotonous task.

[Mr-Protocol]

This method is not new, there are lots of scripts out there that spider through webpages to make a wordlist and then take the wordlist and run it as is or append numbers, change formatting, so on.

[bobbyb1980]

Considering that nearly all email services will limit login attempts to 3 times or so every so many minutes, then on top of that every login attempt after the first 2 or 3 will require the user to do the captcha, that would have to be a very, very long task.

[foo]

i hate the misuse of the word "hacker" in today's media

[Mr-Protocol]

Considering that nearly all email services will limit login attempts to 3 times or so every so many minutes, then on top of that every login attempt after the first 2 or 3 will require the user to do the captcha, that would have to be a very, very long task.

Not true, at least from when I used to do such things.

Mobile logins won't ban or lock accounts like the normal home pages do.

so say you were trying to get into login.yahoo.com

Tactics a while ago were to use mobile.yahoo.com or m.yahoo.com or even their "web messenger" to run a brute force on. It did not lock the accounts or ban IP.

Also could be the same with 3rd party sites like meebo. Just be careful when making a brute force program with meebo, a friend and I had to stop due to undesired results of dropping yahoo services for 30 minutes :P

[bobbyb1980]

I don't think it's like that anymore..