You're mixing two people's statements into one.

But - when the whole Wikileaks fiasco started hacker groups threatened "massive attacks" if anything happened to Wikileaks.

Amazon pulled Wikileaks from their hosting servers and this was the first one I got hit from. Paypal was also very slow for a few days after they pulled Wikileak's account. I'm sure it was a result of an attack of some kind.

While I didn't say Wikileaks was behind the attack, the attacks are in retaliation to what happened to Wikileaks.

I'm nervous about my domains at GoDaddy now, too. That's the same registrar what Wikileaks is registered with and I can't risk the big investment I've made with a lot of them - I've already started to move many of mine out of there. Yes, I've changed my password there but it's still too risky (yeah, I'm sure GoDaddy is too scared to do anything (they have no guts) but it's still not worth the risk).

Starting to agree with irritation at hackers right now...

Rapscallion

Yeah, "hacker groups" did threaten and follow through on attacks in response to actions against WikiLeaks. What I'm arguing against is the apparent assumption that WikiLeaks itself is responsible for this. Greenday seems to think that WikiLeaks has or shares direct responsibility for these events when it did nothing to orchestrate them. Was Rodney King responsible for the L.A. riots? I think not.

And it seems that, judging by http://www.fratching.com/showthread.php?t=3866 , Greenday is looking to blame anything and everything on WikiLeaks. So, what's your real problem with them?

Wikileaks leads the way for destruction of the world's governments. It seems to be hellbent on complete anarchy. They are spies, terrorists, and scum.

WikiLeaks is not trying to destroy governments or induce "anarchy".

http://web.archive.org/web/200803142...ikileaks:About

My one problem is the use of the word 'ethics'. In my job, ethics are what people pay us a premium for so they can feel good about themselves. In most cases, it's what a person agrees with.

I joined Avaaz for a petition, for example, and I wholeheartedly agreed with it. I think it was one of the stoning a woman in a middle-eastern country. I signed one or two more petitions. A bit later I saw one that really made me step back.

Stephen Harper had had lunch with a media businessman who was apparently interested in a Fox news type organisation in Canadalandialand. This was apparently abhorrent. It must not be allowed.

Now, we don't have the first amendment over here, but red flags about freedom of speech started to go up at this point. Avaaz stopped getting any of my support right there. Good causes, I was happy with. Political agendas? Sod that.

I really think that the motivation involved for all things like this needs to be examined by all sides. I don't mind Wikileaks apparently revealing corruption. I do mind if those defending it take it out on every smegger they can find.

Rapscallion

I don't mind the hatred for the people causing collateral damage by attacking those they perceive to have acted against WikiLeaks.

But I'd really like people to realize that most of the actual hacker attacks going on right now are either completely unrelated, or groups using the WikiLeaks brouhaha as a distraction.

^-.-^

The big problem with #4 is that the other three make it almost impossible.

Since it is advisable to make all of your passwords complex and to change them every 90 days, AND the fact that you need to use a different one at every different site you use...

Me for example, two e-mail addresses (one for personal and one for my work), World of Warcraft, Ebay, Paypal, Electric Company, Gas Company, Metrocast, Netflix, MobileMe, about a dozen forums, library, facebook, Yahoo Answers, iTunes, Work Domain, Electronic Medical Record program front end access (user interface), EMR Program Back-End access (administration), Bank, Pre-Paid card, USAA Insurance, Medical Benefits, Amazon, Warehouse 23 (Steve Jackson Games), Country Home Products, and a host of other shopping sites...Even I don't have the mental ability to remember them all.

Hence this is the reason that I ignore #4. Changing upwards of 50 passwords every 90 days is not possible for my level of memory. It's good, but not that good.

So I have my little Rolodex with a card for every site and every password that I use and have used in the past. I also have an iPhone app that is my mobile store of passwords and is what generates some really nice and complex passwords that aren't going to be cracked with a dictionary attack but will have to be brute forced and that's going to take on average considerably longer than the 90 days until I randomly generate a new one.

And even the password vault on my phone is secured with a password (one of the few I bother to remember) that is complex and not easy to guess and if my phone were to be lost, I can use my MobileMe account to track it and if needed, remote wipe the sucker to prevent anyone from getting to my data.

So while I do adhere to the first three, Number Four is one I can't be bothered to deal with simply because it is getting to be impossible to do.

Well, the don't write it down can be ignored for the most part..IF you have someplace you can put the passwords that is not obvious. If you are going to post them on or next to your computer that other people can access or see? Just use simple passwords, cause it is no less secure.

Oh, there's a big difference between using a simple password and writing it down next to your computer.

Even a work computer will have maybe a couple dozen people who go near it regularly while a weak password has the potential for thousands of different people attempting to brute force their way in.

Plus, even if you write a password down, you can obfuscate it and/or hide what it goes to. My boss has a couple of those. If you don't already know enough to get into the account on your own, what she's written down won't help.

^-.-^

How does this brute-force thing work, anyway, given that so many sites lock you out if you enter the wrong password three or so times?

The brute force attack isn't an attack from the front end. It's an attack that can be used to break the encryption on the database that the host computer uses.

For example, Windows uses the MD5 standard. There is a file in the Windows directory (buried a ways down the folder tree) that holds the passwords in their encrypted state. When it asks you to put in your password, it'll encrypt the password you give to the same MD5 encryption and then compare it.

This is not the exact encryption, but this is an example. Say your password is "treebeard". It'll be encrypted into something and stored as a hexidecimal value. So that treebeard may turn into something that looks like 23DA3F3F4B3F4CFF5A.

So when you type "treebeard" into the logon, it gets encrypted and the hex strings should match.

A brute force attack means that someone has access to that encrypted data base and will try to first do a dictionary attack against the database. Since treebeard isn't a dictionary word, it'll have to break it by starting at aaaaaaaaa and going from there.

aaaaaaaab
aaaaaaaac
etc and so on.

An average desktop doing a brute force attack can break that in 6 days. If someone has a bank of desktops to divide the work (in a distributed networked process) it could go much quicker. In my house there are 6 computers. A media server and laptops for me the wife and the three kids. So I could bust that in a day.

Some of the hacker farms in Korea with hundreds of computers at their disposal could whack it in minutes.

honda2007 as a password would be broken by a single PC in 117 days. Throwing in Capital letters (Honda2007) increases that to 42 years for a single PC. Adding punctuation (Honda2007!) increases that to 242 years for a single PC.

So this is why the more complex you can make your password, the more secure it is.

For example "S65bawEc@R" (PC Tools Randomly generated password) takes 17,000 years. My choice is for a 14 character password which for example "tresPa6a@4q5d6" would take 564 Billion years for a single PC to crack.

Now as technology improves, these times get smaller and smaller meaning that as time goes on, passwords will no longer be the answer. We'll need to start looking into other ways to protect information.

In my case, I only need 5 passwords at my work. The network administrator password, my network password, the password for the EMR system (2 of them, one for front end and one for back end) and the password to my email.

I can remember those 5 easily and keep up with the changes. Should I ever forget any of those, I can use my key to the server room and open the locked cabinet with the logbook containing the administrator passwords for all of our systems and re-assign myself a new one.

This is very safe since the only people who can get into the server room is the IT Department and Security. And the cabinet itself can only be opened by the IT staff.

I'm in the accounting department. I have a lot of passwords to keep track off. The bank, each of the four different credit card providers, both PayPal accounts, both credit card processor accounts, multiple email accounts, my system login, my computer login, and I have to know how to get to and use the passkey for use with the bank when making wire transfers.

That's over a dozen passwords right there before you even start into my other duties.

^-.-^