Theblckshep says: Account might have been taken over!
Yes that is true, i tried to "saw" how strong passwords have bright users use, and after some attempts i break into another accounts of some high ranked users on BS. All of them are used weak password, so dear my friends, if you think that your password is weak (your usualy password wich you used on password protected sites-areas) please change it. Weak passwords are SUICIDE!

P.s. Thanks TheBlackSheep
Bye


_________
davs

The main reason for weak passwords "davs" told me is that people register at a new site they do not know with some easy to remember password.
After some time spending there freetime at this site, they still do not choose a stronger password.
One account "davs" took over had the username as the password.
That's why I think that the account hijacking is also the users fault.

You still here? not in prison yet?

That's the main thing you do when registering to a site when coming first time,no1 will run toward you and take your sleeve and tell you to use stronger pass...
But my thinking is that admins should've done this not user,or atleast user who is put here as security watcher.... or something like that...
Grivier

I know it's a long process, but what if you give them a strong password when they signup then send the strong password through mailbox, and they can change it later, this will maybe remind them to use a strong password?

i would really like to have randomly generated password. when i need to think of them, i dont want to think of anything difficult. but when i get auto-generated password, i always remember it and use it.
in many websites i use those generated passwords and it doesnt make any difficulty for me to remember them

if he took over account's he should be smacked around... Let's not be childish

if you research something and you believe you find a bad situation you report it.
there's no point in going "WOW" im so good i'll take over your account.

only if they do not respond, and the admins do not undertake action you are allowed to
disclose the information.

At least not if you want my respect.

rhican, i agree its not very good. but you also cant tell that its ABSOLUTELY^ABSOLUTELY_ABSOLUTELY bad. that guy has shown a real situation. and its good that he has declared it loud. what if some "bad guy" suddenly decides to look for passwords and to make a mess in TBS? that wouldnt be good. lets all change the passwords and live in peace

I agree with rhican,

This was not your job, nor responsibility. This was a security/admin persons job.

Though there is a very small part of me that says thank you (on behalf of the good people of TBS) to point out that

a) They don't have adequate b/f protection on accounts and
b) they allow too simple passwords.

Still, you get a !slap for doing it with NO authorisation. On the other hand, we should be grateful no real evil was done (AFAIK!).

bb

Hey, that is not admin problem, that is users problem! we make mistake when we registering. And also our problem is many of us use one, eventualy two password for all password protected areas and all time is the same password/s, i think that we must more often change our passwords, our job is to learn, and we learned a lot of things on TBS, one of them is how to break into password protected areas and we all know if we spend much time on some chall we success and we done it that chall.
that is the same for our password, if someone give all from yourself he will break into your password.......we must be faster from "attacker" and change the password on right time.....so?????????...........sometime, ask yourself, does any password could be safe,does your password safe??? we learned and i think, ANY PASS IS NOT SAFE!!

byez

____
davs