Jump to content

Another Dreamworld FAIL !


Recommended Posts

Is this an admission of guilt?

It's part of my job to make sure my employer's network is adequately protected against this sort of thing, trust me, this mistake is from a curious individual looking at a post-it note with the password on it, it almost always is.
Link to comment
Share on other sites

So you've immediately ruled out disgruntled employee? Facebook attack? PR Stunt? Someone signing in from their home computer and having a keylogger on their pc? Sure it's possible that it was just a simple stuff up, but this was likely done by some kid who wanted to hurt their rep, how many dumbass kids would have access to the offices they run it from?

Link to comment
Share on other sites

this was likely done by some kid who wanted to hurt their rep

I love that, the whole point of your post was to point out that Im only assuming, and you're right, it's no more than an educated guess, and I never said that it is not a disgruntled employee. And then you end it with an assumption on not only what kind of person did it, but why they did it. A joke, an attempt to get themselves in cheap, it doesn't matter why they did it, the fact is is that almost every single Facebook breach, and almost every password leak is due to lack of safety outside the computer in the desks that hundreds of people have access to. If you have spare time be enlightened: http://www.youtube.com/watch?v=4-qnYaw7VGo I see this sort of thing in offices all over Brisbane that I've worked in, it's not a rare thing. Edited by BemaniAK
Link to comment
Share on other sites

Just so you know there is actually programs madeto get around facebooks security. I know they work for a fact because I have had it happen to me and the person even showed me the program which was used to hack my account

Given the information that BemaniAK has already imparted in this thread about his occupation and his speciality in internet security,has it not occured to you that just maybe he has heard or is intimately familiar with programs like these?? Just asking............ Then again if you did, you may be forced to admit to yourself that MAYBE he has a lot more knowledge in this area than you do.............Just saying.
Link to comment
Share on other sites

56 800 235 584 is what it reaches when you add numbers to the mix,

Just did a calculation and that would only take only 65 days at max. Not several years. That is a highly possible number if the person is determined to get into the account and as I said before there are programs which can get you behind Facebooks security, so there is no need for prolonged periods of time where the system has to wait for the system to restart. This process can also be speed up by adding more then one processor to perform the task.

You could also you a dictionary attack. This is similar to Brute-force attack except it uses words not random letters. This allows you to limit the words that the program cycles through. Although this method is not a successful as it can only use the word in its dictionary, so any passwords with odd spelling or numbers mixed in will not work.

Also I happen to know some businesses do actually use words related to the company for passwords. I have known a few and they were quite obvious but they were so obvious that no one would even think to use it as they would of though it was too obvious plus the business was not likely to be hacked, although surprisingly this password actually worked.

Link to comment
Share on other sites

Just did a calculation and that would only take only 65 days at max. Not several years.

Plainly untrue, care to explain your calculation? Dictionary Attacks are worthless for the very reason you explained yourself.

Also I happen to know some businesses do actually use words related to the company for passwords.

Name them, your High School will probably be the only one. EDIT: To clarify, there is NO software that can get around the timed lockouts on Facebook as they are all server-side. Edited by BemaniAK
Link to comment
Share on other sites

Let's say that a program attempts 50 passwords a second (which is a legitimate amount for a program), then that would still take just over 36 years. Facebook will lock you out after so many attempts also. Let's face it though, this is a theme park forum, not a hacking forum. I don't think Dreamworld was 'hacked', I think it was just one of those 'OMG YOU STAYED LOGGED ON SO I 'HACKED' YOU' moments where someone, who was unfamiliar with the Facebook UI just decided to press a button. The offer did say that it came from Dreamworld's page, after all.

Link to comment
Share on other sites

Let's say that a program attempts 50 passwords a second (which is a legitimate amount for a program)

It is not, every single attempt must be attempted manually by the program on the actual website. This means sending a login request to the Facebook server with the attempted password, and waiting for a response, because of this, ONE attempt per second would be impressive, and every 5 attempts or whatever the limit is, Facebook locks you out for 10-15 minutes or so. Edited by BemaniAK
Link to comment
Share on other sites

Plainly untrue, care to explain your calculation? Dictionary Attacks are worthless for the very reason you explained yourself. Name them, your High School will probably be the only one. EDIT: To clarify, there is NO software that can get around the timed lockouts on Facebook as they are all server-side.

You should know there are programs that can bypass server-side security. No matter what any company does someone will always be able to find a way around a security system. The only way to keep a head of hackers is to constantly update the security software so hackers can not get around it as it takes longer for them to discover a way to get around the system then it can take for the company to implement new security systems (this is what military and major corporations do). Facebook does not have the best system out there and were actually hacked into last year. Facebook hasn't stepped up its security that much and yes there are programs which actually can get past facebooks security, it basically finds a back door. Also what would be the use of naming companies that you have most likely never heard of and no I don't know my schools password nor would I care what it is.
Link to comment
Share on other sites

You should know there are programs that can bypass server-side security.

No, there is not, the only way to bypass server-side security is to breach their entire network manually and modify their server's instructions over a VNC interface, which in itself requires admin access, which requires, guess what? A PASSWORD. You don't get it yet, do you? You are a student arguing against someone who's been in the industry for more than a decade, I know this stuff, you don't.

Also what would be the use of naming companies that you have most likely never heard of and no I don't know my schools password nor would I care what it is.

Ok so you don't have any companies to name? Oh right, you know that you'd just be listing off a bunch of random businesses and there's every good chance that I've done work for them in the past. Go ahead, give me a list, I can not only debunk those that I have worked for in the past but I can very easily find out whether or not you're lying through your teeth
Link to comment
Share on other sites

So someone who lives in queensland will have worked for a small business in a small area in between sydney and newcastle. Also i hate it when people say thing like i spent 10 years in the business i sure know mote then you and people who go he is still in school he doesnt know much else. Plus i will not be arguing with you any more. You havent made one post here without looking down on someone else.

Link to comment
Share on other sites

sydney and newcastle

I lived in Newcastle for 8 months in 2003. Until you name businesses that I can't verify don't use company related passwords you're still a lying kid. I'm going to blow your mind for a second here, when you spend 2 years studying IT, you learn things. When you spend 10 years in the IT field, you learn things, you find out that notions you had when you were younger were wrong. When you spend hours and hours looking for holes in business security, fixing holes in business security, recovering businesses from breaches, YOU LEARN THINGS. 1. You cannot manipulate server-side security without admin access 2. It takes decades to bruteforce a password 3. The most common form of account and security breaching is due to negligence outside of the PC environment These are hard facts and you're a fool to try and dispute them without any formal IT education or experience of your own, all you go on are your high school rumors and heresay.

i sure know mote than you

You keep showing me you dont. Edited by BemaniAK
Link to comment
Share on other sites

So you're all wrong - it had nothing to do with Dreamworld's password being compromised... or any other page for that matter. A simple glitch in FACEBOOK itself led to the issue. After the news broke and people were going nuts, i tracked the offer down to see what it was all about. Because I 'took the offer', facebook followed up with a nice little email - attached below:

post-152-0-76439300-1342239089_thumb.png

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.