Jump to content
Why become a member? ×
Please Support Basschat

Nearly got scammed on here!!

RikiB

By RikiB,
in General Discussion

 Share

Recommended Posts

tauzero Grand Master

tauzero

Posted
Posted
31 minutes ago, jrixn1 said:

 

I agree.  I thought people were talking about recovering passwords from data i.e. when the hashed password file has been leaked.
If you don't have that file, then like you say, you can't brute force directly on the live site as it would take billions of years - and the site locks you out after three attempts anyway.
Perhaps a less worse method would be the other way round: pick a common password and then try it in combination with known usernames.
 

 

I had a bit of a dig around. Brute force attacks will depend on the method used to hash the password entries - https://en.wikipedia.org/wiki/Crypt_(C) has some information on that. Apparently bcrypt is better than SHA-based hashes as it takes longer to work out the hash.

 

This is worth looking at too: https://www.komando.com/security-privacy/check-your-password-strength/783192/

 

It has a chart of how long a brute force attack would take on a password. When Chrome generates a password for you, it's 15 characters, mixed numbers, upper-case, lower-case, and special characters, which according to that chart would take 15bn years to crack. If I'm making up my own password that I can leave myself clues to (rather than writing it down in plain text), it will be 9 or more characters from that same set, so would take three weeks or five years to crack.

  • Like 1
Link to comment
Share on other sites
BillyBass Veteran

BillyBass

Posted
Posted (edited)
3 hours ago, cheddatom said:

When I was a kid we got a hash of the school's network admin password and cracked it in just over 3 days with a computer running constantly at home. That would have been 1999 ish

So, let us know what mischief you got up to.  Photoshopping the headmaster's face onto a pornstar at work and emailing to around?

Edited by BillyBass
  • Haha 1
Link to comment
Share on other sites
RikiB Proficient

RikiB

Posted
  • Author
Posted
2 hours ago, lidl e said:

What was the scammer "selling"?

 

Anything good?

He was selling 

Fender Roadworn Jazz bass for £450

the add said it didn’t suit the gigs he was having or something.

Arkham DI for £275 I think

Mesa Boogie Subway 800+ £300

Line 6 HX stomp £200 (although was listed as Helix Stomp 😂)

 

All looked genuine and from a Basschat user.

 

 

  • Sad 1
Link to comment
Share on other sites
Kev Grand Master

Kev

Posted
Posted
2 minutes ago, RikiB said:

He was selling 

Fender Roadworn Jazz bass for £450

the add said it didn’t suit the gigs he was having or something.

Arkham DI for £275 I think

Mesa Boogie Subway 800+ £300

Line 6 HX stomp £200 (although was listed as Helix Stomp 😂)

 

All looked genuine and from a Basschat user.

 

 

To be honest the only one that stands out as being TOO cheap is the Mesa, mainly because I don't know anything about the Arkham and I swore I had a similar Jazz that didn't go for a huge amount more.  I think they would have scammed many more if he'd have gone the FB route instead, that's assuming they haven't...

Link to comment
Share on other sites
Woodinblack Grand Master

Woodinblack

Posted
Posted
26 minutes ago, RikiB said:

He was selling 

Fender Roadworn Jazz bass for £450

the add said it didn’t suit the gigs he was having or something.

Arkham DI for £275 I think

Mesa Boogie Subway 800+ £300

Line 6 HX stomp £200 (although was listed as Helix Stomp 😂)

 

All looked genuine and from a Basschat user.

 

They looked from a basschat user, but the prices didn't look very genuine!

Link to comment
Share on other sites
fretmeister Grand Master

fretmeister

Posted
Posted
4 hours ago, Reggaebass said:

I use facial recognition where possible and quicker than long passwords 

 

Unfortunately facial recognition hacking is already here.

 

https://www.technologyreview.com/2020/08/05/1006008/ai-face-recognition-hack-misidentifies-person/

 

https://www.wired.com/story/windows-hello-facial-recognition-bypass/

 

https://www.bbvaopenmind.com/en/technology/innovation/how-to-hack-a-face-from-facial-recognition-to-facial-recreation/

 

A friend of mine is a Professor of Computer Science at a well known UK university and he researches this stuff.

The main problem with any biometrics is that once it is hacked it is hacked forever. You cannot change your face, your eyes, your fingerprints, your DNA etc etc.

 

Two Factor systems are far more secure than any single factor system. Use 2FA for every place that offers it, and seriously think about not using anything that doesn't.

 

 

  • Like 1
Link to comment
Share on other sites
Reggaebass Grand Master

Reggaebass

Posted
Posted
33 minutes ago, fretmeister said:

Unfortunately facial recognition hacking is already here

Looks like they got to do quite a bit of work to get it, and I’m guessing it can’t be done remotely, but I get what you’re saying 👍, I do use 2FA or 3 where facial isn’t available 

Link to comment
Share on other sites
Woodinblack Grand Master

Woodinblack

Posted
Posted
42 minutes ago, fretmeister said:

The main problem with any biometrics is that once it is hacked it is hacked forever. You cannot change your face, your eyes, your fingerprints, your DNA etc etc.

 

Indeed you can't but you can change how you scan those things, or what element of those bits you use.

Link to comment
Share on other sites
chaypup Experienced

chaypup

Posted
Posted
2 hours ago, RikiB said:

He was selling 

Fender Roadworn Jazz bass for £450

the add said it didn’t suit the gigs he was having or something.

Arkham DI for £275 I think

Mesa Boogie Subway 800+ £300

Line 6 HX stomp £200 (although was listed as Helix Stomp 😂)

 

All looked genuine and from a Basschat user.

 

 

I've never heard of Arkham and I've never owned a Fender! I'm going to have to wait ages to sell my Stomp now though 😭 😉

Link to comment
Share on other sites
Tokalo Proficient

Tokalo

Posted
Posted
7 hours ago, cheddatom said:

When I was a kid we got a hash of the school's network admin password and cracked it in just over 3 days with a computer running constantly at home. That would have been 1999 ish


Ah, the good old days when you got a proper education at school!

 

(I'm only jealous - I left school the year they brought the first BBC PCs into a classroom).

Link to comment
Share on other sites
Downunderwonder Grand Master

Downunderwonder

Posted
Posted
13 hours ago, asingardenof said:

Assuming 56 alphabetic characters (all upper and lowercase letters), 10 numeric, and let's say 30 special as you suggest, that's 96 possible options per character entry. Assuming 10 characters, that gives us 96P10 or 4.093x10^19 possible combinations. Attempting them @ 1s would take something in the region of 12.8 trillion years. I'm guessing that computers might be able to do it slightly faster than this though...

 

13 hours ago, jrixn1 said:


https://en.wikipedia.org/wiki/Password_cracking
"the number of possible passwords per second which can be checked can be in the billions or trillions per second"
 

Taking both of you at face value we get down to 12.8 ÷ some round number less than 10 = some round number of years and change.

 

So when computers get some hundreds of times faster again we will be down to days, hours...or we could be there already if the Wiki is out of date by eighteen months.

Link to comment
Share on other sites
TimR Grand Master

TimR

Posted
Posted

The hacking isn't done by some character in his bedroom. It's done by organisations with server farms, and whole call centres full of staff dedicated to making scam calls and setting up fake Facebook profiles and pages. 

 

It's not one man with one computer trying one password after the other to see which one it is.

  • Like 2
Link to comment
Share on other sites
tegs07 Grand Master

tegs07

Posted
Posted
14 minutes ago, TimR said:

The hacking isn't done by some character in his bedroom. It's done by organisations with server farms, and whole call centres full of staff dedicated to making scam calls and setting up fake Facebook profiles and pages. 

 

It's not one man with one computer trying one password after the other to see which one it is.

There are plenty of one man band ‘script kiddies’ out there making a PITA of themselves with the low hanging fruit.

  • Like 2
Link to comment
Share on other sites
nekomatic Mentor

nekomatic

Posted
Posted

Sorry to hear that anyone has lost money and thanks for all the good advice. 
 

Not directly related to this scam but worth mentioning while security is on people’s minds, check that your phone doesn’t show the contents of incoming messages on the lock screen. There were reports in the news of a spate of thefts where people had phones and bank cards stolen from their locker while they were at the gym, then their bank accounts were cleaned out. The way this worked was the thief got the bank account details from the card and used them to set up the app for that bank on their own phone, which the bank verified by sending a code in a text message which the thief could see arriving on the locked phone. On iPhone you want to set Settings>Notifications>Show Previews to ‘When Unlocked, not ‘Always’. 

  • Like 3
Link to comment
Share on other sites
tegs07 Grand Master

tegs07

Posted
Posted
5 minutes ago, nekomatic said:

Sorry to hear that anyone has lost money and thanks for all the good advice. 
 

Not directly related to this scam but worth mentioning while security is on people’s minds, check that your phone doesn’t show the contents of incoming messages on the lock screen. There were reports in the news of a spate of thefts where people had phones and bank cards stolen from their locker while they were at the gym, then their bank accounts were cleaned out. The way this worked was the thief got the bank account details from the card and used them to set up the app for that bank on their own phone, which the bank verified by sending a code in a text message which the thief could see arriving on the locked phone. On iPhone you want to set Settings>Notifications>Show Previews to ‘When Unlocked, not ‘Always’. 

Personally I would never leave my phone in a locker at the gym. At the very least make sure that your phone is SIM locked.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...