The online racing simulator
Hacked FB acount
1
(43 posts, started )
Hacked FB acount
So, I've got hacked today, and whoever it did (I have a suspect but I'm not sure) wrote a status which I didn't like, so I've got a question:

Is it possible to find out from where, or who hacked my account using any IP tracker or anything similar?
The location is an option, so not every status has one, and even if it does, it always says "near Zagreb, Croatia", which is 120km from the town I live in...
I think you can set a security option called "approval of the login" or something, where it sends a security code to your mobile phone whenever you login from an unknown device (another computer). It should be in options - security: https://www.facebook.com/settings?tab=security
You can trace their IP and get their phone number, address, name and social security number so you go and kill them.

You can also get their bank account number, sort code and if you talk to the ISP you can get them disconnected from the internet for up to 10 years.

Alternatively pick a better password and accept getting Facebook raped is funny.
First of all, get a life...
Second of all, my password didn't contain any "basic" info (names, adresses, phone numbers, or anything similar, but it was a word which had sense followed by 3 numbers)...
Quote from matijapkc :...it was a word which had sense followed by 3 numbers

There you go, it's actually very possible to guess these, password like "moonpie774" is pretty vulnerable against dictionary attack. Even "zzzz" is safer in this respect as trying all combinations from "aaaa" to "zzzz" requires 456 976 attempts whereas "moonpie0" to "moonpie9999" needs only 11110 attempts.
Quote from matijapkc :First of all, get a life...

I answered your queries.

Quote :Second of all, my password didn't contain any "basic" info (names, adresses, phone numbers, or anything similar, but it was a word which had sense followed by 3 numbers)...

See MadCatX's post. The very fact you say "oh it's a word which makes sense followed by 3 numbers" shows poor security and means that it's probably quite easy to actually get your password...friend watching over your shoulder. I am into IT Security (I'm not a master but have a good understanding of these kind of "hacks) and a dictionary word followed by 3 numbers is very easy to crack, a matter of hours for a good home PC with cracking software.

I suggest you watch this.

http://www.youtube.com/watch?v=VYzguTdOmmU
#9 - Juzaa
Quote from MadCatX :There you go, it's actually very possible to guess these, password like "moonpie774" is pretty vulnerable against dictionary attack. Even "zzzz" is safer in this respect as trying all combinations from "aaaa" to "zzzz" requires 456 976 attempts whereas "moonpie0" to "moonpie9999" needs only 11110 attempts.

Are you out of your mind? words not safe enough? Oxford dictionary contains over 200,000 words. Add some digits behind that and the chances (if the password is known to be a word) are one in 999 x 200,000 if you have 3 digits behind and the guesser will go through them randomly knowing there's at most 3 digits. The number of possibilities is near 200,000,000. Maybe you have some capital letters too. A few in a seemingly random order. That will make it impossible to guess your password even with few million tries (facebook has a protection so you can't even try those few million times).

In real life that ''hacker'' won't even know you way of creating the password (whether you have words, in which language, digits in front of the word, after the word or in the middle, etc.) so if you are on a site that has ''human identification'' it's impossible for anyone to guess your password unless you reveal parts of it somewhere or to someone or are using some stupid password like ''password'' or ''lol''

And Drift: LEt's assume the server replies to your ''software'' once a second. With only 200,000,000 possibilities it would still take 200,000,000/3600 hours to go through them all which is 55,555.555 hours. That is approximately 2315 days. Even if the software could get answers 100 times a second it would still take 23 days. Of course he won't need to go through all those but without getting lucky sacrificing a computer to hack someone's account 24/7 for even a week is something no one would do. HAckers usually just go through the most used passwords with everyone and to be honest they have much better chances at that than going at random to your account and wasting weeks, months, possibly years (if you have a good password) of figuring your password.
Quote from Juzaa :Are you out of your mind? words not safe enough? Oxford dictionary contains over 200,000 words. Add some digits behind that and the chances (if the password is known to be a word) are one in 999 x 200,000 if you have 3 digits behind and the guesser will go through them randomly knowing there's at most 3 digits. The number of possibilities is near 200,000,000. Maybe you have some capital letters too. A few in a seemingly random order. That will make it impossible to guess your password even with few million tries (facebook has a protection so you can't even try those few million times).

In real life that ''hacker'' won't even know you way of creating the password (whether you have words, in which language, digits in front of the word, after the word or in the middle, etc.) so if you are on a site that has ''human identification'' it's impossible for anyone to guess your password unless you reveal parts of it somewhere or to someone or are using some stupid password like ''password'' or ''lol''

Actually, I don't think I am. 200 000 * 11110 + some randomization like first letter in caps gives about 4.4 E9 combinations. Even if you could try only 1000 passwords per second, it'd take just 51 days to crack it. A 9 chars long password containing randomly ordered letters, numbers and special chars leads to about 5.2 E16 combinations. At 1000 p/s it would take over 1.6 million years to get this one.

Also it's not like a hacker would try to type passwords into FB login page. He'd rather sniff the communication to get the hashed password and try to get to the password by calculating an appropriate hash for all possible passwords and comparing it to the sniffed hash.
Quote from MadCatX :Actually, I don't think I am. 200 000 * 11110 + some randomization like first letter in caps gives about 4.4 E9 combinations. Even if you could try only 1000 passwords per second, it'd take just 51 days to crack it. A 9 chars long password containing randomly ordered letters, numbers and special chars leads to about 5.2 E16 combinations. At 1000 p/s it would take over 1.6 million years to get this one.

Also it's not like a hacker would try to type passwords into FB login page. He'd rather sniff the communication to get the hashed password and try to get to the password by calculating an appropriate hash for all possible passwords and comparing it to the sniffed hash.

I'm not arguing that words with some mixed digits and capital letters and are better. They are however sufficient to most internet accounts like facebook. Even if you look at the hash you have so many different options that you'd have facebook send you ''have you forgotten your password'' mails for few weeks. Maybe then you'd change your password.

Words and combinations of words are fine as long as you don't have any government secrets someone would want to snatch. The odds of someone trying to hack your account seriously and that he'll succeed in it before you notice are extremely small. Besides using random letters etc has the problem that if you have several you can't possibly remember them and cause you to write them down somewhere which will cause your friends or family finding out your password and using it, so much more likely.
I agree smaller words etc are fine for non-important sites but don't use a crappy password then complain when someone "hacks" you.

ps he probably wasn't hacked, his friend either saw him type in the password/guessed it or he logged in with the "oh please remember me" (if facebook has that, I don't use it so hey).
Quote from S14 DRIFT :... or he logged in with the "oh please remember me" (if facebook has that, I don't use it so hey).

Facebook does have "remember my login" feature. Also, the site allows multiple logins so that shouldnt be the problem here imo.
Is it checked by default? Could have logged in at a friends house or at school/work or something.

If someone I know has left facebook logged in I will post a message saying how they are gay or how they have a crush on "first girl i see in their contact list".

it's very fun.
Quote from S14 DRIFT :Is it checked by default?

Nay.

I dont think that's the case. Must be a friend who maybe took a wild guess or matijapkc himself told it while under influence of vodka.
Quote from RiseAgainstMe! :good luck remembering your passwords though

Who said I remember them? I keep notes of them (all passwords actually) and if I don't know it / lost it, I've memorized the password reset routine. :3
Great. So you protect your secret by writing it down on paper.
Quote from RiseAgainstMe! :good luck remembering your passwords though

I use a password generator too and I keep a seperate file on atleast three(one internal, two external) drives, incase any of the three should fail.

Ofcourse this means that I can't log onto FB in say a school, but I'm not that addicted to it.
Quote from S14 DRIFT :Great. So you protect your secret by writing it down on paper.

well, even the best haxx0r in the world can't get access to a post-it note.
I use a safe password for my bank accounts, e-mails and just an easy to remember word for facebook, forums, etc. Even if someone was sad enough to "hack" (btw it's way more likely that you left fb logged in on some computer) my fb then who cares tbh. I could always get a new password sent to my e-mail and laugh off whatever "damage" the "hacker" did.
No Facebook - no worries
Quote from S14 DRIFT :ps he probably wasn't hacked, his friend either saw him type in the password/guessed it or he logged in with the "oh please remember me" (if facebook has that, I don't use it so hey).

Quote from S14 DRIFT :Is it checked by default? Could have logged in at a friends house or at school/work or something.

Your guessing powers seem to be very weak and incorrect... I have my pass remembered on my phone, so I wasn't typing it, and noone had a hold of my phone so I'd exclude this possibility. Also, I never used anyone's PC or phone to sign in to FB, except the school one, but I didn't check the "remember login" thing, and I deleted the complete history (including saved password, cookies and all) after the login... E: I mean, when I logged out...
1

Hacked FB acount
(43 posts, started )
FGED GREDG RDFGDR GSFDG