- This topic has 5 replies, 4 voices, and was last updated 20 years, 9 months ago by
.
-
Posts
-
Here are some tips on how to keep your screen name from getting stolen.
Make your password completely random like “iout89837u8a”.
Never save your password on the AIM sign on area because people can receive your password hash and still sign on your screen name and update the email with the hash.
Don’t open up random AIM program’s without hexing them and looking for password stealers in them.
Never tell anyone your password no matter how close they are to you.
Change your password every couple of weeks.
Make sure your screen name is on a REAL email of yours.smurf wrote:Make your password completely random like “iout89837u8a”.
Never save your password on the AIM sign on area because people can receive your password hash and still sign on your screen name and update the email with the hash.
Don’t open up random AIM program’s without hexing them and looking for password stealers in them.
Never tell anyone your password no matter how close they are to you.
Change your password every couple of weeks.
Make sure your screen name is on a REAL email of yours.some of those are good ideas for any password, but if you make your password completely random, what’s to keep you from forgetting it yourself? i have a few passwords that do mean something to me, but i still forget them anyway. if you do make it more secure, meaning a mixture of letters and digits, make it something somewhat meaningful so that you wont forget it instantly.as far as hexing programs, not many people know how to do that, or what they’re looking for even if they do know how to open them.
To remember your password I recommend saving it in a notepad file. That’s what I do with all my passwords. And if you want to know how to hex programs checking for password stealers go to http://www.deadlyprogramming.com/index.php?x=hexing that should show all details into checking a program if it is a password stealer. Hope this ends up helping a lot of people.
if you’re going to tell people to save their password(s) in a notepad file, how is that any more secure? now you just put the same information you’re trying to protect into an easy-to-access location like a .txt file. unless you somehow encrypt that file, you’re no better off now than you were before. you’re better off if you choose a password that would be fairly complex for someone to guess, but easy enough for you to remember without having to write it down in a text file.
I thought I would find something helpful as far as detecting a password stealer, but that site has a horrible, horrible suggestion of looking for “UPX” in the hex source. UPX is a way of compressing an exe so the filesize is smaller and has absolutely NOTHING to do with password stealers. The program I use to create my respatchers uses UPX to compress the exe and make the filesize smaller, but all it does is remove the ads from aimres.dll.
There are other ways of compressing an exe, which gives the reader a false sense of security. There is some good information for looking for a registry key, but some programs might need to run on a per-user basis, so that again misleads the user.
Labeling “UPX” as a general case for a program to likely be a password stealer puts mistrust in the programmer without reason. For instance, the programmer could choose to not compress the file using UPX, or could decompress it and send it along that way…or the programmer could’ve made a GREAT plugin, but wanted to cut the filesize down from 3megs to 1.5megs.
- You must be logged in to reply to this topic.