Quote:
Originally Posted by **********
Interesting post, but it sounds more like a sales pitch. Using Brute force to crack a 9 character username + 9 character password is inefficient, and a very simple - too simple actually - way to code a hack program.
A much smarter way to do it would be to first assess the users if possible to determine where most are from (say, North America). Most people use real words, real names, pet names, etc. A smarter hack would be to use the commonly used words from the North American dictionary, or most commonly used names (and pet names). Most people add "69" to the end of the name where numbers + letters are required, so a smarter program would have to take that into consideration.
With a little bit of smart coding, it would take much less time to gain access to a server then the way it is described in your post.
|
If we let people choose stupid passwords, they would do so, yes. Why assume that we're stupid and do that? Anyway, that was sent in regards to a query about brute force specifically. Yes, other hacks exist, especially if you run Plesk, so visitors are permitted to upload their own scripts. That's not the topic of the email.