flat assembler
Message board for the users of flat assembler.

Index > Heap > Bad FASM Admins

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
Azh321



Joined: 27 Jan 2005
Posts: 12
Azh321
I was told someone gave a guy known as "Donut" my password...just wanted to let everyone know admins give out peoples passwords here Smile too bad its my old pw
Post 05 Jul 2005, 18:00
View user's profile Send private message AIM Address Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7724
Location: Kraków, Poland
Tomasz Grysztar
The passwords for users on this message board are stored as MD5 checksums in the database, so I cannot know any of them. I can only reset the password, but you'd noticed if something like that happened. Thus, since I cannot know your password, I cannot give it to anyone. Someone who told you such thing must be cheating for some reason, and if someone really has got your password, he must have acquired it some other way (sniffing?).
Post 05 Jul 2005, 18:40
View user's profile Send private message Visit poster's website Reply with quote
Azh321



Joined: 27 Jan 2005
Posts: 12
Azh321
I can quote the post he made if you like. Yes, I know its a md5 hash, the password is all numbers and wouldnt be hard to crack.
Post 05 Jul 2005, 18:54
View user's profile Send private message AIM Address Reply with quote
Azh321



Joined: 27 Jan 2005
Posts: 12
Azh321
"Well I know an admin from flatassembler (what can I say, i have friends in high places), my reign extends far beyond azh's little world.

The guy gladly supplied me with one his passwords, I told him id make life hell for him (as he did backstab me), but I figured id leave him off as i was in the wrong. Anyway his password is XXXXX."

I modified the pw to a few X's Smile


I know you wont admit it, I just posted this to make you guys mad and for everyone else to know
Post 05 Jul 2005, 18:56
View user's profile Send private message AIM Address Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7724
Location: Kraków, Poland
Tomasz Grysztar
Azh321 wrote:
Yes, I know its a md5 hash, the password is all numbers and wouldnt be hard to crack.

Are you sure? Well it's hard enough that I'm not able to do this.
Post 05 Jul 2005, 20:22
View user's profile Send private message Visit poster's website Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
If you won't supply any proof or names then you are obviously talking out of your butt. If someone was giving out passwords and you knew about it, but yet you won't report who it is? It's assinine.

In any case this is a free to register forum you can make another name in oh say 2minutes.
Post 05 Jul 2005, 20:27
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
Azh321



Joined: 27 Jan 2005
Posts: 12
Azh321
Wow, your not friendly. I posted the POST that the guy known as Donut made, did he mention which admin gave him the pw? No. Then how would I know who the admin was bud?
Post 05 Jul 2005, 20:38
View user's profile Send private message AIM Address Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7724
Location: Kraków, Poland
Tomasz Grysztar
There are no multiple admins there.
Post 05 Jul 2005, 20:50
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
It might be very well possible to find a matching md5sum if you use rainbow tables, but I doubt Tomasz would be doing that... what would the point be, anyway?
Post 05 Jul 2005, 21:46
View user's profile Send private message Visit poster's website Reply with quote
smiddy



Joined: 31 Oct 2004
Posts: 559
smiddy
Azh231, I think you're full of it! You have no idea what the heck you're talking about. Mr. Grysztar runs the best damn forum of a product bar none. He has nothing to gain from wittling your password. Your friend has got your number I suspect...pulling your chain as far as he can to see you snap.
Post 06 Jul 2005, 04:51
View user's profile Send private message Reply with quote
vbVeryBeginner



Joined: 15 Aug 2004
Posts: 884
Location: \\world\asia\malaysia
vbVeryBeginner
u need to take back what u had claimed -> "Bad FASM Admins "
Post 06 Jul 2005, 05:25
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
think through whom are you connected (ISP / proxy), who is standing behind you when you are typing password (and how quickly you can type it), and what is meaning of number you used, someone may know you good enough to quess it.
Post 06 Jul 2005, 11:06
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
vbVeryBeginner



Joined: 15 Aug 2004
Posts: 884
Location: \\world\asia\malaysia
vbVeryBeginner
although i am not admin, but i really don't like people to call the person "whom imho, really knowledgable" a bad admin.

u should really investigate this matter first before accusing someone "bad". check ur pc, maybe it got hidden trojan horse
Post 06 Jul 2005, 13:15
View user's profile Send private message Visit poster's website Reply with quote
THEWizardGenius



Joined: 14 Jan 2005
Posts: 382
Location: California, USA
THEWizardGenius
Well someone is a liar and it definitely isn't Tomasz Grysztar. Am I wrong that MD5 is only a checksum? So, it would take a very intelligent person a lot of time to figure it out, even if they did have access to the MD5 sum. And why would Tomasz Grysztar even bother? Your password is useless, unless you use the same password elsewhere- which would be stupid, and therefore you should use a different password. There are far easier ways to figure someones password out, if you have access to their computer or if you were watching them or if you know something about them. And I doubt admin can do this
and I doubt that he would.

Remember: choose a good random password, at least 6 characters long (I use 12-character passwords if it's really important, but here I use a much shorter password), with random letters, numbers, and symbols. It might be hard to remember, but if you write it down and use it often, you'll memorize it eventually.

Most of my passwords look something like this: >4lDk?4~reN@.
They are virtually impossible to guess, or memorize merely by watching me type, and they are long. I change my password every so often and memorize the new one, and I have a secure password. My system is not foolproof: a keystroke logger could get my password. But the FASM board password isn't very important, and I never use the same password anywhere else.
So do choose a good password, but don't worry if someone does get it- but be careful, as you might use other passwords that are important on the same computer, and if there's a keystroke logger... do a virus scan to make sure there isn't! Razz

But please, don't insult admin or anything. He wouldn't do that sort of thing, he's the kind of admin that everyone should have!

_________________
FASM Rules!
OS Dev is fun!
Pepsi tastes nasty!
Some ants toot!
It's over!
Post 06 Jul 2005, 22:46
View user's profile Send private message AIM Address Reply with quote
ShortCoder



Joined: 07 May 2004
Posts: 105
ShortCoder
I haven't logged in to post in a while but the thought crossed my mind to browse this board again. I normally don't post unless I have something (I think) important to add to the conversation.

Why would an admin of a board have interest in obtaining a user's password? Is it so that he could have more privileges on the board? No? He's already the board admin so he can already restructure the board however he wants/etc...

Is it so that he can post under your name on the board? Well, why would he want to do that? You hold no special position and I hardly see any motive there.

Unless the previous poster was right about you using the same password for everything (or at least for many things), there is no practical benefit for someone to steal and use your password. In fact, if they had, I'd guess you could simply have emailed Tomasz Grysztar from the same email account you used when you signed up here, explained the situation, and been on your merry way with that old account password eliminated and a sensible default for you to sign in with and change or, barring that, the previous account deleted and your being allowed to make a new account with the same name as the old one.

Besides, why would a man generous enough to make a great software program free for all to use and who set up a board for discussions related to this program and related topics do something like steal a password of a member who signed on to his board?

BTW, in the topic of passwords, I do agree with THEWizardGenius that a longer password and one with more randomness to it is the way to go, although I'd say to use an 8 character password at minimum. I have used passwords that were over 20 characters long before, with a randomness in each character. Yes, I have memorized such passwords, but I don't often make such long ones--only for certain occasions (software accepts passwords of great length, high priority for me not to have data stolen, etc...)

A good way to make a password is to type a random character, then another, and another, using shift occasionally or maybe not at all. It is important not to continuously use characters which are very far apart or ones which are too close together. Mix it up. Add in some High ASCII if you want (if your software asking for the password accepts it). In addition, you should occasionally use passwords with the characters close together or with them all far apart, despite what I said earlier. The important thing is to get a good "random". Heck, put tiles on the floor and drop water from above, deciding your password based on which tiles get wet, or base it on cloud formations. Just use something random.

_________________
Boycott Symantec/Norton/PowerQuest whenever possible
Post 07 Jul 2005, 01:38
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Quote:

Am I wrong that MD5 is only a checksum?

Well, in a way - it's a cryptographic hash, not a checksum Smile (it's a one-way function from which it is hard to say much about the source data).

Quote:

Why would an admin of a board have interest in obtaining a user's password? Is it so that he could have more privileges on the board?

He wouldn't even have to do that - as admin, he has access to the SQL database and can do whatever he wants Smile
Post 07 Jul 2005, 01:56
View user's profile Send private message Visit poster's website Reply with quote
THEWizardGenius



Joined: 14 Jan 2005
Posts: 382
Location: California, USA
THEWizardGenius
I was using checksum loosely- a number generated by a function used on a string; this number does not divulge any of the content of the string.

There are so many reasons admins WOULDN'T do that sort of thing that it's stupid to say that he did.
And thanks for the advice ShortCoder. My passwords are generally between 7 and 14 characters, depending on how important the website for which the password exists is, and occasionally even longer. I do recommend writing longer passwords down unless you are positive you can memorize them, but usually after a couple days to a week of use, you can destroy whatever you wrote them on. Do NOT store electronically; keep on a tiny scrap of paper and keep that with you whenever possible.
And memorize the password within a couple days so you can destroy it. I usually memorize my 12-character passwords in one day easily, but some people might not have memories that good.

Some other pointers to use when choosing a password:
-Do NOT write the password down in an obvious location (like your desk) and never store it electronically (especially if other people use your computer!)
-Never use a word for your password; the most often used password is, not surprisingly, "password". Be as random as possible, using lettrs, numbers, and symbols.
-Similarly, don't use information about yourself in your password. For example, if you are a male in California, do not use a password that reflects this, such as "m/cali". Any information such as age, sex, birthday, etc., should not be in passwords. And don't use something secret, such as your Social Security Number, for the opposite reason- if someone discovered your password, they would then know your Social Security Number!
-Once again, never use the same password elsewhere. If someone discovered it in one place, they would know what it is everywhere else too!
Use passwords of varying length and content: RANDOM. And depending on how important the password is, you can make it longer or shorter.
-High "ASCII" (above 128) is nice, but it can be hard to type. Also, if you have a laptop like I do, you have to press ALT-FN-somekey, which is rather difficult to do with one hand. If using high "ASCII" characters works, do it! That makes each character above 128 harder to guess, or impossible if a cracker uses a system which only checks characters 0-127.
So if you can, do use these. Also use any other non-common characters you can, such as the characters 0-31 (some may not work as they may be used as control characters on some or all sites. Some function as backspace, return, delete, etc. in your browser textbox, so those won't work anyways) or the character 127.


Last edited by THEWizardGenius on 07 Jul 2005, 02:37; edited 1 time in total
Post 07 Jul 2005, 02:34
View user's profile Send private message AIM Address Reply with quote
THEWizardGenius



Joined: 14 Jan 2005
Posts: 382
Location: California, USA
THEWizardGenius
BTW, I think some people are confusing "Administrator" with "Moderator". There is only one Admin, which is Tomasz Grysztar. I am only guessing, but a Moderator does not have any admin powers. They basically have the power to move a topic to a different forum, close a topic, or delete a posting completely. They might be able to delete a user, but I doubt it. AFAIK Only Privalov can access the MD5 hash, and no one here believes even for a moment that he would do that. So there. Very Happy
Post 07 Jul 2005, 02:37
View user's profile Send private message AIM Address Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
This thread should be deleted, it's just taking up space with it's uselessness.
Post 07 Jul 2005, 04:35
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
r22 wrote:
This thread should be deleted, it's just taking up space with it's uselessness.

Not really, it's nice to allow these posts out in the open - otherwise people would start complaining about secretive fascist admins/moderators... and I doubt that the amount of space used in the database by this thread is overwhelming.
Post 07 Jul 2005, 05:36
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.