[AccessD] Tonya.Miller

Darryl Collins darryl at whittleconsulting.com.au
Sun Jan 22 23:05:05 CST 2012 

Actually, I think it does have a lot to do about password use.  Using the SAME password and email combo with external sites is where the weakness lies - regardless of how "strong" the password is.  

For example if you are using the same email account and password for both your email password login. (ie Myemail at yahoo.com.au with the password "Frogger") as being a registered user of the "OneEyedNews" comments section (so using "Myemail at yahoo.com.au"  and "Frogger" password on the "OneEyedNews" site is the risk.  A lot of folks do this as it is easier to recall just one password related your email account.

Here's why, Because if the hacker can get the password and email details from "OneEyedNews", the can then use that combination to attempt to login to your email account.  If the password is the same and they get access then you are at their mercy.  They can either use your account without your knowledge, or lock you out of your own account (Change your own password to "Frogger2") and use the "Forgot Password" link on any other website you can use - many of which the can find out from your saved emails etc.

In many cases clicking on the "Forget Password" link results in the site emailing you a new password or a link to reset your password the site.  Clearly if this is a bank then your money is at risk - this is what happened in his example.

So the warning is not to use you same email account and password combination.  The lesson is to use a basic and throwaway type password that is wildly different to the ones you use to access your email account you signed up with when signing up to any external sites.

Cheers
Darryl



-----Original Message-----
From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of William Benson
Sent: Monday, 23 January 2012 3:26 PM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] Tonya.Miller

DARRYL:  i feel main anecdote used by author was nonsequitor to his main
point: fact was, the user used the same email account for business and pleasure. The pleasure company had an easy to hack host system. That has nothing to do with the uses failure to use a strong password or even to change passwords.

I think it was not really very well written, took too long to make the point, and worse didn't even state the real issue.

Or maybe I had so much trouble getting past the author's uncle Remus style I nodded off.
 On Jan 22, 2012 9:46 PM, "Stuart McLachlan" <stuart at lexacorp.com.pg> wrote:

> And easy to guess passwords.
>
> You'd be amazed at the number of people who want to use either the 
> address part of their email or their domain name as the password.  
> Those are the first two that hackers try.
>
> After a couple of bad experiences, we insist that our users pick "hard 
> to guess' passwords.
> (actually we assign most of them ourselves using random 
> upper/lower/digit
> mixes)
>
> --
> Stuart
>
> On 23 Jan 2012 at 1:37, Darryl Collins wrote:
>
> > This is one likely path Bill:
> >
> > <<
> http://windowssecrets.com/top-story/the-thousand-dollar-penalty-for-re
> using-passwords/
> >>
> >
> > Cheers
> > Darryl.
> >
> > -----Original Message-----
> > From: accessd-bounces at databaseadvisors.com [mailto:
> accessd-bounces at databaseadvisors.com] On Behalf Of William Benson
> > Sent: Monday, 23 January 2012 12:06 PM
> > To: Access Developers discussion and problem solving
> > Subject: Re: [AccessD] Tonya.Miller
> >
> > I always wonder how these things happen.
> >
> >
> >
> > My brother's account was similarly "hijacked", as was another 
> > friend's
> just this very day.
> >
> >
> >
> > If my main account, mrbillbenson at nevermindwhere.com were hijacked, I
> would probably consider having a sex change (msbillbenson) just to 
> keep it something I would have a chance to remember.
> >
> >
> >
> > I swear this keeps me up at night.
> >
> >
> > On Sun, Jan 22, 2012 at 4:43 PM, Gary Kjos <garykjos at gmail.com> wrote:
> >
> > > We will disable the account's ACCESSD privledges ASAP.
> > >
> > > On Sun, Jan 22, 2012 at 12:31 PM, Michael Mattys 
> > > <michael at mattysconsulting.com> wrote:
> > > > This is Spam - looks like papparuff's Comcast account has been
> > > compromised.
> > > > Same thing happened to my brother who is on Comcast.
> > > >
> > > > Michael R Mattys
> > > > Mattys Consulting, LLC
> > > > www.mattysconsulting.com
> > > >
> > > > -----Original Message-----
> > > > From: accessd-bounces at databaseadvisors.com
> > > > [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of 
> > > > papparuff at comcast.net
> > > > Sent: Sunday, January 22, 2012 1:22 PM
> > > > To: accessd at databaseadvisors.com; alyssanjeanie at nocharge.com; 
> > > > rob_barnhart at hotmail.com; rob.barnhart at comcast.net; 
> > > > kdillon at staffpro.com
> > > ;
> > > > krsdillon at yahoo.com; rock759d at email.uophx.edu
> > > > Subject: [AccessD] Tonya.Miller
> > > >
> > > > Important!
> > > > http://itsmf.biz/stolko.php?jtorankpage=31
> > > >
> > > >
> > > >
> > > >            Sun, 22 Jan 2012 19:22:15 ______________ "Hooper, and 
> > > > they know more than you think; all that is needed to make
> > > this
> > > > job complete." (c) Shaline vychutnavam
> > > > --
> > > > AccessD mailing list
> > > > AccessD at databaseadvisors.com
> > > > http://databaseadvisors.com/mailman/listinfo/accessd
> > > > Website: http://www.databaseadvisors.com
> > > >
> > > > --
> > > > AccessD mailing list
> > > > AccessD at databaseadvisors.com
> > > > http://databaseadvisors.com/mailman/listinfo/accessd
> > > > Website: http://www.databaseadvisors.com
> > >
> > >
> > >
> > > --
> > > Gary Kjos
> > > garykjos at gmail.com
> > >
> > > --
> > > AccessD mailing list
> > > AccessD at databaseadvisors.com
> > > http://databaseadvisors.com/mailman/listinfo/accessd
> > > Website: http://www.databaseadvisors.com
> > >
> >
> >
> >
> > --
> > *Regards,*
> > **
> > **
> > *Bill Benson*
> > *VBACreations*
> > **
> >  PS:  You've gotten this e-mail *because you matter to me!*
> > --
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> >
> >
> >
> > --
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> >
>
> --
> Stuart McLachlan
>
> Ph:    +675 340 4392
> Mob: +675 7100 2028
> Web: http://www.lexacorp.com.pg
>
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>
--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list