Very strange behavor

[doppler]

Ground rules: win10, Firefox ( Ublock origin, others of no consequence )
This very well maybe related to the DDos occurring.

I could not review new chapters. All I got was the frame work. None of the actual jpg, png's.
AKA: blank slate for reading. I could not log out. I could not set new stuff for reading status.

On another machine with only Firefox no addon's. I was able to read normally as a guest. Using
the same system. I was not able to logon. Valid username and password was used.

Back to my primary system. I cleared out all crap with CCleaner, kept the Mangadex cookie.
Doing that things appear to be normal again. Not sure why ???

Now the afraid part: If I log out on my primary box. I may not be able to login again. In reference
to my problem with login on the other system.

I won't totally be cut out. My at work system has a cookie that is logged in.
Any Ideas what happened or chalk it up to DDos ?

 

[Plykiya]

@doppler Clear cache

 

[doppler]

Done by CCleaner.

But still does not explain the difficulties on the other system to logon. I am still
a little freaked out. And the DDos does not help one bit either.

I have to keep an eye on this one.
All the DDos people are butt hurt over something.

Just like the DDos against Horriblesubs it didn't matter one iota. It still works.

 

[Plykiya]

@doppler DDoS not responsible
Cookies used to be the most common bug source on MangaDex, now it's cache for whatever reason. We thought it was people blocking JavaScript, but it seems like it's another mysterious issue that we know the solution to but not the reason why

 

[doppler]

@Plykiya
I figured out why my other system login failed. In the many passwords I keep, some a variation on one theme.
I used the wrong one. I will test it at work to be sure. I do have a password vault program which I referred back
too. It wasn't the one I tried to use.

Bad cache content seems to be a running thing with windows machines. What good is a cache if the contents do
match every time to current required content. Even DNS caching is problematic. But it's more related to large
distributed systems like Akami.net and such. (yahoo.com). Not sure what system google setup, I have heard they
got the same problem too.

Thanks for the help.

 

[DANDAN_THE_DANDAN]

@doppler Probably shouldn't have said that about your password cause if you have a stalker, they'll know that all they need to do is obtain one of your accounts' password and then they're able to brute-force their way through everything else.

 

[doppler]

@DANDAN_THE_DANDAN
My passwords are at least 8 digit long. O.k. If they found out one (good luck there). They might figure out 3 of the 8 digits. On pay accounts my pass is not less than 15 digits. None are the variation type either. I keep a password safe program to store it all. And that password is 25 digits long.

Wanna guess by brute hashing how long it takes for a 12 digit random password against 12 "z" 's.
No difference at all same time required.

 

[gormadoc]

@Zephyrus I've seen you remove another guy's personal info when he unwisely posted it; could you scrub @doppler's post?

@doppler the problem isn't that they'll de novo crack your password but that one of the services (though likely more) you use will have a breach. If you've got anybody who hates you or just simply thinks they can use other accounts to gain access to your more important ones they'll watch for that. It's great that you don't use this strategy for stuff with money access but you don't really want any of your accounts getting hacked.

 

[doppler]

@gormadoc

Login's used by websites don't store clear text passwords in files. They are hashed tables. If they are stored in clear text they are idiots. Hackers still want the hash tables to find user passwords because of all the user idiots who use "123456" "qwerty" as passwords.
I mention nothing about the password. The post can remain. Nothing divulged.

 

[DANDAN_THE_DANDAN]

@doppler No, seriously. You just told the world that most of your passwords is at least 8 digits long. Now potential hackers know not to guess 7 and under. If I was a hacker, I would Google any way that I could think of to see your Twitter, Facebook, YouTube, Google, and every other account you could potentially have, then think of names, birthdays, etc that could fit 8 digits. If I can't, I would have a computer to brute-force every info I got from stalking you within 8 digits. If it can't do that, 9 and so on.

Then if I got it, I only need to brute-force a few more digits to find the rest of your accounts. Seriously, you should be careful of even the slightest bit of personal information that you reveal.

 

[doppler]

@DANDAN_THE_DANDAN

A little arithmetic there are 128 usable password characters in basic windows that's 128^8=72,057,594,037,927,936 combinations. That's over 72,057 trillion combo's. I said at least 8. What does 9, 10 and 11 look like ?

128^09=9,223,372,036,854,775,808
128^10=1.1805916207174113e+21
128^11=1.5111572745182865e+23

Sorry but exponential kicked in it got that big. My paying password is over 12. How far over 12, I won't say. I will be long dead before anybody will crack my passwords, unless quantum computing becomes a real thing with AI. Remember I said "128 usable password characters in basic windows". That's not entirely true. In the website world it's true, but in reality it's 256 basic characters. Short math for factor 8 is 18,446,744,073,709,551,616 combo's.

This is just the math for basic English characters. AKA: The ASCII table. The ASCII table is only 256 characters. Windows has over 7 different ASCII tables. For starters. The ISO standards committee came into play and set up a bunch of new ASCII tables.

Put simply, in all of today's computers text is stored as a two digit representation. The letter A is stored as 0041, letter B is 0042. The first digit 00 is the table code, the second digit is position in the ISO table. By using different tables scientific and languages can be represented. This long story shorter, if ISO characters are used in the password the number becomes unfathomable.

Parting shot: Wanna guess how many different ways a normal deck of 52 cards can be shuffled ? The equation is : 1*2*3*4*5*6*7*8.....*52 I forget the math term for this, but the result is BEYOND COMPREHENSION. It can be calculated, nobody beyond a math major even comes close to guessing the right answer.

In the case where I use a shorter password. If you could figure it out. The only thing you could do is pretend to be me. And trash talk forums like Mangadex. BTW, that's still not a clue about Mangadex.
P.S.
Anybody who uses the same password for "Twitter, Facebook, YouTube, Google, and every other account you could potentially have" deserves the result.

Forgot to mention: Passwords are stored as Hash'es. it takes time to create and verify that hash. So each new tested password is a wash, rinse and repeat cycle..

 

[doppler]

For others reading this thread:

For brute force attacks all previous attempts at 1,2,3,4,5,6... characters must be tested first. The addition of 1 more starts a new retest hash.
I other words: 128^1 + 128^2 + 128^3 + 128^4 + 128^5 + 128^6 ... etc. So starting at factor 8 saves a little time. Not much.

 

[DANDAN_THE_DANDAN]

@doppler I'm not talking about brute-force every possible character, no one would be dumb enough to do that. I'm talking about physically finding out your other social medias to find all personal information you leaked onto the internet, then using that data to brute-force.

For example: RedThomas1989
Red - favourite colour
Thomas - your dog's name
1989 - year of birth

Unless you don't use personal information for passwords in which case my entire argument is useless.

 

[doppler]

@DANDAN_THE_DANDAN

Unless you don't use personal information for passwords in which case my entire argument is useless.

I don't use social media, even here on Mangadex I can be unsocial-able. Would than count ?
I hate social media's. It's such a waste of time.

Here is a prime example of the importance of strong passwords (high digit count).
https://www.accountingtoday.com/articles/crypto-exchange-founder-dies-leaving-behind-200m-problem

All websites are moving to only use https. Did you know that's been found to be weak. The certs generated for use
in https connections is not weak. How the cert is generated has a serious flaw.

The hash for the cert is generated by a formula of P Q and a large random number. P and Q are known very large prime
numbers. The random number is your private key to decode communications between you and your web user.

Here is the weakness. All computer generated random numbers can't be true random. They are Pseudo numbers.
They will repeat eventually. So to find matching random numbers. Take P, reverse-process into the cert. Save
the result for later reference. After a couple 100's of thousands. Look for matching results. If you find a result. Run
more fancy math with Q. You got the random number for both sites. Now with P, Q and pseudo-random you "owned"
both sites.

The best security device in the world fits between your ears. Exercise and use it.

 

[Pika]

Ok, that's not really nice @doppler

@DANDAN_THE_DANDAN was trying to help so you might not fck up next time you post some slight personal info online and all you do is bash him? DANDAN_THE_DANDAN just explained what a dictionary attack is and all you see is the dic.

Hashes mean jack shit if people know your password, they are for when people decide to steal passwords directly from the databases

 

[doppler]

@Pika
Wasn't trying to be un-nice. If it came off as not nice, it was never the intention. If you read any of my responses here. The only info you might obtain is. I hate social medias, I might use 3 letters or numbers in my passwords. I know something about computer security processes. Hint: The password I use on Mangadex is not 8 characters long.

My intention is to dis-spell misconceptions about computer security. Every time I read someone write about how easy it is to find a password. I think of "Clear and Present Danger". re: https://www.imdb.com/title/tt0109444/?ref_=nm_flmg_act_33 The scene where H Ford and a associate drop off a computer that needs a password cracked to a computer nerd. As they watch the nerd rambles to himself all sorts of ways to remember a number sequence. They watch a little while, and start walking away (they think it's going to take time). Ford says to the other guy, "I need to change my bank password", the other guy sighs and says "Yea". Before they leave the scene, the computer nerd yells back "I found it". They return to the nerd who babbles a perverse memory trick to generate a password.

Nowadays, it never happens that way. But then what does "123456", "qwerty", "asdfgh", "zxcvbn" and "password" have in common ?
The first 4 are a string right off the keyboard. And "password" leads them all as the most common unsecure passwords in use.

Yes, people do get that dumb. Systems that need to be secured, are (in too many ways to list here).

I will leave with a list of things that were secure at one time:
dvd, blu-ray, all Intel processors since P4 (specter, meltdown), wap, wep,wpa, wpa2, wpa3 (yes the newest #3). A series of companies and political parties systems.

Nothing above is meant to berate or belittle anybody or anything.
I said before "even here on Mangadex I can be unsocial-able". But then that's me being a little snark. Laugh with me I am not laughing at you.

 

[m520i]

I think doppler know his stuff and he said nothing worth noting about the password in the orginial post.

I didn't feel like he was bashing Dan Dan. He just state some facts about password.

Of course, he can just said "thank you for your concern" and everything will be good and all.

 

[doppler]

@m520i
He said it I will just repeat it then "thank you for your concern"

As a username m520i must have some personal importance to you. Just pointing out you have an unusual moniker.

 

[Pika]

@m520i
Nah, I didn't mean about his knowledge sharing part.
I thought the

The best security device in the world fits between your ears. Exercise and use it.

was to DANDAN_THE_DANDAN

 

[doppler]

Here I will delve into some personal info: I like (not in any order of importance) I love that word I remembered.

https://mangadex.org/title/33797/lv2-kara-cheat-datta-moto-yuusha-kouho-no-mattari-isekai-life
https://mangadex.org/title/22303/isekai-kenkokuki
https://mangadex.org/title/32020/iron-ladies

and I really like:

https://mangadex.org/title/17709/kumo-desu-ga-nani-ka
https://mangadex.org/title/28471/kitsune-spirit

Snark, snark: Figure out a password from that.