Fwd: JUST GOT HACKED

[Chris “Kwpolska” Warrick]

Why is this list not setting Reply-To correctly again?

---------- Forwarded message ----------
From: Chris “Kwpolska” Warrick <kwpolska at gmail.com>
Date: Tue, Oct 1, 2013 at 3:55 PM
Subject: Re: JUST GOT HACKED
To: Νίκος <nikos.gr33k at gmail.com>


On Tue, Oct 1, 2013 at 3:42 PM, Νίκος <nikos.gr33k at gmail.com> wrote:
> Στις 1/10/2013 4:27 μμ, ο/η Chris “Kwpolska” Warrick έγραψε:
>>
>> On Tue, Oct 1, 2013 at 3:15 PM, Νίκος <nikos.gr33k at gmail.com> wrote:
>>>
>>> Στις 1/10/2013 4:06 μμ, ο/η Mark Lawrence έγραψε:
>>>>
>>>>
>>>> On 01/10/2013 10:58, Νίκος wrote:
>>>>>
>>>>>
>>>>> Just logged in via FTP to my server and i saw an uploade file named
>>>>> "Warnign html"
>>>>>
>>>>> Contents were:
>>>>>
>>>>> WARNING
>>>>>
>>>>> I am incompetent. Do not hire me!
>>>>>
>>>>> Question:
>>>>>
>>>>> WHO AND MOST IMPORTNTANLY HOW DID HE MANAGED TO UPLOAD THIS FILE ON MY
>>>>> ACCOUNT?
>>>>>
>>>>> PLEASE ANSWER ME, I WONT GET MAD, BUT THIS IS AN IMPORTANT SECURITY
>>>>> RISK.
>>>>>
>>>>> SOMEONES MUST HAVE ACCESS TO MY ACCOUNT, DOES THE SOURCE CODE OF MY
>>>>> MAIN
>>>>> PYTHON SCRIPT APPEARS SOMEPLACE AGAIN?!?!
>>>>
>>>>
>>>>
>>>> Would you please stop posting, I've almost burst my stomach laughing at
>>>> this.  You definetely have a ready made career writing comedy.
>>>
>>>
>>>
>>> Okey smartass,
>>>
>>> Try to do it again, if you be successfull again i'll even congratulate
>>> you
>>> myself.
>>>
>>> --
>>> https://mail.python.org/mailman/listinfo/python-list
>>
>>
>> It looks like you are accusing someone of doing something without any
>> proof whatsoever.  Would you like help with the fallout of the lawsuit
>> that I hope Mark might (should!) come up with?i'am
>>
>>
>> Speaking of “try again”, I doubt it would be hard…  As long as a FTP
>> daemon is running somewhere (and you clearly do not know better); or
>> even you have a SSH daemon and you do not know better, an attacker
>> can:
>>
>> a) wait for you to publish your password yet again;
>> b) get you to download an exploit/keylogger/whatever;
>> c) brute-force.
>>
>> Well, considering it’s unlikely you actually have a long-as-shit
>> password, (c) is the best option.  Unless your password is very long,
>> in which case is not.
>>
>> I’m also wondering what language your password is in.  If you actually
>> used a Greek phrase, how long will it take you to get locked out due
>> to encoding bullshit?
>
>
> Like i use grek letter for my passwords

Did you know that you just lowered the amount of characters an
attacker should check while brute-forcing your password from 256/164
(UTF-*/ISO-8859-7) to just 95?  No?  Congratulations anyways, Nikos!

--
Chris “Kwpolska” Warrick <http://kwpolska.tk>
PGP: 5EAAEA16
stop html mail | always bottom-post | only UTF-8 makes sense


-- 
Chris “Kwpolska” Warrick <http://kwpolska.tk>
PGP: 5EAAEA16
stop html mail | always bottom-post | only UTF-8 makes sense