Jump to content
When you buy through links on our site, we may earn an affiliate commission.
  • Current Donation Goals

Paypal Warning - Trc Warning!!!


Edge

Recommended Posts

  • Replies 92
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

were your pp&trc&email password the same? if not, you might have a keylogger on your computer!

I am currently investigating as to how my password was compromised, howevr I do not have a trojan or keylogger. I am working with an investigator in this regard. The email used was made up, and not mine.

Link to comment
Share on other sites

So can PGP ;)

I have an update for you guys I have been told that If yI submit more details than you can possibly imagine about myself then pp will reset my password and I can help you all get your money back.

I have been informed that impending withdrawels from my account have been overturned and all money is now back in the PP account.

Chris

That is great news Chris! Thanks!

Link to comment
Share on other sites

That is great news Chris! Thanks!

No problem mate I have to send a Passport and DL to PP and some other info then I will regain access and get this [censored] storm sorted. YOU WILL get you money back.

Chris

Link to comment
Share on other sites

UPDATE!!!

pp HAVE ASSURED ME HAT ALL THE BUYERS WILL RECEIVE A FULL REFUND!!!!!

I will not be receiving a credit for my £467 loss as the hackers sent it to another account as payment for omething and pp will not acknowledge my claim for retribution as it was a payment from one account to another and the seller has indicated that the item has been sent with some tracking details so I cannot be refunded as pp's policy on NON-Ebay items is merely to insure arrival of the goods and not the condition or description of said goods. Shower of [censored] if you ask me, they won't gimme my money back and w=knowing my luck i'll get a [censored] brick sent it the mail.

I have to add that a deal done with Cib)rgman for the 1680 dial WILL be upheld and the dial has been shipped, despite the fact that I don't have access to the funds he sent me.

I now KNOW that NO users will lose out in this, which was my main concern.

Chris

Link to comment
Share on other sites

The passwords for IPB are not stored in the DB in Plain text and are virtually impossible to hack (Not gonna say impossible, but never heard of anyone able to crack the hash)

Really? Passwords aren't that hard...

Link to comment
Share on other sites

Really? Passwords aren't that hard...

The passwords on this forum and TRC as MD5 encrypted. It's not impossible to decrypt these passwords, but it is VERY hard and takes a looooong time.

A more general concern, from a security standpoint, is that people tend to choose "weak" passwords. May I suggest this link and you can go ahead and test your password;

http://www.microsoft.com/athome/security/p...rd_checker.mspx

There is also a lot of useful information on how to create secure passwords and other password related info.

Thomas

Link to comment
Share on other sites

I just checked. I have 4 sets of passwords:

Public forums: Weak, but easy to remember. something like 564534*

Email: Medium. something like asdfgh1000

Bank/CC: Strong. something like Md#gt69O*0d

pp/Ebay: Another set of strong password, like Md#gt69O*0d

I took 2 Encryption/Decryption courses when I was in college. Nothing is 100% safe.

the professor actually taught us to hack MD5, SHA0, SHA1...it was a nightmare to me...

Edited by cwai02
Link to comment
Share on other sites

UPDATE!!!

pp HAVE ASSURED ME HAT ALL THE BUYERS WILL RECEIVE A FULL REFUND!!!!!

I will not be receiving a credit for my £467 loss as the hackers sent it to another account as payment for omething and pp will not acknowledge my claim for retribution as it was a payment from one account to another and the seller has indicated that the item has been sent with some tracking details so I cannot be refunded as pp's policy on NON-Ebay items is merely to insure arrival of the goods and not the condition or description of said goods. Shower of [censored] if you ask me, they won't gimme my money back and w=knowing my luck i'll get a [censored] brick sent it the mail.

I have to add that a deal done with Cib)rgman for the 1680 dial WILL be upheld and the dial has been shipped, despite the fact that I don't have access to the funds he sent me.

I now KNOW that NO users will lose out in this, which was my main concern.

Chris

That is not correct. pp was not honest with you there. I asked about the tracking number and what happens if they just sent false/bogus tracking number. The woman told me, that they will make 10000% sure that a Package IS delivered to my door step and that they CAN do that.

IF you recieve anything unknown, dont accept it, dont sign anything. And tell pp you never recieved anything.

So DONT give your money up. Also tell them, it was NOT your IP who made that transaction. [censored] at them as much as you can, and they will sort things out. If they dont, threaten them with a lawyer. If you need one, I can ask my mother to file a complaint against pp for you, because she is a lawyer! She wont charge you anything and the least you can do is try! THREATEN THREATEN THREATEN! it has worked sooo many times for me!

Link to comment
Share on other sites

The passwords on this forum and TRC as MD5 encrypted. It's not impossible to decrypt these passwords, but it is VERY hard and takes a looooong time.

If you have a few GB of pre-hashed words, you don't need to try every password in the DB, you can just check against all the hashes for the low-hanging fruit. If you have a botnet, this takes under a week.

Link to comment
Share on other sites

Edge - I hope it comes together...

The trouble with strong passwords - a mixture of uppercase, lowercase and numerals - is that they can be a bugger to remember.

So just choose your favourite motorbike - model, maker and cylinder capacity, i.e:

ZX5Kawasaki900cc

There you go... a very strong, yet memorable password.

Hope that this may help someone, sometime.

Edit to add: Don't pick a motobike that you actually own, or have owned. Use the name of the one that you dream of owning... or wish you had owned when you were but a youth... like 1000ccAriel4Square

This system probably works with cars, boats, aeroplanes, and for all I know, fishing rods, too.

Edited by Highflyingclive
Link to comment
Share on other sites

The trouble with strong passwords - a mixture of uppercase, lowercase and numerals - is that they can be a bugger to remember.

The one I tell users (I'm a sysadmin in my dayjob) is a favourite song or book title.

Like for instance, a shakespeare reader would have something like "IsIknwIass" for "In Sooth, I know not why I am so sad ..." or "Da4e4e4e" for a Bond fan. The more obscure the better, but you'll never forget it.

Once you have your non-dictionary password, you can harden it up with a few numbers and symbols thus: "&tm@tbs34" ... and it turned into a ballroom blitz (Ballroom blitz, ballroom blitz).

Link to comment
Share on other sites

I don't understand how my password was cracked. It is a 10 chracter pass with numbers letters and non printable characters, would take millions of years to crack with a PW cracker, and I don't have any spyware, this has to be someone on the fora.....which saddens me greatly.

All will be retributed, I have guarantees. I have spoken to my lawyer and to pp and they are working on a solution but pp are standing stong and will not return my cash as of yet. My family lawyer is a well known QC here so his firm are taking care of it, if he can't sort it noone can.

Chris

Link to comment
Share on other sites

I don't understand how my password was cracked. It is a 10 chracter pass with numbers letters and non printable characters, would take millions of years to crack with a PW cracker, and I don't have any spyware, this has to be someone on the fora.....which saddens me greatly.

All will be retributed, I have guarantees. I have spoken to my lawyer and to paypal and they are working on a solution but paypal are standing stong and will not return my cash as of yet. My family lawyer is a well known QC here so his firm are taking care of it, if he can't sort it noone can.

Chris

Maybe same person who hackes RWG-1... hope you finally get the whole money back...

Link to comment
Share on other sites

I don't understand how my password was cracked. It is a 10 chracter pass with numbers letters and non printable characters, would take millions of years to crack with a PW cracker, and I don't have any spyware, this has to be someone on the fora.....which saddens me greatly.

This makes me wonder if the old site encrypted the passwords at all... unless of course you logged in after the hackers controlled the site. A password sniffer would be trivial to add.

That has just become my most likely suggestion. Once the site was compromised, the hackers added a bit of bespoke PHP to the login page. Every login/pass would then be emailed/posted/whatever any time anyone logged in. Too damned easy.

Link to comment
Share on other sites

Man, Chris! That's some [censored] news. Glad to hear that some of the transactions are being addressed by PP, but being out £400 blows :thumbdown:

If I can help out, please let me know!

As an aside... What's the best way to check your computer for key loggers? With all this talk of compromised PW's, I'd like to know what to look out for as a precautionary!

Link to comment
Share on other sites

This makes me wonder if the old site encrypted the passwords at all... unless of course you logged in after the hackers controlled the site. A password sniffer would be trivial to add.

That has just become my most likely suggestion. Once the site was compromised, the hackers added a bit of bespoke PHP to the login page. Every login/pass would then be emailed/posted/whatever any time anyone logged in. Too damned easy.

I tried to login 3 times after Hacker control to see WTF was happening with "Blade" and the bashing that was going on.......that could be it???

Chris

Link to comment
Share on other sites

Man, Chris! That's some [censored] news. Glad to hear that some of the transactions are being addressed by PP, but being out £400 blows :thumbdown:

If I can help out, please let me know!

As an aside... What's the best way to check your computer for key loggers? With all this talk of compromised PW's, I'd like to know what to look out for as a precautionary!

Thanks for the offer mate much appreciated, I will just have to put my upcoming projects and purchases on the backburner for now.

Thanks to everyone for the support and kind words.

Try using an anti virus scan as well as AdAware and Spybot, which are both free, there are also some good scans available online but be carefull not all are as altruistic as they seem.

Chris

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...
Please Sign In or Sign Up