Well I guess we are getting big enough for hackers to start fuc*ing with us! Today the main page was replaced by the hackers known as "H4ck3rsBr Group" They were kind enough not to delete the entire site and getting back online was a simple task. This is only the second time since 98 that this has happened.
This is why the site is backed up daily. :? I am sure the little shits will be back!
Well after some research, it looks like they used a bruteforce password hacker program to gain entry. I thought I had a secure enough password on the site but from using this BruteForce Attack Time Estimator I found out it took only a short period of time to crack. According to this estimator, the new password will now take roughly about 2,039,326,802,500.00 hours to crack or 84,971,950,104.17 days. Thats about 17 billion tries in an hour (Very High Performance) on one machine. If they had 100,000 machines attempting to crack it, supposedly it would only take 20,393,268.03 hours to gain access. Hopefully they are not all that interested in MassCops.... :? Time will tell.
Test your passwords out, you can download the estimator near the bottom of the page.
Received an email today with some corrected information.....
My name is Joe Grajewski and i am President of Mandylion Labs. I want to thank you for referencing our web site in your recent entry on passwords. I saw quite a number of folks visit our web site from the link you made and i traced it back. By the way, you were pretty accurate and straight forward in your description of the speed of brute force calculators with one exception. Unless the password is made by a purely random password generator that gives each character in the password a 1 in 94 chance of being selected, users should enter the number of each of the character sets into the calculator rather than put lets say 8 in the purely random row -- This is due to the fact that the cracking software searches keyspaces that , although you may feel you made it up at total random, they apply some intelligence in their search and are able to predict "humanly generated" passwords slightly faster than a purely random one -- an example is that the hacking software always assumes (before it gets into raw brute force mode) that humans have a tendency to put the special characters and numbers at the ends of the password or in the dead middle" - and therefore leave to "later" in the search looking for special characters in the 3rd, 4th and 6th position -- which doesn't seem like much but cuts the heck out of the search -- its now looking (in an 8 character password) for 94*94*52*52*94*94*94*94 as well as other tricks like doing first all the lower case up to the last 3 characters -- again they know they may wind up searching the entire population until they get a hit - so why not search the most probably first --