I just changed my AT&T password since they use yahoo mail... (just being cautious here and all with the recent yahoo hack).....

Which stopped the Internet working (no biggy here since last time I changed my password it changed the Internet as well as email address and the were the same...)

so I input the new password into my router..... problem..... still no Internet access....

So I follow the next logical step and call AT&T.... they inform that a recent change (recent since my last pass change) is that the email and Internet passwords are separate entities, and that the Internet password is now system generated non-changeable 6 digit password (3 letters all lowercase and 3 numbers)... are these companies really wondering why they get hacked... over and over....

If they are using PPPoE, then you probably need to call their tech support to get it resolved. =/

EDIT: Nonchangable password sounds like a bad idea. >.<

If they are using PPPoE, then you probably need to call their tech support to get it resolved. =/

EDIT: Nonchangable password sounds like a bad idea. >.<
oh it's solved but.... thats the bit that has me nervous, I wouldn't mind it being unchangeable if it were more than just a 3 letters and then 3 numbers password... such weak passwords are going to be a big mistake though....

No computer can generate a random, so its just matter of luck that the password will be "abc123"

No computer can generate a random, so its just matter of luck that the password will be "abc123"
well you can have random numbers since sites like random.org, do things like analyze atmospheric noise or watch lava lamps and count the bubles via camera's and use that to seed and generate true random

otherwise effectively it is random, just not technically.... it can be based on things like when the user clicked the button in microtime and basing the seed off the last 2 digits or whatever, or how the mouse moved and such

Thank you for confirm that i am correct.
Atmospheric noise is generating a random, and computer just copy&paste-ing it.

Thank you for confirm that i am correct.
Atmospheric noise is generating a random, and computer just copy&paste-ing it.
I said more than that :-k

you know though if you really want to get down to it.... is anything really random... or are we just going through a timeline that is already written....

Mathematically any random process can produce "abc123". The point is that the quasi-random number generators inside of a computer are close enough to random so that they are practically unpredictable.

you know though if you really want to get down to it.... is anything really random... or are we just going through a timeline that is already written....

A deterministic process can appear random to an observer, if the observer doesn't have enough information about the underlying parameters that determine the behavior of the process.

Current models in quantum mechanics suggest that there is fundamental underlying randomness in the Universe. At the present, it seems that there is indeed randomness, although Quantum Mechanics is still work-in-progress.

There is a difference between things having been "written" with some "purpose" and processes evolving according to deterministic set of rules. "Deterministic" is not the same as "written".

While you are at it, you can also add that determinism doesn't necessarily imply lack of what people would call "free will". If every decision that I will ever make can be predicted with 100% accuracy, this doesn't mean that it will not be ultimately me making the decision.

A deterministic process can appear random to an observer, if the observer doesn't have enough information about the underlying parameters that determine the behavior of the process.

Current models in quantum mechanics suggest that there is fundamental underlying randomness in the Universe. At the present, it seems that there is indeed randomness, although Quantum Mechanics is still work-in-progress.

There is a difference between things having been "written" with some "purpose" and processes evolving according to deterministic set of rules. "Deterministic" is not the same as "written".

While you are at it, you can also add that determinism doesn't necessarily imply lack of what people would call "free will". If every decision that I will ever make can be predicted with 100% accuracy, this doesn't mean that it will not be ultimately me making the decision.
time travel is theoretically possible due to speed + time being linked (yo go faster in speed, your going faster in time), and thats a proven sooo... if the future is already written..... and solid, that means any choice you make has already been made, and therefore... free will is an illusion

While you are at it, you can also add that determinism doesn't necessarily imply lack of what people would call "free will". If every decision that I will ever make can be predicted with 100% accuracy, this doesn't mean that it will not be ultimately me making the decision.

Right, it's still your will, and it's completely free within the confines of its own properties, so there's no imposition of "destiny", and thinking that there is is just baggage of old, theologically-derived conceptions of determinism.


time travel is theoretically possible due to speed + time being linked (yo go faster in speed, your going faster in time), and thats a proven sooo... if the future is already written..... and solid, that means any choice you make has already been made, and therefore... free will is an illusion
No one is determining it, though. The illusion that a written future contradicts free will only makes sense if you assume that an external will determined that written future "ahead of time" with a specific intent. (Which you could still either maintain or reject as a theist, of course.)

And random.org wouldn't be any more a true random than the one that comes out of your processor, but one based on a quantum computer could be. = )

And random.org wouldn't be any more a true random than the one that comes out of your processor, but one based on a quantum computer could be. = )
I kinda agree there if its based on something like microtime of when the user clicks a mouse and then based on say.. I don't know network speed (how long that click takes to be sent to the server or be processed).. it's close enough to random for me

While nobody knows if the cat in the box is alive or dead (or even in the box), how much does a swallow weigh when a tree falls in the woods. 42.

I don't think AT&T has a good policy with their rigid 6 digit password policy.



404

I just changed my AT&T password since they use yahoo mail...

^^^ To me, this speaks volumes.
My ISP changed to Yahoo mail a few years back. An honest evaluation of my opinion of Yahoo mail is likely to violate the forum CoC :D

While nobody knows if the cat in the box is alive or dead (or even in the box), how much does a swallow weigh when a tree falls in the woods. 42.

I don't think AT&T has a good policy with their rigid 6 digit password policy.



404

If we generate 9 passwords and express the answer in base thirteen?

Theoretically there have been many time machines created that would allow you to travel on a trajectory and arrive at the origin at a time before you being your travel. However, none of the theoretical constructs allow for one to travel before the time that the machine was created. In dumb Hollywood terms. this means that Martin McFly can visit his future self and then come back, but he cannot visit his parent's prom.

Copper Bezel got my idea about free will. Note that I don't claim that we have or don't have "free will", I am just saying that determinism isn't an argument for or against "free will".

not found, I believe you missed the point about the cat. The idea is not that nobody can figure out if the cat is dead or alive, the point is that the cat is both dead and alive. One of the consequences of the theory is that there is underlying randomness to the Universe that is no due to the lack of knowledge (also, there cannot be full knowledge).

how much does a swallow weigh when a tree falls in the woods.

Do you mean an African or a European swallow?

^^^ To me, this speaks volumes.
My ISP changed to Yahoo mail a few years back. An honest evaluation of my opinion of Yahoo mail is likely to violate the forum CoC :D

I think I know who you are talking about, Lisati, and I have the same concern.

As to what to do about it, that's another matter altogether. I have no idea.

Other than all of us sending them some technical-sounding emails about the safety of our passwords, encrypted storage etc etc etc

Ah Determinism, one the finest schools of thought, if only for its ability to make people dismiss it on the spot; the concept doesn't sit well with most.

OT: That's a horrifically short password, bit surely that's only applicable to the physical internet connection - i.e: someone would have to be on your line?

OT: That's a horrifically short password, bit surely that's only applicable to the physical Internet connection - i.e: someone would have to be on your line?to spy on you yes, but they could put that password into their own router.... and maybe from there access your account details?

to spy on you yes, but they could put that password into their own router.... and maybe from there access your account details?

Ah I see; I wonder if net connections are setup differently over the pond. I'm fairly sure our credentials will only work on the physical line they are issued to - if someone in the UK knows otherwise, chime in!

Whether it is legal or not, the ISP always has the ability to follow all of your traffic. If you are visiting encrypted pages, then they cannot see the content, but they can see that you have visited one page or another. If the page is not encrypted, then they can see everything. (Unless you are using an encrypted proxy or ssh tunneling, but then everyone on the proxy can see what you are doing)

The extent to which they are allowed to use this legally may differ from a country to a country, but the technology to do this is always there. This is just the way the Internet works.

Whether it is legal or not, the ISP always has the ability to follow all of your traffic. If you are visiting encrypted pages, then they cannot see the content, but they can see that you have visited one page or another. If the page is not encrypted, then they can see everything. (Unless you are using an encrypted proxy or ssh tunneling, but then everyone on the proxy can see what you are doing)

The extent to which they are allowed to use this legally may differ from a country to a country, but the technology to do this is always there. This is just the way the Internet works.
This thread wasn't about at&t spying

This thread wasn't about at&t spying

Sorry to hijack your thread.

I am using AT&T and I am not very happy about them, although my main problem is that the router that they gave me was real garbage. Furthermore, they have it locked so that I cannot change my wireless passord, they have assigned a random number, it is long, but I cannot change that.

Sorry to hijack your thread.

I am using AT&T and I am not very happy about them, although my main problem is that the router that they gave me was real garbage. Furthermore, they have it locked so that I cannot change my wireless passord, they have assigned a random number, it is long, but I cannot change that.
hmm you could get a cheap router off amazon for 15-20, I recently purchased a wrt-160n linksys for 13 refurbished off therehere's another I found from a quick search: http://www.amazon.com/Cisco-Linksys-WRT160N-RM-Refurbished-Wireless-N-Router/dp/B001VMAYAM/ref=sr_1_2?s=pc&ie=UTF8&qid=1342198918&sr=1-2

Damn. I had full control over my AT&T DSL modem's router settings. Never did eBay that, either.

...

Want it?

and that the Internet password is now system generated non-changeable 6 digit password (3 letters all lowercase and 3 numbers)

17 576 000 different passwords.

That sounds like enough passwords to a PHB that doesn't know anything about security --- which would be overestimating the knowledge that AT&T has about computer security.

jonathon

17 576 000 different passwords.

That sounds like enough passwords to a PHB that doesn't know anything about security --- which would be overestimating the knowledge that AT&T has about computer security.

jonathon
I actually shocked my wife once, I tol her to choose a random 4 letter (weak yes I know but that was the point). password...

then I just threw together a basic c++ script (showed her the program and explained each part that it was just a loop, try 1, increment and then try the next and so on...)to go through and try every option.... had her 4 digit pass in about 1 second....

and this was on a relatively slow single core computer.... since then she's been... pretty damned security conscious....

hmm you could get a cheap router off amazon for 15-20, I recently purchased a wrt-160n linksys for 13 refurbished off therehere's another I found from a quick search: http://www.amazon.com/Cisco-Linksys-WRT160N-RM-Refurbished-Wireless-N-Router/dp/B001VMAYAM/ref=sr_1_2?s=pc&ie=UTF8&qid=1342198918&sr=1-2

The problem is that the model for the modem doesn't allow to be set as a simple bridge. I can get a second router and set up wireless anyway, but I would be a clumsy solution. With Comcast I used to have a simple modem that I would plug to my own router that I know works well and secure.

I have plans to call them and demand a better modem, but I have been ultra busy at work lately.

17 576 000 different passwords.

That sounds like enough passwords to a PHB that doesn't know anything about security --- which would be overestimating the knowledge that AT&T has about computer security.

jonathon

No. It is almost certainly case sensitive.

Even if it weren't, you are assuming "3 letters, then three numbers" (or vice versa). But it actually can be any combination of 3 letters and 3 numbers.

Saving for the second bit, it is already over 140 million (with replacement, {52^3}*1000). But since it doesn't have to be AAA###, but can be things like A##A#A or whatever, so long as the total =6 and the sum of A's and #'s must equal 3 each, then there are significantly more possibilities. I don't feel like calculating it, but it is over a billion... and that is a good enough approximation to make some conclusions. Due to delays and possible hacking lockouts, it would not be practical to attempt a brute force attack. It would be far more practical to use other attack means. Therefore, the password strength is adequately strong enough for its purpose.

No. It is almost certainly case sensitive.

Even if it weren't, you are assuming "3 letters, then three numbers" (or vice versa). But it actually can be any combination of 3 letters and 3 numbers.

Saving for the second bit, it is already over 140 million (with replacement, {52^3}*1000). But since it doesn't have to be AAA###, but can be things like A##A#A or whatever, so long as the total =6 and the sum of A's and #'s must equal 3 each, then there are significantly more possibilities. I don't feel like calculating it, but it is over a billion... and that is a good enough approximation to make some conclusions. Due to delays and possible hacking lockouts, it would not be practical to attempt a brute force attack. It would be far more practical to use other attack means. Therefore, the password strength is adequately strong enough for its purpose.
Actually the tech I spoke said its always lower case to make it easy and its 3 letters then 3 numbers.... so yeah....

but even if it was any combination and case sensitive... well it'd still be relatively trivial

https://www.grc.com/haystack.htm

to check just type in A1a1a1

So that in includes at least 1 cap 1 lower and numbers and you'll be surprised....

unfortunately it can't really calculate how weak it really is since you cant tell the grc tool 3 letters the 3 numbers....

by the way , since some people don't really know how fast computers can handle numbers.....

I just threw together a silly little program in c++.....

all it does it counts up from 1 (as fast as it can) for 10 seconds, then it multiplies that number by 6 to tell you how many increments your computer is capable of doing per minute...

here's the program link: http://dl.dropbox.com/u/1212637/incrementor
and of course a windows version: http://dl.dropbox.com/u/1212637/incrementor.exe

yeah yeah basic program that most people starting c++ would be able to throw together... but I just wanted to do something basic that would show how good your computer is at this stuff, obviously the faster your computer and the less load you currently have running the faster it'll go

btw: it must be run from inside a terminal (not doing a gui for something this basic)

wow, lowercase only? and three letters then three numbers? holy crap. lol

Yes, that drastically reduces the number of possibilities, and your original assessment of the number of possible passwords was right, or very close to it.

But brute force cracking isn't as easy as you imply :) Even if you have just a hash file or whatever to work with (got it from the device) and everything fits in RAM, you still have to do many calculations per guess to figure out whether or not the combination worked. In a real-world environment, wirelessly brute forcing, assuming no protections, it would take at least a few seconds per guess. So you are looking at about 12 months of cracking 24/7 for a 50% chance of hacking it, which is impractical. Locally, most of the time it is about 3-4 passwords per second, per core, on desktop computers. If you have 4 cores running parallel (assuming you can rig it to crack locally, which would take some doing, needless to say), you are looking at about a week of cracking 24/7 for a 50% chance of finding it. It would still be more practical to get access through other means.

Your right unless of course AT&T are hacked, and the usernames and the hopefully hashed passwords are downloaded for brute forcing.. in which case it's a whole different ballgame.... especially with an unchangeable password