Uhhh no more passwords for me...
 

I went over that list at the request board before it disappeared and I tried entering one of the passwords. Here is a message I got after entering it into one of the websites...

Security Violation! "You have attempted to enter a secure area (/members/) with an stolen username/password.


Then it said something about how the situation would be examined. And then it listed my IP address and a local address. So am I fucked?

If they scare you into believing that they're going to get you, then they won. It's not going to happen, it never has happened to anyone.

There is a lot of really simple code to show your local information and they never even need to send that info to the server.

Yup, like the one sixate posted a while back.
It showed your IP address, your isp and the browser your're using.
It insults your choice, too. :D

Just use a proxy next time.

A similiar thread was posted a while back. I think the huge volume of hacked PW negates any attempts to prosecute individuals.
Also it would cost them more than the couple of bucks mem fee they could demand for your transgressions!

Actually ... I worked with a guy who operated a website that nailed every person who used stolen account info. He didn't seem to ever sleep ... but sure did get lots of $$ in settlements :D

And I worked with a guy with a 30 inch cock. I never actually saw it but thats what he said.:D

LOL

Being the webmaster of a popular paysite... I must say your friend must not have had many offenders. It would be near impossible to function if we went after every offender that abused a password from our site. Besides, it's near impossible to tell if the person accessing the stolen account is the actual owner or not, so the whole issue is fuzzy.

you work with Halx?

...kidding.

Could you repost that code? It sounds cool and I like to make fun on Netscape users.

Heh, sorry hobo, I don't even remember which of the forums it was in, let alone which thread.
You might pm sixate to see if he has it.

The only reason I remember the post was because I used the code in my sig on another board and it got my super-mod duties stripped from me for a while.
It caused a few members to panic, thinking every Tom, Dick, and Harry was looking at their personal info.
Not one of my brightest moves.

Re: Uhhh no more passwords for me...
 

it's a s care tactic, looks like it worked :lol:

Assuming that a website did want to prosecute a person for using a hacked password, are you saying that the max they could get is their standard membership fee? Could a site sue a regular user (not a hacker or cracker) and realistically expect to get a large settlement?

Just mosey on down to the exhibition forum if your curious...

Man, it occurs to me that there might be a significant demand for a service to hacked sites that would track down information on this kind of stuff. Kind of like a bounty hunter service that would take a portion of whatever settlement was reached between the site and the transgressors... maybe keep a lawyer on staff to file the paperwork.

Paysites would hand over lists of offending IPs, and from there, the service would track the IPs for multiple attempts (wrong ID/pass several times) and then track down the offender to gather info... meager 50% fee charged for the detective and lawyer services, of course.

What do you all think? Might start a thread in computers to discuss this idea a little further...

Wrong. In most states, there are laws in place for a website owner to gather damages for a hack. In Virginia, for example, a webmaster can prove that the hacked password was used by multiple individuals and that this was a loss of income (from the multitude of lost yearly memberships). Additionally, since it can be argued that a paysite's unique content is the only thing that distinguishes it from other sites and that this forms the basis for its membership appeal, a hacked password ruins the mystique that leads to new memberships -- this is, also, a damage to be compensated for (precise numbers are impossible to generate -- but an absence of memberships is usually compelling but its hardly important how many there MIGHT have been had the hack NOT occurred when courts want to make examples of hackers). This applies to more than just porn sites, and is particularlly painful to websites that explain how to do things -- think of how-to real estate forums and such. Whether you like their content or not isn't important; that they had a unique concept or information to sell that is, now, violated is important. The basis for income is gone. It's almost like forceablely releasing patented or copyrighted material into the public domain.

Remember that under current legislation, virus programmers and hackers are, by the letter of the law, terrorists. Be very careful when you do stuff like this.

What you're saying sounds resonable, but it also sounds like it applies more to the hacker or cracker that gives the password out. I was wondering more along the lines of what the penalty would be for someone using a password that they find on irc or a message board.

Surely if someone uses a pass that they find somewhere they can't be charged with "ruining the mystique of memberships". The most damage such an individual would cause is whatever bandwidth s/he used in downloading the content. Therefore, wouldn't it be reasonable that the most such a person could be fined is the standard cost of the site's membership?

Although, with the DMCA I imagine that websites could also make a case for copyright infringement which would then incur greater penalties.

Okay, well just to be on the safe side, how do I set up a proxy? I have a 56k connection, Windows XP, and MSN if any of that matters.

They'll get my stolen passwords when they pry them from my cold, dead hands! :lol:

Prosecuting and lawsuits are a whole lot more complicated than they appear. The burden of proof is difficult, and it costs a ton of money to litigate. This is why there are so many out of court settlements (better for both parties). However, there is really no upside for a website operator to prosecute on something like this, so it is kind of like a car alarm that everyone ignores (noisy but with little repercussion).

It's still constitutes illegal electronic trespassing. There's your criminal action.

I would think it would definately not be worth it. Kinda the RIAA going after everyone, not just the big uploaders. To much work, to little results.

Would have certainly scared me.

eh, no big deal

Put it this way - I've used loads of them, and seen that scare tactic page appear numerous times. I've never heard anything back! :)

hhmmm
 

Hmm... for me, some dick on IRC told me to use this pass on sexkey( I don't know why, but when your on IRC your real bored), so next thing you know they tell me that they have my IP and MIGHT prosecute me and all that jibber jabber. Even gave a link to FBI. That was 15 minutes ago, so I turned off all my IE windows, and cleared all my temp files and offline content,lol. Well, I geuss they won, cause it scared me shitless for about 10 minutes, until I realized that this password has probably been passed around to like 5 million people, not only that but people can make IP fakers. Think they are just deterring the use of these passwords to be honest, but I'm still slightly worried, but screw it. I didn't download anything or do anything but try to login... what are they going to pin on me, intention of maybe trying to possibly do something or maybe steal something off their site?

Random

someone mentioned wanting this...

http://www.danasoft.com/vipersig.jpg

HYSTERICAL! :lol: Hey by chance his name wasn't Halx was it?

another two cents to say what has already been said (hopefully, there's reinforcement in numbers): no worries!

they won't pursue legal action against you.

I prefer to spoof a website rather than use passwords.

[OT] Jstrider - can I have the code for that IP and browser thing please? That's of course assuming it's not anything copyrighted? I'd love to put it on my website!

I tried PM'ing you and emailing you but apparently you don't accept either??

Thanks!