facebook account 是不是很容易被 hack？

AhSengSg

facebook account 是不是很容易被 hack？
30-character password 也中招。。（看以下新闻）
连纹身的吸毒者 (arrested in KL)，１７岁 ITE 学生都能当 hackers

Ah Boys To Men actor's social media accounts defaced for 'dissing the legion'
SINGAPORE - Ah Boys To Men actor Ridhwan Azman found his social media accounts defaced by hacker group Anonymous, in retaliation for 'dissing the legion' through several postings on Twitter.
The 20-year-old, who previously stirred controversy after admitting to slapping his then girlfriend, had tweeted about how he felt #AnonymousSG was a 'joke' and 'stupid'.
Telling his followers to trend the hashtag #AnonymousSGIsAJoke, he also made mocking comments such as, "Expect you to make my ORD date faster can?", in reference to the hacker's threat about attacking government websites.
Around five hours after his last tweet on Nov 5, tweets claiming to be from hacker group Anonymous were posted through Ridhwan's account @RidhwanAzman. These include:
"So you wanna talk s**t about anonymous? Have a taste of what's to come," and "He has been dissing the anons for far too long.. Now the lulz shall be called upon him."
The Twitter profile's description was also altered to: "So sorry Ridhwan. Finally you got ALL the attention that you've wanted - Youtube? h4xed Instagram? h4xed Facebook? h4xed Twitter? h4xed Emails? h4xed".
A video was also uploaded through ​Ridhwan's YouTube channel as a warning. The caption said: "​Claiming that we are a joke, in all attempts to trend such is now nothing but inactive accounts. What you thought was a joke is now real."
The group also claimed that they will 'certainly retaliate' should anyone intend to cause them harm.
Ridhwan Azman later posted through a second Twitter account @RidhwanAzman_ confirming that his social media accounts had been hacked.
Tweeting that 'he deserved this', he also wrote: "I thought #AnonymousSG was not real, now I know it's real. I learnt my mistakes, so now I hope I could get back my accounts, because I need them."

daoqin

自导自演的吧……

shiangkhee

谢谢分享.....

magnumao

hotmail的才容易
中過兩次鳥

cutan

对有实力的人来说应该蛮容易的，被hack过一次。

keat8303

要制造新闻是吗？小心中fb回击

不要学坡小ida酱把问题推给google，结果中回马枪

nampang

只被block过一次不能log in，申请reset密码就好了，不懂算是被hack吗

NaiNai

马劳不知道，看看新闻路过而已

bookshopper1

偶最想hack Q仔Fb....

shin811

bookshopper1 发表于 20-11-2013 05:36 PM
偶最想hack Q仔Fb....

为了阻止他继续po他的照片对吗？

Itikputih

Cari的ID
应该也不难！

天然夜行者

hacker很好赚？

flashang

Itikputih 发表于 21-11-2013 09:21 AM
Cari的ID
应该也不难！

discuz 使用的应该是

md5(md5($password).$salt)

以目前的电脑速度来说，是比较不好的方法。

而 asp.net 的是 sha1( salt + pass )
是目前比较 “不容易” 破解的方法。

keonglah

flashang 发表于 21-11-2013 12:02 PM
discuz 使用的应该是

md5(md5($password).$salt)

1) Check X_table to match the password.
    -- Yes, take the MD5 column and check with person table
    -- No, convert password to MD5 and check with person table

这样应该比较快。。

flashang

keonglah 发表于 21-11-2013 12:58 PM
1) Check X_table to match the password.
    -- Yes, take the MD5 column and check with person tab ...

随便找的 login-discuz.php

1. 
   
2. <?php
   
3.         require_once("./include/my_func.inc.php");
   
4.    
   
5.         function check_login($user_id,$password){
   
6.                 session_destroy();
   
7.                 session_start();
   
8.                 $discuz_host="127.0.0.1";
   
9.                 $discuz_port="3306";
   
10.                 $discuz_user="root";
    
11.                 $discuz_db="discuz";
    
12.                 $discuz_pass="root";
    
13.                 $discuz_conn=mysql_connect($discuz_host.":".$discuz_port,$discuz_user,$discuz_pass);
    
14. 
    
15.                 $ret=false;
    
16.                 mysql_query("set names utf8");
    
17.                 $sql="select password,salt,username from ".$discuz_db.".uc_members where username='$user_id'";
    
18.                 $result=mysql_query($sql);
    
19.                 $row = mysql_fetch_array($result);
    
20.                 if($discuz_conn){
    
21.                         mysql_select_db($discuz_db,$discuz_conn);
    
22.                         $result=mysql_query($sql,$discuz_conn);
    
23.                
    
24.                         if($row['password']==md5(md5($password).$row['salt'])){
    
25. 
    
26.                                         $_SESSION['user_id']=$row['username'];
    
27.                                         $ret=$_SESSION['user_id'];
    
28.                                 //        $sql="insert into jol.users(user_id,ip,nick,school) values('".$_SESSION['user_id']."','','','') on DUPLICATE KEY UPDATE nick='".$row['username']."'";
    
29.                                 //        mysql_query($sql);
    
30.                                        
    
31.                         }
    
32. 
    
33.                 }
    
34.                
    
35.                                 
    
36.                 return $ret;
    
37.         }
    
38. ?>

复制代码

其实方法好不好，快不快，安不安全，
web server 的设定也是很重要的。
而 coding 是要注意避开多余的、人为的漏洞。。。