Hacked?

[MooseMom]

I've just received one of those threatening emails from someone claiming to know my password.  And they DID know my password, but luckily for me, this is the only site I use it on.  I've changed it but still wanted to draw this to your attention.  Has anyone else had this happen to them in the past day or so?  I'm thinking that someone has hacked this site for passwords or other personal info.

Thanks.

[Michael Murphy]

If you use public WiFi every thing you use is open to a knowledgeable hacker.  The solution is to only use public sites with a vpn service.

[MooseMom]

No, I don't use public wifi.

[Simon Dog]

The interesting thing about this site is that the passwords are stored in a one-way hash.    Checking is done by encrypting the supplied password and comparing to the stored one-way encrypted password.  As an admin, I can reset a password, or dump the hash of a password, but not extract one.

Getting a password for the site would involve one of three techniques:

• fetching the password in transit
• running a dictionary attach - which will not work if you password is strong enough
• reversing the password hash - Wordpress uses a modified MD5, so you can read up on the technique here https://www.johndcook.com/blog/2019/01/24/reversing-an-md5-hash/
  

If its the same email I got, it offers to prove they have photos of you masticating in front of the computer to 5 of your friends.  If it was real blackmail they would have just sent one photo to  you.   And no hacker has devised a technique to see through the tape I have over the camera lens on my laptop.

[MooseMom]

The interesting thing about this site is that the passwords are stored in a one-way hash.    Checking is done by encrypting the supplied password and comparing to the stored one-way encrypted password.  As an admin, I can reset a password, or dump the hash of a password, but not extract one.

Getting a password for the site would involve one of three techniques:

• fetching the password in transit
• running a dictionary attach - which will not work if you password is strong enough
• reversing the password hash - Wordpress uses a modified MD5, so you can read up on the technique here https://www.johndcook.com/blog/2019/01/24/reversing-an-md5-hash/
  

If its the same email I got, it offers to prove they have photos of you masticating in front of the computer to 5 of your friends.  If it was real blackmail they would have just sent one photo to  you.   And no hacker has devised a technique to see through the tape I have over the camera lens on my laptop.

Well, I didn't understand much of that!  LOL!.  My password wasn't strong at all; it was the same password I've used on this site for over 10 years.  I knew it wasn't "real" and that it was a common ploy, but I thought I'd mention it just in case there were problems on this site of which I was not aware.

I suppose I could put tape over my camera lens, though I can't imagine anyone wanting to watch me post on IHD.