Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No, it does reveal the database as far as I know. But again, it's a completely public site.


But one can get a list of usernames from this site. One can then see which passwords are on a known password list, and then one has a list of usernames and passwords to try against other services. Bagcheck doesn't seem to have a limit of the number of attempts you get to type the correct password, either, so one can run a full dictionary attack on the passwords too.

There's a reason no-one else does login like this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: