Quote:
Originally Posted by gmr324
I have personally observed discussion threads between hackers who are tearing their hair out about why previously wide open sites have suddenly become unexploitable for stealing passwords.
|
Your other things might hold water, this doesn't. Hackers don't do bruteforcing of usernames, they simply take them from the database/file. Installing phantomfrog doesn't make a site unexploitable. Exploitable != getting a valid pass. The toplist you linked to is mainly led by 1 guy, who is a webmaster himself and is profiting off of stolen passwords (he's seling memberships both to his sites and to paysites), but he does have valid passes to sites that were infact not given to him.