Quote:
Originally Posted by ladida
I think strongbox guy has something like that, but he, as many other bots just scan google results and have a list of mostly outdated pass sites ...
|
FYI none of that is correct. We spider the sites ourselves, we don't use Google.
We have well over 100,000 pages which we spider and an enormous number of
fresh, working passwords. We check them regularly.
It always amazes me how often people rattle on in great detail about topics they
know nothing about. Some of the theories people post about how hidden features
of Strongbox work are absolutely hilarious. Both on webmaster boards and on
hacker boards people go on and on, explaining in great detail, but totally making
it up and not saying anything even close to the truth.
The one thing ladida said that was remotely close to any fact was mentioning the
name "Google". While we don't use Google, we are certainly aware of the act that
Google has indexed over
1,000,000,000,000 pages. Many of those 1 TRILLION
pages and other documents indexed by Google are things you wouldn't
expect to find
in Google. Things where people forgot to turn "Options Indexes" off, so
their "private", "hidden" files end up in Google - like a certain well known
hacker's private list.
So our
future plans include augmenting our own system, which again spiders well
over a hundred thousand URLs itself, with additional information gleaned from
Google's trillion page index.
I should say one other thing on this general topic. As TeenCat develops this
system, it will become apparent that not only are most webmasters loathe to
pay for anything other than what they absolutely have to, but spidering these
sites and IRC channels and doing it right is a heck of a lot harder than it first
appears and even with a lot of effort and hardware resources devoted to it the
results are less than spectacular. I never really mention our service, even to
people who get Strongbox, unless someone else brings the topic up.
That's because while our system may well be the best of it's kind, I don't think
watching the password sites is the best solution to the underlying problem.
We prefer to first stop the passwords from getting compromised in the first place
by using correct MODERN encryption on the password file, then we can catch
any shared passwords quite effectively when people try to use them. The spider
is a cool little bonus which will catch some, so it may be worth the $50 / year for
a large site, but no spider based system will ever be as effective as Strongbox
itself running on the actual pay site. So we don't promote the spider using in
any of the several ways we could do that, such as an upsell for webmasters
getting Strongbox.