Brothers credit journey of BRUTE FORCE (cont)

Similar Messages

• Brothers credit journey of BRUTE FORCE (cont)UPDATE

  UPDATE: Brother got AA on his Barclays Apple card today. They called him and said that even though he pays statement in full and on time, over 100 inquiries is simply too much and closed his account. On another note, he raised his Lowes to 12k and Exon&Chevron to 4k each today. If anyone doesn't remember my last post about my brothers "spree", here it is: http://ficoforums.myfico.com/t5/Credit-Cards/Brothers-crazy-credit-journey-PART-II/td-p/3815607 I no longer consider his journey to be a spree, it's more like brute force. He applies for about 20+ cards daily (including any prime cards, etc) and gets what he gets. He's very adamant about it and probably hasn't gone more than 3 days without applying for a few cards for the past 8 months or so. Today he messaged me that he got in with a Chase British Airways VS $3500 limit & 15.99%APR and some type of a Discover card. He probably has over 100 inquiries (last 6 months) on each bureau and 60-70+ new accounts reporting in the last 6 months. His next goal is to get in with AMEX & Citi and his overall goal is to reach the $1,000,000 available credit mark, he is currently at around $200k-$250k. I'm surprised myself, apparently applying once a day for every credit card ever works, haha.

  tuolumne wrote:
  Kostya1992 wrote:
  If anyone doesn't remember my last post about my brothers "spree", here it is: http://ficoforums.myfico.com/t5/Credit-Cards/Brothers-crazy-credit-journey-PART-II/td-p/3815607 I no longer consider his journey to be a spree, it's more like brute force. He applies for about 20+ cards daily (including any prime cards, etc) and gets what he gets. He's very adamant about it and probably hasn't gone more than 3 days without applying for a few cards for the past 8 months or so. Today he messaged me that he got in with a Chase British Airways VS $3500 limit & 15.99%APR and some type of a Discover card. He probably has over 100 inquiries (last 6 months) on each bureau and 40-50+ new accounts reporting in the last 6 months. His next goal is to get in with AMEX & Citi and his overall goal is to reach the $1,000,000 available credit mark, he is currently at around $200k-$250k. I'm surprised myself, apparently applying once a day for every credit card ever works, haha.How does he even still get approvals? That really is brute force.I ask myself the same thing, lol. His score is like 650 now across the board.

• What the heck is brute-forcing our exchange server?

  Hello all,
  We have been getting FLOOODED with (what seems like) brute force attacks on our server. We use RDP a lot for remote connecting but our firewall (Sonicwall) is setup to block IPs that aren't ours (I've seen this resolve RDP brute-force attacks first-hand).
  The problem is that i'm used to seeing the "Failure Audit" logs with "Logon Type 10" and an IP that was attempting the connection, but now we're being flooded with "Logon Type 8". The issue that has me concerned is that i'm now
  seeing a LARGE amount (438 entries) of failed login attempts with no IP address to indicate where it's coming from.
  Now, as much as I love Batman, I know for a fact noone on our end was trying to login under this account (or the hundreds of other accounts that attempted logins). I copied one of the event viewer logs below and literally ALL of the events are identical
  with the exception of the Account Name (the acct name is different and always something blatantly fake).
  My guess is that there is some type of bot trying to authenticate using OWA to get email access, however I could be 100% wrong (the logic comes from the fact that an exchange file is listed on every event). ANNNNY input / advice on this matter is appreciated!!!
  An account failed to log on.
  Subject:
  Security ID: NETWORK SERVICE
  Account Name: <serverHostname, Edited out for security>
  Account Domain: <our domain>
  Logon ID: 0x3e4
  Logon Type: 8
  Account For Which Logon Failed:
  Security ID: NULL SID
  Account Name: baseball <This is different across the events>
  Account Domain:
  Failure Information:
  Failure Reason: Unknown user name or bad password.
  Status: 0xc000006d
  Sub Status: 0xc0000064
  Process Information:
  Caller Process ID: 0x2f3c
  Caller Process Name: C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe
  ^this is what leads us to believe it's coming from OWA / email login attempts
  Network Information:
  Workstation Name: <servername>
  Source Network Address: -
  Source Port: -
  Detailed Authentication Information:
  Logon Process: Advapi
  Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
  Transited Services: -
  Package Name (NTLM only): -
  Key Length: 0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
  - Transited services indicate which intermediate services have participated in this logon request.
  - Package name indicates which sub-protocol was used among the NTLM protocols.
  - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

  Hi,
  logontype 8 is the same as logontype 3 -network logon except for the fact the password is sent in clear text.
  I think your OWA is publicly available and someoen is trying to access it. The fact the logontype is 8 indicates you might use basic authentication on the website- which is quite insecure. it migh lso be some other servcies (like smb) are available from
  the internet and abused.
  make sure the server is only reachable on the web on the needed ports 443 for the website, 25 for smtp. You firewall should block all the rest!
  For rdp (and other management tools) I would recommend blocking access over the internet and configuring some vpn solution.
  MCP/MCSA/MCTS/MCITP
  Thank you! This goes along with what we were thinking so it's very nice to see someone else saying it. We are looking more into the firewall rules and most likely getting an updated firewall altogether. With any luck we will be ok after setting up the new
  wall with all fresh Rules while keeping the threat in mind. Lots of rules currently and limited security options since it's ancient.
  Thanks for the response!

• Netbeans 6.1 SMS NON-Brute force ability listen to multiple ports

  First of all, my appologies for being a nubie coming from Mobile6. The company I slave at is migrating from MS Mobile to j2me!!! I am porting a code segment that listens to all incoming/outgoing SMS text messages and logs the messages into another java contact applet for our sales department. Our company policy(I cannot change) allows the sales department to use any/multiple SMS packages and install onto the device.
  Based on my understanding of the (MessageConnection)Connector.open("sms://" foo); I must include a port address to listen in on. Is there a NON-brute forced methodogy to poll "active" ports the device is using to send/recieve SMS text message?
  /dz
  Little Rock, AR.

  db,
  I was reading a blog by Bill Day [http://weblogs.java.net/blog/billday/archive/2004/02/midp_push_using.html]
  regarding MIDP Push; A paragraph jumped at me, it was "...
  Whichever network(s) you're application will be using, you need to find out what protocols they allow inbound to handsets. At the least, most GSM carriers will allow SMS (since they use SMS for short text messaging). Assuming your network does support SMS, from the server part of your application you would need to generate an SMS message directed to the port you bound your MIDlet to in its static or dynamic push registry settings. Assuming the network passes the SMS as expected, your MIDlet should be awakened when the SMS arrives in the handset..."
  Either I'm not understanding your reponse, the info in this blog is incorrect or I must include a port address as part of the open method of the Connector. Still confused.
  /dz

• Brute force on admin account - Windows Domain

  Hello,
  I have seen a rise of attempts to brute force our Administrator account on a awindows domain. I have in place, a Cisco ASA5505 w/ IPS sensor. I'd like to use the IPS sensor to automatically block IP's that brute force after x failed login attempts.
  Question is, is there a signature present (we auto update and are current) which will detect this and, what do we need to do to enable / configure this to kill the connection and deny further attempts.
  THIS is what I need to stop: We are getting a few hundred a day.
  Logon Failure:
         Reason:            Unknown user name or bad password
         User Name:      administrator
         Domain:            xxx
         Logon Type:      10
         Logon Process:      User32 
         Authentication Package:      Negotiate
         Workstation Name:      xxx
         Caller User Name:      xxx
         Caller Domain:      xxx
         Caller Logon ID:      (0x0,0x3E7)
         Caller Process ID:      8728
         Transited Services:      -
         Source Network Address:      213.171.220.184
         Source Port:      9674

  Hello
  To my knowledge there is no such signature,you need to create a custom signature to achive this.
  If you have Cisco MARS; you can pull these events directly in MARS and create a regex rule for the same. Add email notification to this rule as usual to ensure alerting as desired.  Windows events can either be pulled  by MARS or can be pushed using the Snare agent.
  Please see this link for more details:
  http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgHost.html#wp718623
  Regards
  Farrukh

• I have an Ipad2. I wanted to pay for some accessories on a game through my brothers credit card and it wouldn't go through. And now a message pops up cannot connect to iTunes Store please contact iTune support.

  I have an Ipad2. I wanted to pay for some accessories on a game through my brothers credit card and it wouldn't go through. And now a message pops up cannot connect to iTunes Store please contact iTune support.

  You have to contact Apple Support.
  https://ssl.apple.com/emea/support/itunes/contact.html

• Question about brute force attacks

  How does ironport deals with brute force attacks on ssh and https?
  There is some kind of control?
  If someone leaves ironport's 22 and 443 ports "open" to the internet, it would be a problem if ironport does not control number of invalid logins attempts...

  uhm, i think it would be against Ironport Systems main purpose, that is to keep the appliances doing only its jobs. If you give a firewall, ppl will be able to use ironport to another tasks beyond MT task, and i think it's not wise...
  I'm not talking about using it as a firewall to protect other systems. I'm talking about it having a built-in software firewall for protecting itself.
  Ok, i understand what you say, but i cannot see the major usefulness of the built-in fw. If you really want your system to be safe, just dont run the stuff. Keep ssh and https disabled on the public interface.
  On the begining, i was concerned about ppl that leaves the ssh and https ports opened to the net. And when i say opened, i reaaly mean without fw.
  I think we are missing the spot.
  But just in case, do you guys really think ironportnation's forums have enough spot to this kind of discuss?
  You're the one who started this thread. If you don't think this is an appropriate place for it then why did you start it?
  Ok, what i'm trying to say, is that, in my (silly) opinion, ironportnation's forums should be more visited, more commented. I dont see the ironport's legion here. Many ppl just sign in and almost never log in.
  But who cares with my opinion? so let's not discuss it, let's forget it.
  I keep thinking that 'Robot Exclusion Protocol' should be considered.
  If you don't agree, check it out
  another tip, the crawler is indexing the 'login help' page.

• Stopping brute force ssh attacks on OS X Server 4?

  OK, well the new year has brought out a slew of fresh IPs (mostly from Hong Kong, and China) trying to login to my machine (running OS X Yosemite 10.10.1 Server 4.0.3).
  I have enabled the adaptive firewall (per http://help.apple.com/advancedserveradmin/mac/4.0/#/apd4288B31F-0C3D-4004-9480-4 B7E0AFBB818) and yet the attacks continue unabated.  Multiple IPs from one class C address block, for instance—flipping between three different IPs—are hitting my machine once per second over the course of dozens of hours. Yet the firewall is doing nothing to block those IP(s). They either walk through and try a list of bogus accounts, or continually hammer the root account. 
  I have configured just a few users access to ssh via the server application. But short of disabling sshd—which is not ideal—what are the strategies for combating these attacks?  Is the best route to use the /etc/hosts.allow and /etc/hosts.deny files to configure access for sshd?
  Thanks for any tips!  —michael

  Apparently the adaptive firewall isn't very robust (see above). I have seen it block certain attempts automatically, but it doesn't do so for brute force attempts.   And everything I've read about it says to ignore the message "No ALTQ support in kernel".  (There are several references here and here.)
  For more, see: OS X Server: How to enable the adaptive firewall - Apple Support
  I use this command when I want to stop an attack immediately from one IP:
  sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -a 123.123.123.123
  afctl accepts CDIR notation, so this is useful to block an entire class C address from the 123.123.123.0 network:
  sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -a 123.123.123.0/24
  You can add more time to the block with the -t flag. To view the currently blocked hosts:
  sudo cat /var/db/af/blacklist

• IPS signature to block brute force attempt

  Hello all,
  We have an Outlook web access server and I would like to block an attemt of bruteforcing its login page (SSL enabled). Is there any signature that can accomplish this?
  Thanks in advance

  We could create a signature to detect this type of activity.  The only problem is that one person's brute force is another's average day, in terms of network traffic.  Any such signature would have to be highly tuned for the enviornment it is deployed in.

• OSx Server 3.1.2 - Wiki (collabd) Authentication Vulnerable to Brute Force?

  Hello Team,
       I have been using OSx Servers (3.1.2 - Build 1354517) 'wiki' or Collaborative suite to host some personally created wiki's and documentation. Upon having this open to external (WAN) connections, as was my eventual goal; I noticed a potential problem. I found that I could continually attempt authenticate against the website, without any timeout or anything else to slow down my attempts.
       To elaborate briefly, I don't mean authentication against .htpassword as maybe configured in OSX Servers Website hosting setup. I mean against the wiki software itself. The only way around this, that I can find, would be to use .htpassword for an additional layer of security.
       Given that there are MANY ways to gain usernames against the wiki server (Profiles, default 'alias', activity logs - etc), and the fact that this authenticates against local system accounts, is this a genuine security threat?
       I appreciate any feedback from other users or perhaps Apple.

  Hello Linc,
       I appreciate your reply, though I feel it misses the core content of my enquiry. It's not unnecessary to expose this service, but I would like the ability to. I don't think the service accessibility limitations should be defined on whether the application is secure or not.
       And either way, even if run in a secure environment; it's still a compromise.
       In the end, I'm still not sure; Do you acknowledge that this is vulnerable to brute force?
       Thanks,

• Virus try to brute-force my unlock screen pin on iPad immediately after FaceTime call redirect

  Hi all!
  I guess there could be exploit in FaceTime/call redirection proto. It's the 3rd time when I see my iPad is flashing with digits brute-forcing pin code to unlock screen and does not react on any touch or buttons.
  The scenario is as following:
  1. I receive a call on iPhone
  2. Call is redirected to iPad via FaceTime
  3. After call is answered from iPhone, iPad do not fall into sleep
  4. iPad does slide to unlock!
  5. iPad start flashing with digits (it looks the same when you tapping and after any touch digit flashes). The sequence is traditional: 1111,1211,1221,etc,etc...
  6. Finally iOS blocks pin entering with timeout and iPad back to normal operations, reacts on buttons and touches.
  I talk about iPad2/iPhone4S running latest iOS 8.3.
  If anybody get the same problem, please write here.

  What you describe sounds more like a problem with your iPad's touchscreen than a hack. There's no known method for brute-forcing the lockscreen code in that manner.
  Note that the sequence you describe isn't really "traditional"... the only digits you describe as being used are 1 and 2, which are right next to each other... a problem with the touchscreen in that region could easily explain that. Use a soft, slightly damp cloth to clean the screen. If that doesn't help, contact Apple for diagnosis and service.

• Credit Journey

  ****UPDATED 7/6/2015 on bottom of post***** I wanted to start a journal to keep things all in one place while I continue to repair my credit.  My family and I went thru hell and back 2 years ago going from getting a divorce to now reconiciling and building a better fututre together.  My husband's credit has jumped over the last year after going with a credit repair company and we are now set to close on our house hopefuly in August.  I started working on my credit myself about 8 months ago.  I was able to get a bunch of medical collections off and also an old AT&T account that wasn't mine.  I still have a bunch more to go. I started at 502 TU and 572 EQ (not sure what my EXP was)I'm now at 608 TU 628 EQ and 628 EXP NegativesHSBC - on all 3 due to age off 11/15Cap1 - on all 3 due to age off 11/15PRA - on all 3.  collection of HSBC but shows 1/15 as opened.Focus Recovery - on all 3.  Medical billRMS - on TU & EXP This is an OLD medical bill that was paid about 8 years ago.  still shows open and has a new date.  Keynote - on EQ & EXP OLD childcare bill that never should have been.  daughter hasn't been at that center in 9 years.  CCC - on all 3.  paid medical billFocus Recovery -on all 3.  paid medical billTarget - late payments  Not too bad.  Just a lot of paper pushing to get them to do what needs to be done   ************UPDATE!!!*********** NegativesHSBC - on EQ & EXP TU DELETED!Cap1 - on EQ & EXP TU DELETED!  PRA - on EQ & EXP collection of HSBC. TU DELETED! complaints were made via CFPB, BBB, and the AGFocus Recovery - on EQ & EXP.  Medical bill --- HIPAA dispute in process, TU DELETED!RMS - on TU & EXP --- Started HIPAA dispute DELETED!!Keynote - on EQ & EXP OLD childcare bill that never should have been.   DELETED!!!!CCC - ---HIPAA dispute.   DELETED ON ALL 3!!!Target - late payments --- GW.  2 of 3 Late Payments DELETED!!!  working on the last one.  ----------------Concord Serving - old loan that has been closed that shows late payments on it.  I don't have it listed above because I'm not working on it.  It's joint with my husband and since we are currently just using his credit to buy our house, I don't want to touch it. Once we close next month I'll start hitting it.    

  LearningtoImprove wrote:
  truckerwife wrote:
  I wanted to start a journal to keep things all in one place while I continue to repair my credit.  My family and I went thru hell and back 2 years ago going from getting a divorce to now reconiciling and building a better fututre together.  My husband's credit has jumped over the last year after going with a credit repair company and we are now set to close on our house hopefuly in August.  I started working on my credit myself about 8 months ago.  I was able to get a bunch of medical collections off and also an old AT&T account that wasn't mine.  I still have a bunch more to go. I started at 502 TU and 572 EQ (not sure what my EXP was)I'm now at 608 TU 628 EQ and 628 EXP Congratulations!! NegativesHSBC - on all 3 due to age off 11/15 Contact Transunion as soon as May hits and ask for an early exclusion, start asking the other 2 in AugustCap1 - on all 3 due to age off 11/15 Same advice as abovePRA - on all 3.  collection of HSBC but shows 1/15 as opened. This outfit is known to use illegal tactics, dispute any incorrect informationFocus Recovery - on all 3.  Medical bill How old? How much? Would a "pay for delete" work here?RMS - on TU & EXP This is an OLD medical bill that was paid about 8 years ago.  still shows open and has a new date.  Dispute now, too old to report
  Keynote - on EQ & EXP OLD childcare bill that never should have been.  daughter hasn't been at that center in 9 years. Dispute now, too old to reportCCC - on all 3.  paid medical bill Close to aging off? if not write goodwill lettersFocus Recovery -on all 3.  paid medical bill same as aboveTarget - late payments same as above  Not too bad.  Just a lot of paper pushing to get them to do what needs to be done    Thanks so much for responding!  

• Credit Journey -- UPDATED

  LearningtoImprove wrote:
  truckerwife wrote:
  I wanted to start a journal to keep things all in one place while I continue to repair my credit.  My family and I went thru hell and back 2 years ago going from getting a divorce to now reconiciling and building a better fututre together.  My husband's credit has jumped over the last year after going with a credit repair company and we are now set to close on our house hopefuly in August.  I started working on my credit myself about 8 months ago.  I was able to get a bunch of medical collections off and also an old AT&T account that wasn't mine.  I still have a bunch more to go. I started at 502 TU and 572 EQ (not sure what my EXP was)I'm now at 608 TU 628 EQ and 628 EXP Congratulations!! NegativesHSBC - on all 3 due to age off 11/15 Contact Transunion as soon as May hits and ask for an early exclusion, start asking the other 2 in AugustCap1 - on all 3 due to age off 11/15 Same advice as abovePRA - on all 3.  collection of HSBC but shows 1/15 as opened. This outfit is known to use illegal tactics, dispute any incorrect informationFocus Recovery - on all 3.  Medical bill How old? How much? Would a "pay for delete" work here?RMS - on TU & EXP This is an OLD medical bill that was paid about 8 years ago.  still shows open and has a new date.  Dispute now, too old to report
  Keynote - on EQ & EXP OLD childcare bill that never should have been.  daughter hasn't been at that center in 9 years. Dispute now, too old to reportCCC - on all 3.  paid medical bill Close to aging off? if not write goodwill lettersFocus Recovery -on all 3.  paid medical bill same as aboveTarget - late payments same as above  Not too bad.  Just a lot of paper pushing to get them to do what needs to be done    Thanks so much for responding!  

  ****UPDATED 7/6/2015 on bottom of post***** I wanted to start a journal to keep things all in one place while I continue to repair my credit.  My family and I went thru hell and back 2 years ago going from getting a divorce to now reconiciling and building a better fututre together.  My husband's credit has jumped over the last year after going with a credit repair company and we are now set to close on our house hopefuly in August.  I started working on my credit myself about 8 months ago.  I was able to get a bunch of medical collections off and also an old AT&T account that wasn't mine.  I still have a bunch more to go. I started at 502 TU and 572 EQ (not sure what my EXP was)I'm now at 608 TU 628 EQ and 628 EXP NegativesHSBC - on all 3 due to age off 11/15Cap1 - on all 3 due to age off 11/15PRA - on all 3.  collection of HSBC but shows 1/15 as opened.Focus Recovery - on all 3.  Medical billRMS - on TU & EXP This is an OLD medical bill that was paid about 8 years ago.  still shows open and has a new date.  Keynote - on EQ & EXP OLD childcare bill that never should have been.  daughter hasn't been at that center in 9 years.  CCC - on all 3.  paid medical billFocus Recovery -on all 3.  paid medical billTarget - late payments  Not too bad.  Just a lot of paper pushing to get them to do what needs to be done   ************UPDATE!!!*********** NegativesHSBC - on EQ & EXP TU DELETED!Cap1 - on EQ & EXP TU DELETED!  PRA - on EQ & EXP collection of HSBC. TU DELETED! complaints were made via CFPB, BBB, and the AGFocus Recovery - on EQ & EXP.  Medical bill --- HIPAA dispute in process, TU DELETED!RMS - on TU & EXP --- Started HIPAA dispute DELETED!!Keynote - on EQ & EXP OLD childcare bill that never should have been.   DELETED!!!!CCC - ---HIPAA dispute.   DELETED ON ALL 3!!!Target - late payments --- GW.  2 of 3 Late Payments DELETED!!!  working on the last one.  ----------------Concord Serving - old loan that has been closed that shows late payments on it.  I don't have it listed above because I'm not working on it.  It's joint with my husband and since we are currently just using his credit to buy our house, I don't want to touch it. Once we close next month I'll start hitting it.    

• How to prevent Brut force attack?

  Hello and TYIA,
  It looks like one of our Windows 2008 SBS is being attacked.  In the security log, I see about 1400 event ID 4625 Audit Failures in the last 24 hours.  They are all coming from different Ports and from IP addresses and use different usernames.
   What is the best way to stop and prevent these attacks.
  Although this is an SBS, we are not using the Exchange or the SharePoint services.  We are only using it as an AD/File/Print server
  Thank you,
  dp
  dp

  Hi,
  Since you are using Active Directory, I recommend you to use
  Account Lockout Policy to avoid brute attacks.
  By defining an
  Account Lockout Threshold, we can control the number of failed logon attempts before an account gets locked out.
  In addition, I also suggest you try to locate where these failed logon attempts generated from.
  Audit failure events are not always caused by brute attacks, when some services, scheduled tasks or devices have cached old user passwords, audit failure events are generated, too.
  Therefore, please make sure that the current passwords are used by those services or devices.
  More information for you:
  Account lockout policy overview
  http://technet.microsoft.com/en-us/library/cc783851(v=WS.10).aspx
  Troubleshooting Account Lockout
  http://technet.microsoft.com/en-us/library/cc773155(v=WS.10).aspx
  Many Audit Failure Event ID 4625
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/8f7ebcf5-2310-42c3-9b6a-20205a6c17ef/many-audit-failure-event-id-4625?forum=winserveressentials
  Please feel free to let us know if there are any further requirements.
  Best Regards,
  Amy Wang

• FCP X Crashes - Is Brute Force the Answer? (The Sequel)

  I thought it would be worth following up on my recent post:
  https://discussions.apple.com/thread/3401883 with a fresh update.
  Despite the scathing comments from some of the 'experts' who surely know much better than me, it would seem that increasing RAM is the best investment you can possibly make if you want a stable FCP X.
  I'm currently editing video from early morning until late at night and since investing in an extra 8GB RAM, I've had virtually no unexplained crashes at all.
  (By unexplained, I mean that even the 'hallowed' FCP 7 would crash if I did some complex thing and then hit Undo, then Redo etc - with six other applications open at the time - no software as sophisticated as FCP X is 100% crash-proof).
  Happily, FCP X is now really stable, and apart from smiling at some of its quirks, I'm virtually up to full production with it.
  I'm not saying it's a good thing that you should need so much RAM, but if you'd rather get on with your work than spend hours ranting on the forums, it's worth the investment.
  Of course, the added bonus is the staggering increase in the speed of many operations. I always thought processor power was king, but I realise now, that RAM is just as important.
  Andy

  furrytoes wrote:
  So all the crashes you're getting, every single one, could just be a plain-old bug in the software - for which more RAM has no effect.
  This is a distinct possibilty, and I think it should be entertained before recommending anyone buy more RAM.
  Agreed... (almost)  here's the thing, a well written application should NOT crash because it becomes low on RAM, in this day and age crashing the computer when a memory limitation is reached should be considered very poor programming... especially from Apple.
  Apple users are just now beginning to see the problems that Win/PC users have faced, OS and application support for a growing number of hardware configurations. Part of the instability is OSX, part is FCPX. This is happening along the most of the Pro Apps line. The OS and applications have to support several diffrent kinds of motherboards, memory configs, graphic chipsets, displays...etc...etc. Apple will probably do what it usually does limit what the app will run on, forcing upgrades (whether you really need one or not)  Hey, they're a hardware company.
  Apple probably has to support less than 100 configurations throughout their whole product line, consider that Windows has to support thousands of combinations and you see the problems faced.
  Anyway.. some people have massive problems.. some have hardly any, RAM may be part of the problem but I would look at application and OSX support of the available hardware configs.
  pancenter-