Report Offensive Message

The majority of sites will not allow continuous attempts, usually 3 strikes and you're out, so brute-forcing at that level is pretty ineffective. The way I understand it, the problem is if the hacker grabs the usercode/password database and can bombard this local data set. There is no server moderating that. I'm not quite sure how this all works, but the point is, the brute-forcing is done off-line on the hacker's own computer (or zombie net).