dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1136

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline

Premium Member

Russian Gang Amasses Over a Billion Internet Passwords

quote:
A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.
»www.nytimes.com/2014/08/ ··· als.html

MeDuZa
join:2003-06-13
Austria

MeDuZa

Member

said by siljaline:

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

Now that Chinese hackers are "out", Russian hackers must take their place. It fits perfectly in the anti Russian propaganda our media has unleashed.
I would take such headlines with a pinch of salt.
Besides,
Firm That Exposed Breach Of 'Billion Passwords' Quickly Offered $120 Service To Find Out If You're Affected

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

1 recommendation

siljaline

Premium Member

Chinese hackers are as pervasive as ever.
»Canada says China tried to hack into NRC
siljaline

siljaline to MeDuZa

Premium Member

to MeDuZa
The Verge questions NY Times findings:
The Russian 'hack of the century' doesn't add up
nony
Premium Member
join:2012-11-17
New York, NY

1 recommendation

nony

Premium Member

Thanks for keeping this balanced...

-nony
85160670 (banned)
"If U know neither the enemy nor yoursel
join:2013-09-17
Edmonton, AB

85160670 (banned) to siljaline

Member

to siljaline
It is true ...."Why you shouldn't be scared by the 'largest data breach' ever" ....[ »www.cnet.com/news/why-yo ··· -breach/ ]

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to siljaline

Premium Member

to siljaline
quote:
Hold Security is already capitalizing on the panic, charging a $120-per-year subscription to anyone who wants to check if their name and password are on the list.
Shame on Hold security for that.
They claim they are trying to recoup costs but every business has overhead.
Selling a worthless product to cover overhead should righteously expose them for what they are.

Going from sleazy to bizarre -
quote:
While you can pay Hold Security for a monitoring service that takes the bizarre step of asking for your passwords, it's better to just change them.
»www.cnet.com/news/why-yo ··· -breach/

Pony up $120 & your login credentials??
There's less scammy things on the scambusters forum.
»Scam and Phishbusters

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline

Premium Member

And then some !
Don't panic: That Russian hack bombshell isn't what you think
quote:
FUD over the current state of cyber insecurity reached a fever pitch this week as thousands gathered in Las Vegas for Defcon and Black Hat. While the hacking conferences served up their usual paranoia-inducing mix -- demos of Dropcam hacks and warnings that mobile apps are spying on us -- first prize for panic mongering this week goes to the New York Times story on Russian hackers who allegedly amassed 1.2 billion stolen Web credentials and half a billion email addresses.
»www.infoworld.com/t/cybe ··· k-247916

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by siljaline:

And then some !

And then some more!
Hold Security is offering:
Consumer Hold Identity Protection Service
»www.holdsecurity.com/ser ··· dentity/

Only after you sign up for a free 30 day trial that becomes a paid subscription you can check if your passwords have been compromised.
The routine to see if any of your passwords were compromised is a 3 step routine that defies logic but still good for a laugh or two.

Step One: See if any of your email addresses are in their database.
(email address credentials are not hot ticket items)

Step Two: If your email address is in their database Hold Security has put a SHA-512 encoder online to hash your password(s)
»identity.holdsecurity.co ··· /Submit/

Step Three: Run your hashed password(s) against their list of hashed passwords
»identity.holdsecurity.com/Check/

I inputted the hash for my password (password)
b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec04 9b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86

& sure enough, according to the results:
Sorry, this password was compomised.
yeah, they misspelled 'compromised' but that's the least of their problems, IMO.

I then inputted a 64 random hexadecimal character hashed password to see what it returned:
No, this password was not on the list.

The "list"?
Looks like their running hashed passwords against a list -
If you password is in the list - your password has been compromised.

No where do they actually say that the password you use is associated with a specific email address - just that your password is in the 'list'.

I guess as a matter of fact it's true, the password you use has been compromised.
Presenting it as if your login credentials (user name@ + password) have been compromised if true is deceptive.

CovMac
Premium Member
join:2000-11-06
Covington, LA

CovMac to siljaline

Premium Member

to siljaline
There's a good write-up here: »www.youarenotpayingatten ··· sswords/

Rocky67
Pencil Neck Geek
Premium Member
join:2005-01-13
Orange, CA

Rocky67

Premium Member

said by CovMac:

There's a good write-up here: »www.youarenotpayingatten ··· sswords/

Interesting how badly the professional reputations of Alex Holden and Brian Krebs were attacked in the article. It trash-talks those guys severely.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

1 recommendation

Snowy

Premium Member

said by Rocky67:

It trash-talks those guys severely.

Re Krebs it's a cautionary tale to everyone to be careful who you allow to use your name.
For reporters it's a cautionary tale to be sure of your sources.

Re Holden I'd show little respect to anyone kicking someone when their down but Holden is far from down. He's just warming up.

This from the confirmation email I received on 8/9/2014

Thank you for your registration with Hold Security Electronic Identity Protection service.
If you did not submit your information at »identity.holdsecurity.co ··· egister/ please discard this e-mail.

Please click here (redacted) to confirm your registration

To learn more about Hold Security CyberVor project »www.holdsecurity.com/news/ click here.

To learn more about Hold Identity service »www.holdsecurity.com/ser ··· dentity/ click here
Thank you, Hold Security Team

»www.holdsecurity.com

Offering a consumer level identity protection service based on trolling .onion is only as valuable as the raw data itself which is worthless.

Disclosure: I provide professional credential recovery services to 5 fortune 50 companies