siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
Russian Gang Amasses Over a Billion Internet Passwordsquote: A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.
The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.
» www.nytimes.com/2014/08/ ··· als.html |
|
|
MeDuZa
Member
2014-Aug-6 6:45 am
said by siljaline:A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say. Now that Chinese hackers are "out", Russian hackers must take their place. It fits perfectly in the anti Russian propaganda our media has unleashed. I would take such headlines with a pinch of salt. Besides, Firm That Exposed Breach Of 'Billion Passwords' Quickly Offered $120 Service To Find Out If You're Affected |
|
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC
1 recommendation |
Chinese hackers are as pervasive as ever. » Canada says China tried to hack into NRC |
|
siljaline |
to MeDuZa
|
|
nony Premium Member join:2012-11-17 New York, NY
1 recommendation |
nony
Premium Member
2014-Aug-6 6:11 pm
Thanks for keeping this balanced...
-nony |
|
85160670 (banned)"If U know neither the enemy nor yoursel join:2013-09-17 Edmonton, AB |
to siljaline
It is true ...."Why you shouldn't be scared by the 'largest data breach' ever" ....[ » www.cnet.com/news/why-yo ··· -breach/ ] |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
to siljaline
quote: Hold Security is already capitalizing on the panic, charging a $120-per-year subscription to anyone who wants to check if their name and password are on the list.
Shame on Hold security for that. They claim they are trying to recoup costs but every business has overhead. Selling a worthless product to cover overhead should righteously expose them for what they are. Going from sleazy to bizarre - quote: While you can pay Hold Security for a monitoring service that takes the bizarre step of asking for your passwords, it's better to just change them.
» www.cnet.com/news/why-yo ··· -breach/Pony up $120 & your login credentials?? There's less scammy things on the scambusters forum. » Scam and Phishbusters |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
And then some ! Don't panic: That Russian hack bombshell isn't what you thinkquote: FUD over the current state of cyber insecurity reached a fever pitch this week as thousands gathered in Las Vegas for Defcon and Black Hat. While the hacking conferences served up their usual paranoia-inducing mix -- demos of Dropcam hacks and warnings that mobile apps are spying on us -- first prize for panic mongering this week goes to the New York Times story on Russian hackers who allegedly amassed 1.2 billion stolen Web credentials and half a billion email addresses.
» www.infoworld.com/t/cybe ··· k-247916 |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2014-Aug-9 5:52 am
And then some more! Hold Security is offering: Consumer Hold Identity Protection Service» www.holdsecurity.com/ser ··· dentity/Only after you sign up for a free 30 day trial that becomes a paid subscription you can check if your passwords have been compromised. The routine to see if any of your passwords were compromised is a 3 step routine that defies logic but still good for a laugh or two. Step One: See if any of your email addresses are in their database. (email address credentials are not hot ticket items) Step Two: If your email address is in their database Hold Security has put a SHA-512 encoder online to hash your password(s) » identity.holdsecurity.co ··· /Submit/Step Three: Run your hashed password(s) against their list of hashed passwords » identity.holdsecurity.com/Check/I inputted the hash for my password (password) b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec04 9b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86 & sure enough, according to the results: Sorry, this password was compomised.yeah, they misspelled 'compromised' but that's the least of their problems, IMO. I then inputted a 64 random hexadecimal character hashed password to see what it returned: No, this password was not on the list.The "list"? Looks like their running hashed passwords against a list - If you password is in the list - your password has been compromised. No where do they actually say that the password you use is associated with a specific email address - just that your password is in the 'list'. I guess as a matter of fact it's true, the password you use has been compromised. Presenting it as if your login credentials (user name@ + password) have been compromised if true is deceptive. |
|
CovMac Premium Member join:2000-11-06 Covington, LA |
to siljaline
|
|
Rocky67Pencil Neck Geek Premium Member join:2005-01-13 Orange, CA |
Rocky67
Premium Member
2014-Aug-10 1:05 pm
Interesting how badly the professional reputations of Alex Holden and Brian Krebs were attacked in the article. It trash-talks those guys severely. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI
1 recommendation |
Snowy
Premium Member
2014-Aug-10 4:25 pm
said by Rocky67: It trash-talks those guys severely. Re Krebs it's a cautionary tale to everyone to be careful who you allow to use your name. For reporters it's a cautionary tale to be sure of your sources. Re Holden I'd show little respect to anyone kicking someone when their down but Holden is far from down. He's just warming up. This from the confirmation email I received on 8/9/2014 Thank you for your registration with Hold Security Electronic Identity Protection service. If you did not submit your information at »identity.holdsecurity.co ··· egister/ please discard this e-mail.
Please click here (redacted) to confirm your registration
To learn more about Hold Security CyberVor project »www.holdsecurity.com/news/ click here.
To learn more about Hold Identity service »www.holdsecurity.com/ser ··· dentity/ click here Thank you, Hold Security Team » www.holdsecurity.comOffering a consumer level identity protection service based on trolling .onion is only as valuable as the raw data itself which is worthless. Disclosure: I provide professional credential recovery services to 5 fortune 50 companies |
|