Hacked!

[jrandom]

Interesting article. This could happen to you.

Lessons:

1. If you use Gmail, enable the two-factor authentication system (it's under Account Settings -> Use two-step verification system) that sends a verification code to your mobile if you log on from any machine other than the one you usually use.

2. Use a pass *phrase* for important accounts, not a password. The common "proper noun plus a couple of digits" form of password is weak against automated attack.

See http://xkcd.com/936/.

[tri boy]

My M/card got hacked last week via the pro com engineering website. (was ordering an igniter for the scrambler).
Card services notifyed me next morning. Appears some dirty smelly frogs tried to used the details 2am that morning.

I rang pro com in the states, and apparently I was the third to report it.
Hackers need their digits slowly removed with a blunt hacksaw.
(they never got a cent, this time........)

[mashman]

If someone wants in to break in to your email account, nothing will stop them. You can have the most complicated password in the world and it'll still get hacked. Making it as difficult as possible only delays the inevitable.

[The Lone Rider]

My newest "smart" phone came hard installed with telecom rubbish, and google cloud everything.

I managed to hack it to the root level, despite reservations I might brick my phone, but now I've removed all that crap and there should be no more cloud.

[jrandom]

If someone wants in to break in to your email account, nothing will stop them. You can have the most complicated password in the world and it'll still get hacked. Making it as difficult as possible only delays the inevitable.

No. We're not talking about focused attacks here, actual attempts to get your password over and above anybody else's. None of you, much as your egos might prefer otherwise, are likely to ever be the targets of industrial espionage or international intrigue.

These hackings are crimes of opportunity - it's like buying a burglar alarm, not because it will make it impossible to steal stuff, but because it'll cause the criminals to go somewhere else.

[mashman]

No. We're not talking about focused attacks here, actual attempts to get your password over and above anybody else's. None of you, much as your egos might prefer otherwise, are likely to ever be the targets of industrial espionage or international intrigue.

These hackings are crimes of opportunity - it's like buying a burglar alarm, not because it will make it impossible to steal stuff, but because it'll cause the criminals to go somewhere else.

not a focussed attack but attempts to get your password ... leave my ego alone, what's she ever done to you.

Fair point, time is money etc... I guess it depends on how badly they want in.

[Oblivion]

My Mum had her Credit card details taken and used online to buy shit for Facebook. Something like 150$ was used, in a lot of 5-12$ purchases. The only thing that sucks, is that she only used her card online once, to buy Hell's pizza when they had some special for online purchases only.

Its so easy to get access to peoples details online if you have even the basic hacking knowledge. I'm going to stick with paying for things in cash, until I'm forced to use a card. And it I want to buy things online, Just use one of those Prezzy card things. You lose stuff all if someone finds out the card details.

[pzkpfw]

These hackings are crimes of opportunity ...

I needed a web server at home, so got Telecom to give me a fixed I.P. address and got my router to forward port 80 to an XP machine, with IIS, I had spare.

Had a look in the Windows Firewall log the other day, and saw a couple of sets of scans, from different I.P. addresses. All looking for what seemed to be admin pages for PHP based servers, and a few other similar things (which my server just gave 404's for).

My home I.P. isn't "advertised" anywhere, but already I've got scum scanning my server for known vulnerabilities.

So yeah. It's not that hard to program up something to scan for easy wins.

... - it's like buying a burglar alarm, not because it will make it impossible to steal stuff, but because it'll cause the criminals to go somewhere else.

Yep, decent passwords, open up only what's needed at a minimum etc. Make it harder.

[jonbuoy]

I had a workmate whose hotmail got hacked he has no idea how it happened took a while to get control back. I have no idea how they managed it - how is it possible to launch a dictionary attack on an online email account? Isn´t there some sort of timeout on failed attempts to access hotmail/gmail accounts to determine if its a real person or a dictionary attack from a computer? Hard to believe they randomly chose both his email address and password purely by luck. Even harder to believe the hotmail/gmail servers sat there processing thousands of failed logons to the same account without locking it out. Surely they could use some sort of exponential time delay like BIOS/Car Stereo passwords use? the more failed attempts the longer you have to wait before trying again.

[jonbuoy]

No. We're not talking about focused attacks here, actual attempts to get your password over and above anybody else's. None of you, much as your egos might prefer otherwise, are likely to ever be the targets of industrial espionage or international intrigue.

These hackings are crimes of opportunity - it's like buying a burglar alarm, not because it will make it impossible to steal stuff, but because it'll cause the criminals to go somewhere else.

Exactly, if they can hack Stratfor/Amazon successfully the only reason they haven´t hacked your email/home server is because they haven´t bothered.

[jrandom]

Exactly, if they can hack Stratfor/Amazon successfully the only reason they haven´t hacked your email/home server is because they haven´t bothered.

Then again, Stratfor was an unexpectedly weak target, and I don't recall the details of historical Amazon issues, other than the vague idea that it was a DDOS rather than an actual intrusion?

[jonbuoy]

Then again, Stratfor was an unexpectedly weak target, and I don't recall the details of historical Amazon issues, other than the vague idea that it was a DDOS rather than an actual intrusion?

Me either, they got Sony good and proper though. Stratfor global intelligence who kept customer credit cards on a text spreadsheet

[jrandom]

Stratfor global intelligence who kept customer credit cards on a text spreadsheet

I'm not sure why people expect geopolitical analysts to know how to set up a web server.

Post hack they've clearly stated that they made the mistake of not investing in their infrastructure as the business grew. Someone would've chucked that shit together for them years ago and they just wouldn't have understood its limitations. It still worked, after all. It's easy to laugh at them in hindsight, but there but for the grace of God, etc.

[Teflon]

I've been talking to this chick that i brought motorcycle fairings off via msn for just over a year now and she has always been polite and professional. Well last
week she logged on with a half naked asian chick as her profile pic asking me to cam with her... thank fuck i couldn't get the webcam mic working.. shes
back to normal now.

[jonbuoy]

I'm not sure why people expect geopolitical analysts to know how to set up a web server.

Post hack they've clearly stated that they made the mistake of not investing in their infrastructure as the business grew. Someone would've chucked that shit together for them years ago and they just wouldn't have understood its limitations. It still worked, after all. It's easy to laugh at them in hindsight, but there but for the grace of God, etc.

Yeah but they promote themselves as global political and security analysts, painted a pretty big target on their heads with that title.