Hacked!

[jrandom]

Yeah but they promote themselves as global political and security analysts

Security security. Guns and bombs and border fences. Not website hacking.

Then again, George Friedman did write a piece on the Anonymous campaign against the Mexican cartels recently. I expect that got Stratfor some attention in new circles.

[mashman]

Amazon-owned retailer Zappos.com hacked ... "Up to 24 million customers are affected in one of the bigger hacks of the past 12 months."

[steve_t]

One of my employees had her email hacked. Her password was '12345678'
My cousin had his email account hacked. His password was 'letmein'

I'm surprised neither of these computer illiterate people were using 'password11'

[oneofsix]

One of my employees had her email hacked. Her password was '12345678'
My cousin had his email account hacked. His password was 'letmein'

I'm surprised neither of these computer illiterate people were using 'password11'

I like 'no_password'.
There is a number of computer literate people that use disposable passwords for accounts like Gmail, hotmail etc. These are relatively simple, easy to remember passwords that aren't used elsewhere. the idea being that the public email providers are such hacker targets that they aren't worth the effort of a really secure password and it is certainly too risky to use one that you have used elsewhere like your bank

[Kermit250]

If someone wants your hotmail\gmail\yahoo details etc, they are asking for trouble and wasted time by attacking those servers.

Instead it is quite simple to create an application which simply provides that information for you (i.e. virus on your computer to send details back home).

Sure password strength may deter the opportunist but the real risk to your details is your own computer security.

The amount of half arsed attempts at security on the home PC that I have found is appalling!

[jonbuoy]

If someone wants your hotmail\gmail\yahoo details etc, they are asking for trouble and wasted time by attacking those servers.

Instead it is quite simple to create an application which simply provides that information for you (i.e. virus on your computer to send details back home).

Sure password strength may deter the opportunist but the real risk to your details is your own computer security.

The amount of half arsed attempts at security on the home PC that I have found is appalling!

Possibly but the guy in question is a bit of a MAC fanboy I scanned his Macbook for keyloggers "viruses" nothing, his wifi is secure and hasn´t used an internet cafe or hotspot. Bizarre.

[Kermit250]

Being on a Mac doesn't mean squat as far as security wise, in the past there was very little in the way of attacks on the Mac OS platform simply because it was such a minority and not really worth the time (why make a virus to attack 10 people when you can attack 100?).

And scanned it with what application? Was it up to date? Do they have a friend\spouse\etc that may know the details for the account? Is the Macbook the only device on that network? What method of encryption was used on the wireless network? etc? etc? etc?

Essentially what I'm trying to say is: You could try and safeguard against everything but something will always get you but in the case of a lot of average users its an issue of no security or completely inadequate.

Meh...

[oneofsix]

Essentially what I'm trying to say is: You could try and safeguard against everything but something will always get you but in the case of a lot of average users its an issue of no security or completely inadequate.

You have kind of said it all there. If you try to guard against everything and are still going to get hit why not save you time and energy and just get on with life. I bit like worrying about the big one in Wellington or a volcano in Auckland, you live and turn a blind eye to the risk.
What isn't said is how hard and annoying it is to keep up a good security position. You can't just rely on Norton or some other suite. Who is going to bother with that when all they want to do is tell their FaceFriends where they are going for lunch, implied lack of physical security in case you non-burglar types missed it.

[george formby]

My M/card got hacked last week via the pro com engineering website. (was ordering an igniter for the scrambler).
Card services notifyed me next morning. Appears some dirty smelly frogs tried to used the details 2am that morning.

I rang pro com in the states, and apparently I was the third to report it.
Hackers need their digits slowly removed with a blunt hacksaw.
(they never got a cent, this time........)

You too? Same thing happened to my mate, traced back to a "logistics" company in France. $4000!

[Scuba_Steve]

I had a workmate whose hotmail got hacked he has no idea how it happened took a while to get control back. I have no idea how they managed it - how is it possible to launch a dictionary attack on an online email account? Isn´t there some sort of timeout on failed attempts to access hotmail/gmail accounts to determine if its a real person or a dictionary attack from a computer? Hard to believe they randomly chose both his email address and password purely by luck. Even harder to believe the hotmail/gmail servers sat there processing thousands of failed logons to the same account without locking it out. Surely they could use some sort of exponential time delay like BIOS/Car Stereo passwords use? the more failed attempts the longer you have to wait before trying again.

If someone wants your hotmail\gmail\yahoo details etc, they are asking for trouble and wasted time by attacking those servers.

Hotmail (until couple days ago) was susceptible to brute force hacking, in-fact the latest theory behind the 360 hacking is hackers are finding a gamer name, goggling the windows LIVE ID/email associated with it, then preforming a brute force hack on hotmail (Now hackers are limited to 20 attempts)

"Before it would just let you try over and over," "But now ... they handle the sign in request on the server in a way that it will stop replying after about 20 attempts."

[oneofsix]

Hotmail (until couple days ago) was susceptible to brute force hacking, in-fact the latest theory behind the 360 hacking is hackers are finding a gamer name, goggling the windows LIVE ID/email associated with it, then preforming a brute force hack on hotmail (Now hackers are limited to 20 attempts)

20 attempts from a farm of zombies? what happens after the 20 attempts and what is the timeout on what ever it is. For concerns like hotmail they don't want to deal with users requesting account unlocks so if they use account locking after 20 attempts then they probably also use account unlocking after a preset time. Still makes them a good target to farm more zombies from.

[Kermit250]

That's some seriously shit house security on Microsoft's behalf that it took them that long to implement basics, which coincidently they teach degree level papers on network security, etc which goes well beyond all this.

Perhaps they should read their own books once in a while, wait maybe they got bored reading the EULA? LOL

Well in a way I'm kind of glad that a large proportion of users out there don't know a thing about security.... keeps people like me in a job

[Kermit250]

That sounded dodgy, I meant as far as repairing their systems and implementing security measures lol

[oneofsix]

That's some seriously shit house security on Microsoft's behalf that it took them that long to implement basics, which coincidently they teach degree level papers on network security, etc which goes well beyond all this.

Perhaps they should read their own books once in a while, wait maybe they got bored reading the EULA? LOL

Well in a way I'm kind of glad that a large proportion of users out there don't know a thing about security.... keeps people like me in a job

You are talking of the company that originally thought that you should be able to hit esc on the log on screen and pass through to full access.
This is why there is an underlying feeling that Macs and Unix based (incl linux) have better security. Unix based machines the you always had to have a valid log on to get access. They (Unix developers) understood from day 1 that security meant getting unauthorised people out. Whereas MS have always focused on usability at the expense of security, make it easy for the CEO to use so he will buy them for the company.

[Scuba_Steve]

20 attempts from a farm of zombies? what happens after the 20 attempts and what is the timeout on what ever it is. For concerns like hotmail they don't want to deal with users requesting account unlocks so if they use account locking after 20 attempts then they probably also use account unlocking after a preset time. Still makes them a good target to farm more zombies from.

the 20 attempts is based on the LIVE ID (so number of computers will only help to achieve lockout sooner) once that has been tried 20 times the server will stop responding, previous to this it was unlimited attempts at 8 try bursts