Home
eHarmony Passwords Stolen As Well.
- Details
- Category: Personal Cyber Security
eHarmony, one of the largest Social meeting sites, now claims that they too have had passwords stolen
Does this mean that the infrastructure of eHarmony and Linked In are similar ? Does this mean that there is a new attack on the horizon that can lift hashed passwords off of any website ?
This really can be disturbing if you think about the ramifications. My money though is on a similar framework used for both sites where a new vulnerability was just found. Could be nothing more than Captain Zero striking again!
Captain Zero, I call it this because the old term of "Zero Day Exploit" is old and boring.
Remember to change your passwords periodically on all sites you visit and return to.
Remember that if your password is a work or phrase commonly found in a dictionary, you will be screwed.
Remember that your password should have some upper and lower case letters and numbers within it. Some suggest where possible (and the site accepts it) that you use #, $, !, _, - or a few safe characters within your password.
it might be more difficult to remember your password, but you don;t want a hacker or someone to guess your password now do you ?
stay safe.
Update - 06-8-2012
Jokingly, I posted on Twitter and sent to some other people, a little joke about the Linked In and eHarmony password theft.
The joke went like this:
"My Linked In password met up with my eHarmony password and they are expecting a little breach any day now."
If you see this out and about on the Net or being passed around, now you know the source!
Linked In has 4.64 million passwords stolen and posted on line
- Details
- Category: Personal Cyber Security
Another hit to another Social Media site. This time Linked In, a popular professional networking site, is hit with the loss of 4.64 million passwords of its users.
Today, Linked in acknowledged that those passwords found on the list are indeed users of their Social Media site.
So what does this mean ? Expect another list and report of how many of these passwords are easy to guess, expect another round of cyber security specialists to push for password protection and rotation (changing your password regularly). But the largest expectation will be that if you do NOT change your password on Linked In, your reputation, networked individuals, information on linked in will be changed, spam sent, bogus advertising and even loss of business will happen.
If you rely on Linked In or any other social networking sites for contact management and tracking, business development, etc., you'd be a fool not to change your password as soon as possible!
Well, that is of course if Linked In 's change password feature is responding. I've been trying all day yesterday and today and no such luck. Its slow. Which is an indication that Linked In could be under a Denial of Service attack because of 4.64 million people all trying to change their passwords at once! If its not responding, its a denial of Service. So now we are under the gun to change our passwords but can't because the service is not responding. This ultimately gives someone who "could" have your password more time to change your information, spam people, or who knows what else all with your credentials.
Personally, Linked in or any social media site, should turn off any or all other features so the users can update their passwords ASAP. Lock down the content and networking status features in lieu of dedicating more raw computational power to the password changing mechanisms.
Will they do it ? Nope. Business as usual, but go change your password. Can't? Not our problem.
If they shut down the service for 1 day, create a new quicker way to change your password or ONLY allow new users to create an account and ONLY allow existing users to change their passwords BEFORE going into the main site, it would greatly deflect any bad press or other malicious possibilities from happening. Imagine that, can not go do anything else except for change your password and when you do change it, you now have full access again.!
What if all social media sites adopted this philosophy ? Might not be perfect, but at lease no one can change your content when there is some sort of a breach. Less things to worry about if they did things this way..
Go Figure...
Steve
Feds warn of Booby-trapped Hotel Wireless.
- Details
- Category: Personal Cyber Security
Feds warned yesterday that the use of Hotel Wireless Hot Spots could be infested with malware and malicious software.
Read the article here
Ok, so how many of us who travel actually trust free WiFi connectivity sites (hot spots) ? How many trust them so much that they use them for all of their transactions. From business to pleasure to personal business, right?
If you go and use any of these sites and it tells you it needs to install this update or this file to work properly, do you just throw caution to the wind and say "aww, crud, they are out to help me and protect me" and install it ?
Dummy! If you really believe these type of messages in an open WiFi environment, I have this bridge I want to sell. Its located in Brooklyn NY and its an antique, well over 100 years old! C'mon people, are ya just waking up to these type of threats or do you think the Feds are ? If so, where have they been, right ?
Free WiFi sites should always be considered malicious and avoided where ever or whenever possible. Do not ever download anything they suggest. If you need to use these sites, connect to wherever you need to go through a VPN first. Keep your connection secure!
Oh, and just one other item if you wanted to know, i sold that Bridge 245 times and am looking for my 246th time. Any takers ?
Stay safe and secure!
steve