LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 12-04-2013, 05:16 PM   #1
Zyblin
Member
 
Registered: Oct 2013
Distribution: Fedora 20 Jam-KDE Spin (32bit-PAE) and Debian/KDE Testing (64bit)
Posts: 131

Rep: Reputation: 13
2 million stolen passwords for Facebook, Twitter, Google, Yahoo and others leaked


I posted this here for the Windows users among us or those users you may know such as family, friends, clients.

2 million stolen passwords for Facebook, Twitter, Google, Yahoo and others leaked online

Quote:
More than 2 million passwords for some of the most popular spots on the Internet — including Facebook, Twitter and Google — are now a matter of public record, according to a fresh report from SpiderLabs, a research arm from security firm Trustwave.

SpiderLabs says it uncovered the bounty of potentially valuable (and often ridiculously simple) log-ins during its latest Internet sweep for the Pony botnet controller, a malware-spreading set of programs which the researchers say they're increasingly encountering online. This means the passwords were not leaked by Facebook and the like, but from thousands of infected computers that collected the data when users logged onto their accounts.......
More at:
http://www.nbcnews.com/technology/2-...ked-2D11691630

Last edited by Zyblin; 12-04-2013 at 05:19 PM.
 
Old 12-04-2013, 05:34 PM   #2
$(( 10#$x ))
LQ Newbie
 
Registered: Nov 2013
Posts: 11

Rep: Reputation: Disabled
Serves then right when naive people use simple passwords.
 
Old 12-04-2013, 05:43 PM   #3
Zyblin
Member
 
Registered: Oct 2013
Distribution: Fedora 20 Jam-KDE Spin (32bit-PAE) and Debian/KDE Testing (64bit)
Posts: 131

Original Poster
Rep: Reputation: 13
Quote:
Originally Posted by $(( 10#$x )) View Post
Serves then right when naive people use simple passwords.
I know. I keep telling people not to use those simple, easy to crack passwords. But this looks like it had to do with computers being infected. So I guess you can say it serves people right for not using Gnu/Linux, lol. Or at the very least staying on top of keeping ones computer clean, scanned and using common sense when online. Seems like such a loosing battle having to tell people this over and over and over and.........

Last edited by Zyblin; 12-04-2013 at 05:45 PM.
 
Old 12-04-2013, 05:49 PM   #4
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,177
Blog Entries: 4

Rep: Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761
Quote:
Originally Posted by $(( 10#$x )) View Post
Serves then right when naive people use simple passwords.
and if my google password was "EiphieBiezah/quan6ae"?

Stolen is stolen.
Doesn't matter if they're "easy" passwords.

All stolen passwords become "easy".

Your logic/reasoning escapes me.
 
Old 12-04-2013, 05:56 PM   #5
$(( 10#$x ))
LQ Newbie
 
Registered: Nov 2013
Posts: 11

Rep: Reputation: Disabled
Sure any password can be stolen if the computer is infected regardless if the password is simple or complex. Just making reference to the simple passwords that the article was specking of.

Last edited by $(( 10#$x )); 12-04-2013 at 05:58 PM.
 
Old 12-04-2013, 06:03 PM   #6
Zyblin
Member
 
Registered: Oct 2013
Distribution: Fedora 20 Jam-KDE Spin (32bit-PAE) and Debian/KDE Testing (64bit)
Posts: 131

Original Poster
Rep: Reputation: 13
Quote:
Originally Posted by $(( 10#$x )) View Post
Sure any password can be stolen if the computer is infected regardless if the password is simple or complex. Just making reference to the simple passwords that the article was specking of.
This is why I go to great lengths to secure and keep my computers secure. With Linux or BSD it is not as much of a hassle, well not even close to what it is with MS Windows. I personally have some great and long passwords but as already mentioned if I don't keep my computers secure and use some common sense and have good habits when online than that means nothing.

Now if we can make the rest of the world get this, get what we all know... I think world peace is more likely but I will keep doing my little part anyways.

Last edited by Zyblin; 12-04-2013 at 06:04 PM.
 
Old 12-04-2013, 06:22 PM   #7
$(( 10#$x ))
LQ Newbie
 
Registered: Nov 2013
Posts: 11

Rep: Reputation: Disabled
Quote:
Originally Posted by Zyblin View Post
This is why I go to great lengths to secure and keep my computers secure. With Linux or BSD it is not as much of a hassle, well not even close to what it is with MS Windows. I personally have some great and long passwords but as already mentioned if I don't keep my computers secure and use some common sense and have good habits when online than that means nothing.

Now if we can make the rest of the world get this, get what we all know... I think world peace is more likely but I will keep doing my little part anyways.
I use linux as my main OS as well, I stopped using windows eons ago. But Habitual is correct about passwords, they can be stolen either from an infected computer or from the server side.

It's still best to update passwords once in awhile especially accounts link to banks or online stores that have your credit card info and such.

When I said serves them right was in reference to this part of the article

Quote:
SpiderLabs reports. "At least some of the victims are scattered all over the world." What's more, many of the passwords were fairly simple, with that old chestnut "123456" topping the list as the password for 15,820 accounts. ("12346789" came in at number two with 4,875 instances.) This could mean extra bad things the 30 to 40 percent of Internet users who use the same password on multiple accounts — say Facebook ... and their bank account.
Using passwords like that is just asking for trouble...

Last edited by $(( 10#$x )); 12-04-2013 at 06:28 PM.
 
Old 12-04-2013, 06:26 PM   #8
Zyblin
Member
 
Registered: Oct 2013
Distribution: Fedora 20 Jam-KDE Spin (32bit-PAE) and Debian/KDE Testing (64bit)
Posts: 131

Original Poster
Rep: Reputation: 13
Quote:
or from the server side.
Yes, this is very true as well. I personally do not mess with places like Facebook, Twitter and such. I really don't think their security is great, especially when they put things in place to gather info from their users. Also ccertain government agencies who purposely weaken things for their own benefit doesn't help either. Nothing is ever a hundred percent online but like you pointed out, 12345 passwords are moronic, to say the least.
 
Old 12-04-2013, 08:30 PM   #9
$(( 10#$x ))
LQ Newbie
 
Registered: Nov 2013
Posts: 11

Rep: Reputation: Disabled
Quote:
Originally Posted by Zyblin View Post
12345 passwords are moronic, to say the least.
Indeed. BTW, a familiar scene from spacballs where the king was using a combination lock of 12345

http://www.youtube.com/watch?v=a6iW-8xPw3k


Last edited by $(( 10#$x )); 12-04-2013 at 08:32 PM.
 
Old 12-04-2013, 10:12 PM   #10
Zyblin
Member
 
Registered: Oct 2013
Distribution: Fedora 20 Jam-KDE Spin (32bit-PAE) and Debian/KDE Testing (64bit)
Posts: 131

Original Poster
Rep: Reputation: 13
Quote:
Originally Posted by $(( 10#$x )) View Post
Indeed. BTW, a familiar scene from spacballs where the king was using a combination lock of 12345

http://www.youtube.com/watch?v=a6iW-8xPw3k

I forgot about that movie. That reminds me that I need to change the combination on my luggage. I am thinking 6-7-8-9-10. But really, why should I worry. I have nothing to steal. If they want my underwear I can always buy more... I have nothing to hide and nothing worth taking. Even though I don't know what they would put in my luggage to harm others while I get the blame... I am good, all is safe, why worry

Last edited by Zyblin; 12-04-2013 at 10:17 PM.
 
Old 12-05-2013, 11:58 AM   #11
DavidMcCann
Senior Member
 
Registered: Jul 2006
Location: London
Distribution: CentOS, Salix
Posts: 3,017

Rep: Reputation: 777Reputation: 777Reputation: 777Reputation: 777Reputation: 777Reputation: 777Reputation: 777
As SpiderLabs pointed out, a major problem is the use of the same password for everything. If you got my password for this site, it would get you access to a few other forums, but it certainly wouldn't work for my credit card or paypal!
 
Old 12-05-2013, 02:00 PM   #12
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,177
Blog Entries: 4

Rep: Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761
Quote:
Originally Posted by $(( 10#$x )) View Post
Just making reference to the simple passwords that the article was specking of.
https://www.youtube.com/watch?v=UHw6KXbvazs
 
Old 12-05-2013, 08:34 PM   #13
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,348

Rep: Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105
Well, of course, in movies, passwords are always broken one character at a time, just before the WOPR computer decides at the last minute not to play "Global Thermonuclear War."
 
Old 12-06-2013, 08:10 PM   #15
jefro
Guru
 
Registered: Mar 2008
Posts: 11,380

Rep: Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395
The internet is the real wild west. One crook after another taking advantage of the common person.

It is simply impossible for common users to know enough to prevent this sort of attack. These online crooks ought to be subject to greater punishments. I say nuke them from high orbit. Sadly, there are not always common crooks doing this. State sponsored hackers are employed in many countries.

They don't simply just get passwords, they are looking for information that they can sell somehow.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Test 'reveals Facebook, Twitter and Google snoop on emails LXer Syndicated Linux News 3 09-02-2013 07:56 PM
Google, Facebook and Yahoo to test new net addresses Jeebizz Linux - News 0 01-13-2011 09:30 AM
LXer: Android gains Google Instant search, plus Facebook and Twitter updates LXer Syndicated Linux News 0 11-05-2010 10:30 PM
companies downloading stolen facebook profiles sycamorex General 14 08-02-2010 03:27 AM
LXer: Google takes on Facebook and Twitter with network site LXer Syndicated Linux News 0 02-10-2010 12:00 PM


All times are GMT -5. The time now is 06:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration