Russian Gang Steal 1.2 Billion Username/Passwords!

Status
Not open for further replies.
So this is why I have to sign into BITOG so often?
laugh.gif
 
Originally Posted By: eljefino
So this is why I have to sign into BITOG so often?
laugh.gif



Yep...and now, when we see posts under your name, we'll have no idea if it's actually you...or some Russian gang member disrupting BITOG...
 
Last edited:
Originally Posted By: Astro14
Originally Posted By: eljefino
So this is why I have to sign into BITOG so often?
laugh.gif



Yep...and now, when we see posts under your name, we'll have no idea if it's actually you...or some Russian gang member disrupting BITOG...



I have a tendency to use the word "Dude" a lot, so if you see any posts by me where I refer to people as "Comrade" or where I'm using the backwards R, it should be flagged as possibly fictitious.
 
Interesting. Thing is, at $3.5 million per breach (from the article) it may be too costly or not costly enough to justify real emphasis and change.

From the article:

“The ability to attack is certainly outpacing the ability to defend,” said Lillian Ablon, a security researcher at the RAND Corporation. “We’re constantly playing this cat and mouse game, but ultimately companies just patch and pray.”

Patching seems to not be a real success.

In reality, the change a complex password every 60 days is probably the only real and successful way. Even things like biometrics are stagnant, so if someone steals the data or associated algorithm associated with it, you're done.

Problem is that constantly changing 15+ character random passwords will all the requirements for caps, numbers, special characters, etc makes it incredibly tough.
 
I've read it suggested that you come up with a mnemonic like:

My First Girfriend Was Jenny And She had 32 DDs

which turns into

MfgwJ&sh32DD

a tolerable password... for now!
 
Originally Posted By: eljefino
I've read it suggested that you come up with a mnemonic like:

My First Girfriend Was Jenny And She had 32 DDs

which turns into

MfgwJ&sh32DD

a tolerable password... for now!


Post of the day!!
thumbsup2.gif
 
Originally Posted By: eljefino
I've read it suggested that you come up with a mnemonic like:

My First Girfriend Was Jenny And She had 32 DDs

which turns into

MfgwJ&sh32DD

a tolerable password... for now!

Got any pics? :p
 
Originally Posted By: Barkleymut
Originally Posted By: eljefino
I've read it suggested that you come up with a mnemonic like:

My First Girfriend Was Jenny And She had 32 DDs

which turns into

MfgwJ&sh32DD

a tolerable password... for now!

Got any pics? :p


crackmeup2.gif


I honestly don't see where the real money is in stealing my Facebook username & password. Even if you jack my online bank login credentials, what will one do with it? My bank doesn't allow jack except to view your recent transaction and pay the credit card bill. It's not like a hacker can send the money from my checking account to another account and steal my life's savings, so again, can someone explain the benefit from stealing my login info? - besides the mental "high" of saying you did so...
21.gif
33.gif
 
Originally Posted By: eljefino
I've read it suggested that you come up with a mnemonic like:

My First Girfriend Was Jenny And She had 32 DDs

which turns into

MfgwJ&sh32DD

a tolerable password... for now!


Yes that would be tolerable. And not a bad password! :)
 
Last edited:
In April I implemented my own system for important passwords. It includes 4 digits for the date of change, some characters for the site name, and then several (10+) digits of random characters. I store it all with KeePass and intend to periodically modify the random part (and update KeePass). Like said above, changing the password with strong encryption is your only hope. One is still vulnerable during the period between changes (that's why it's best to NOT use the same passwords over). For sites like this one and others that don't involve personal info or monetary transactions I tend to use similar login names/passwords.

Another cool tool is Virtual Account numbers from Citi. They allow you to log in, and generate a 1-time use credit card number (you can specify a dollar limit and time limit) - that can only be used online or over the phone.
 
Last edited:
Originally Posted By: Artem


I honestly don't see where the real money is in stealing my Facebook username & password. Even if you jack my online bank login credentials, what will one do with it? My bank doesn't allow jack except to view your recent transaction and pay the credit card bill. It's not like a hacker can send the money from my checking account to another account and steal my life's savings, so again, can someone explain the benefit from stealing my login info? - besides the mental "high" of saying you did so...
21.gif
33.gif



Thing is, it's a piece of the puzzle. You can probably download a pdf of your statement that has your name and address on it. Then the crook can tap your telephone network interface-- it's outside your house and rarely locked-- and call the bank from your "home phone" and order a spare credit/debit card that he can then steal from your unlocked mailbox etc.
 
Originally Posted By: sicko
Originally Posted By: Astro14
Originally Posted By: eljefino
So this is why I have to sign into BITOG so often?
laugh.gif



Yep...and now, when we see posts under your name, we'll have no idea if it's actually you...or some Russian gang member disrupting BITOG...



I have a tendency to use the word "Dude" a lot, so if you see any posts by me where I refer to people as "Comrade" or where I'm using the backwards R, it should be flagged as possibly fictitious.



Apologies Comrade. I will make sure not to oust you around your new Comrade by using я or anything like that. Also, where do I find such photographs of this so called "Jenny?" And remember as well Comrade, Купить любой масла вы хотите, только не ждите чуда.
 
Originally Posted By: Touring5
Another cool tool is Virtual Account numbers from Citi. They allow you to log in, and generate a 1-time use credit card number (you can specify a dollar limit and time limit) - that can only be used online or over the phone.

This, while seemingly useful, ended up getting us in trouble once.

We used such one-time generated credit card number once with Discover to buy some concert/event tickets. The tickets needed to be picked up in person, and at pickup time, they wanted to see the credit card that was used to make the purchase. Well, guess what... the number on the card was different from the one-time generated card number.
 
For really important accounts like my on-line banking, I use the BofA supplied two-factor authentication protocol which consists of them texting MY cellphone a one-time six digit code that reaches my login page where I then enter another password.
 
Status
Not open for further replies.
Back
Top