Go Back   The Scream! > COMPUTER RELATED > PC Security

Reply
 
Thread Tools Display Modes
  #1  
Old 05-October-2009, 22:02
gem's Avatar
gem gem is offline
 
Join Date: May 2001
Location: Currently in Brittany, France
Posts: 5,606
News! Thousands of Hotmail users hacked

From BBC News, Technology
Thousands of Hotmail users hacked
Microsoft has confirmed that thousands of Hotmail accounts have been compromised in a phishing attack.
BBC News has seen a list of more than 10,000 e-mail accounts and passwords which had been posted online.
The software giant, which owns the web-based e-mail system, said that it "had launched an investigation".
Phishing involves using fake websites to lure people into revealing personal details such as bank accounts or login names and other private data.
"We are aware that some Windows Live Hotmail customers' credentials were acquired illegally and exposed on a website," said a Microsoft spokesperson.
"Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers."
Quick change
Graham Cluley, consultant at security firm Sophos, told BBC News the published list may just be a subset of a longer list of compromised accounts.
"We still don't know the scale of the problem," he told BBC News.
Technology blog neowin.net was the first to publish details of the attack. It said the accounts were posted on 1 October to pastebin.com, a website commonly used by developers to share code.
Although the details have since been removed, BBC News and Neowin has seen a list of 10,028 names beginning with the letters A and B.
BBC News has confirmed that the accounts are genuine and predominantly originate in Europe.
The list included details of Microsoft's Windows Live Hotmail accounts with email addresses ending hotmail.com, msn.com and live.com.
Mr Cluley advised Hotmail users to change their password as soon as possible. "I'd also recommend that people change the password on any other site where they use it," he said.
Around 40% of people use the same password for every website they use, he added.
Hotmail is currently the largest web-based e-mail service.

By Jonathan Fildes Technology reporter, BBC News Published: 2009/10/05 19:02:48 GMT
__________________
GEM
Reply With Quote
  #2  
Old 06-October-2009, 11:10
joe2cool's Avatar
joe2cool joe2cool is offline
Screamager
 
Join Date: May 2003
Location: UK
Posts: 795
Default Re: Thousands of Hotmail users hacked

Cheers......... Password changed
__________________
joe2cool

STAY COOL!! Live Each & Every Day As If It's Your Very LAST!!!



Life is a gamble at terrible odds - if it was a bet you wouldn't take it.


Favourite Photo's
Reply With Quote
  #3  
Old 06-October-2009, 11:29
Twinkle's Avatar
Twinkle Twinkle is offline
Rambler
 
Join Date: Apr 2004
Location: Berkshire
Posts: 2,659
Default Re: Thousands of Hotmail users hacked

Thanks for news.
__________________
We can't all be a star*
But we can all Twinkle*
Reply With Quote
  #4  
Old 11-October-2009, 01:29
Deadman
Guest
 
Posts: n/a
Default Re: Thousands of Hotmail users hacked

From BBC News, Technology
Originally Posted by gem View Post
This is the BBC being sensationalist or more likely, completely misunderstanding the technology.
There was no hack or crack or whatever - It's a rather simple phishing scam that has been ongoing for some time and still is. It works because many (most?) users of messenger type and other social networks are easy targets in that they are largely security ignorant and only too eager to grab whatever "goodies" are offered to them.

MyWebsearch etc ring a bell?
Reply With Quote
  #5  
Old 11-October-2009, 11:35
gem's Avatar
gem gem is offline
 
Join Date: May 2001
Location: Currently in Brittany, France
Posts: 5,606
Exclamation Re: Thousands of Hotmail users hacked

This is the BBC being sensationalist or more likely, completely misunderstanding the technology......
Originally Posted by Deadman View Post
No, not so:

From The Register
Hotmail phish exposes most common passwords
Live ID hacking made as easy as 123...
By John Leyden Posted in Crime, 7th October 2009 11:56 GMT

Data from the Hotmail phishing attack proves that consumer password security remains pants.

The most common single password in the sample of 10,000 purloined Live ID login credentials posted as a text file to developer site PasteBin.com was "123456", something only marginally more secure than the traditional favourite "password".

Neil O'Neil, a digital forensics investigator at secure payments firm The Logic Group, found that "123456" cropped up on the list 64 times. There were 18 uses of the second most popular password, "123456789", in the list.

Although PasteBin's owners had taken down the list the information was still easily retrievable by security researchers, such as O'Neil, and (undoubtedly) hackers who cared to hunt it down.

O'Neil subsequently analysed the list, with the aim of turning the analysis into a presentation on password security for corporate clients.

The list of Live ID login credentials and associated data was posted as a text file to PasteBin. A large number of spelling mistakes in the secondary data (such as email addresses) available alongside the password data points to the source as a phishing attack.

The information bears all the hallmarks of a raw data dump from Hotmail account holders induced to fill out forms on hacker-controlled websites under the guise of a security check or similar.

O'Neil's analysis of the passwords reveals common themes in their makeup. For example, the security researcher noticed that a significant percentage were dates of birth, an inherently weak password. Other passwords spotted in the sample include "ibelongtogod" (Is Real Madrid's Kaka on Hotmail?) and, perhaps by way of cosmic balance, "666666".

Nearly half (42 per cent) of the passwords used only lowercase letters, 19 per cent were purely numeric and only six per cent mixed up alpha-numeric and other characters, according to a separate analysis (http://www.acunetix.com/blog/websecu...mail-passwords) of the data by web application security firm Acunetix. Many of the top 20 most frequent passwords in the featured given names common in Spanish speaking countries, such as Alejandra and Alberto. This provides circumstantial evidence that the data was harvested at least in part from a Spanish language phishing message.

iloveyou and (the Spanish equivalent) tequiero both appeared in the top 20 list compiled by Acunetix. O'Neil speculates the list might have been posted as part of an online spat between hackers.

Time to change up
Since an estimated two in five users make use of the same password across multiple accounts, the Hotmail password phishing attack gives hackers a head start in attacking more financially sensitive accounts. "People tend to have the same password across many accounts - so there is a good chance that individuals have also compromised the integrity of their eBay or PayPal accounts too," O'Neil commented.

The security researcher reckons it's time to re-evaluate traditional advice on how to choose passwords. "It used to be that the best security advice was to never write down your password," he said. "Today's advice however is to choose complex passwords, write them down and then put them in your wallet.

"You know when your wallet is lost or stolen and therefore that you need to change your passwords. Three initials from your name and postcode will do the trick and will take a hacker weeks to crack. Using an old postcode adds another layer of protection."

News of a second dump of at least 30,000 webmail login credentials also dumped onto PasteBin broke (http://www.theregister.co.uk/2009/10..._webmail_phish) on Tuesday. This list contained apparent password and username details for accounts with a wider range of webmail providers, including Gmail and Yahoo!.

Security researchers are yet to analyse the list, which early indications suggest may involve a greater percentage of abandoned or fake accounts.
__________________
GEM
Reply With Quote
  #6  
Old 12-October-2009, 17:20
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default Re: Thousands of Hotmail users hacked

yep - but it is apparently a simple (?) phishing type scenario that created the password lists

The security researcher reckons it's time to re-evaluate traditional advice on how to choose passwords. "It used to be that the best security advice was to never write down your password," he said. "Today's advice however is to choose complex passwords, write them down and then put them in your wallet.

"You know when your wallet is lost or stolen and therefore that you need to change your passwords. Three initials from your name and postcode will do the trick and will take a hacker weeks to crack. Using an old postcode adds another layer of protection."
it doesn't matter if the password is 64 chars long and contains chinese characters if the person operating the account can be duped to type the account login details to a fake page or other similar
Reply With Quote
  #7  
Old 12-October-2009, 21:26
gem's Avatar
gem gem is offline
 
Join Date: May 2001
Location: Currently in Brittany, France
Posts: 5,606
Unhappy Re: Thousands of Hotmail users hacked

From The Register
FBI chief barred from online banking by wife
By Austin Modine Posted in Crime, 8th October 2009 19:41 GMT

America's chief spook has been banned from internet banking by his wife after nearly falling prey to a common email phishing scam.

FBI Director Robert Mueller was in San Francisco on Wednesday to advocate public vigilance against cybercrime. Speaking to the non-profit public affairs org, the Commonwealth Club of California, Mueller admitted that he himself barely dodged a con from the oldest trick in the cyber-criminal handbook.

Mueller recalled how, not long ago, he received an email purportedly from his bank that looked "perfectly legitimate." The email requested he verify some personal information, and Mueller obliged with the instructions before realizing "this might not be such a good idea."

The FBI chief said he quickly changed all his passwords and tried to pass the incident off to his wife as a "teachable moment." But she replied: "It is not my teachable moment. However, it is our money. No more internet banking for you!"

Mueller said while such scams are an every day occurrence, similar internet chicanery is being used by "criminals, spies, and terrorists." Be afraid, be very afraid.

"We know the game plan of our adversaries. They will keep twisting the doorknobs and picking the locks until they find a way in. But we must not let them in. We must change the locks. We must bar the doors. And we must sound the alarms when we notice anything out of the ordinary."

Yet not everyone in attendance was convinced it's the cyber criminals that are the biggest threat to America. When questions were read from the audience, one (smartly) anonymous query began: "I'm not worried about a teenage hacker reading my email. I'm worried about you reading it."

Mueller responded that the questioner should in fact worry about the teenager "so much more" than the FBI. The G-man general said while preventing internet crime is incredibly difficult, the US government has struck "a pretty good balance" between respecting civil liberties and stewarding national security.

His speech was delivered the day US and Egyptian officials announced they've charged 100 people with conducting a phishing operation they call the biggest cybercrime case ever.

A transcript of Mueller's speech can be found at the FBI website. Or at least, what looks like the FBI website.
Reassuring isn't it!
__________________
GEM
Reply With Quote
  #8  
Old 14-October-2009, 10:40
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default Re: Thousands of Hotmail users hacked

yeah - the technology to have secure i'net banking could be cool but the person sitting at the keyboard is often the weakest part of the security chain

perhaps web browser s/w should have a 'banking mode' - where you'd previously entered bank websites you use (or other secure websites you use) and then you click the 'banking mode' - it checks things like the SSL certificate is legit (matches previously supplied one)
Reply With Quote
  #9  
Old 14-October-2009, 10:50
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default Re: Thousands of Hotmail users hacked

perhaps http://www.google.com/tools/firefox/safebrowsing/ is useful
Reply With Quote
  #10  
Old 14-October-2009, 11:44
gem's Avatar
gem gem is offline
 
Join Date: May 2001
Location: Currently in Brittany, France
Posts: 5,606
Thumbs up Re: Thousands of Hotmail users hacked

Yes, that looks good.
I use Firefox but I also have McAfee (don't say it!) Total Protection which includes their checks on sites - I would not (financially) use a site without McAfee's 'safe' mark/approval.
__________________
GEM
Reply With Quote
Reply

Tags
123, bbc, crack, digital, email, fake, google, hack, hacked, hacker, hackers, hacking, hotmail, internet, line, lost, mail, messenger, online, public, scam, security, share, software, sound, tools, web, windows

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Broadband users willing to pay for content gem Broadband Internet Access 2 08-January-2003 19:21
MS addresses Hotmail spam blizzard. At last gem News 2 19-September-2002 10:22
Hotmail users, getting more spam than usual, check this out. JohnnyReb51 News 20 30-May-2002 00:03
European Hotmail users get mobile silver News 0 23-August-2001 16:05
Official Proof - MSN staffed by chimpanzees! Gareth General Internet Questions 3 03-July-2001 08:53


All times are GMT +1. The time now is 09:38.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!