Announcement

Collapse
No announcement yet.

Hacker attacks are coming in...

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hacker attacks are coming in...

    I guess this is in response to the WikiLeaks fiasco. (Please refrain from going into a Wikileaks discussion - that can go over to fratching - please leave it to alerts that you've gotten).

    I got an email stating that my Amazon.com login and password had been compromised and I needed to change it - it seemed legit because they told me to go to Amazon.com to do all the work (never click on a link in an email to do this!!).

    Here's the email:

    Hello (me),

    This is an important message from Amazon.com

    At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email address and password sets posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on several websites. We believe your email address and password set was on that list. So we have taken the precaution of resetting your Amazon.com password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your Amazon account.

    To regain access to your Amazon customer account:

    1. Go to Amazon.com and click the "Your Account" link at the top of our website.

    2. Click the link that says "Forgot your password?"

    3. Follow the instructions to set a new password for your account.

    Please choose a new password and do not use the same password you used with us previously. We also highly recommend that you chose a password that you are not using on any other sites. We look forward to seeing you again soon.

    Sincerely,

    Amazon.com


    Please note: this e-mail was sent from an address that cannot accept incoming e-mail. To contact us about an unrelated issue, please visit the Help section of our website.
    Now, I got the same from a registrar I rarely use.

    Dear (me),

    As you might have heard, the Gawker network (owned by Gawker Media) was compromised over the weekend. This created a security breach on many popular websites, including Deadspin, Fleshbot, Gawker, Gizmodo, io9, Jalopnik, Jezebel, Kotaku and Lifehacker. Attackers obtained the email addresses and passwords of users who leave comments on these websites.

    The attackers then posted this information publicly.

    We're contacting you because we discovered that the email address you use at Domains Priced Right was on the list the attackers posted. While Domains Priced Right does not use your email address to log in to your account, we still recommend you follow the security measures below.

    For your safety, please review all your online accounts and change your passwords as soon as possible. This includes not only your accounts with us, but also any accounts you have online. Many people use the same password for multiple services on the Internet: email, shopping, finances and social networking. In this situation, attackers could take the information they got from Gawker and try to compromise your other accounts.

    For information about how to change your password with us, click here.

    You can also find more information about the attack at lifehacker.com.

    As always, we take your personal security very seriously. If you have questions regarding this message, please feel free to contact our support center at 480-624-2500.

    Domains Priced Right
    I have a feeling it is not stopping here.

    If you've gotten similar emails, feel free to post here of who was affected, I'll try to update the list. I think it's also a good time to change your primary email addresses (I did this morning). If you want some tips on how to make your password:

    Use letters (lower case and capital) and numbers but not separate. In other words, soccer is a poor password. Soccer0 is a little better. s0ccEr is better (zero instead of an the letter o). Use non-native languages. If you speak English but know some Spanish, throw a little in there. Throw in non-alphanumeric characters like punctuation etc. jueg0s0cC.3r is a very good password. Most "brute force" attacks won't use non-alphanumeric characters. If you really want to make it secure, use your ASCII chart juèg0s0cC3r

    Don't use nicknames, pets, significant others, etc.

    Amazon.com
    Gawker Network (post #1)
    Deviantart (Posts #2, #3)
    Last edited by draggar; 12-17-2010, 12:07 AM.
    Quote Dalesys:
    ... as in "Ifn thet dawg comes at me, Ima gonna shutz ma panz!"

  • #2
    From what I understand something similar happened over at DeviantArt with emails being sent from Gawker to those that were affected. I wasn't affected, I just saw a notice that someone had in their journal about it. I changed my password anyway, there is a big thing about a couple people having their accounts deactivated around the same time as that went out. I'm not sure if it was truly someone working on behalf of WikiLeaks or just someone who decided that this would be a good time to cause trouble of their own. I don't participate in any of the forums or loud we want change etc groups there and it looked like the ones affected were mostly from those groups. I could be wrong about that, like I said since I don't participate I don't know for sure, but I hope me being a nonpaying quiet member that is one of thousands on there there will pay off and I won't have my account hurt. (Warning minor rant) That being said some people were complaining about loosing work that they kept stored in their account, WHY are you storing all your work there?! I get you have a couple hundred art submissions but you ALWAYS back up the important stuff. Ugh!

    I change my passwords often, I've had an account hacked before, I'll use your advice on how to make passwords somethings I hadn't considered.
    I'm the 5th horsemen of the apocalypse. Bringer of giggly bouncy doom, they don't talk about me much.

    Comment


    • #3
      The Deviantart one was through something secondary that works through Deviantart, I believe, and did not effect most users - but it's always a good idea to change your passwords every so often anyway, not only for security but also for your own peace of mind. =)

      Comment


      • #4
        Quoth Taboo View Post
        The Deviantart one was through something secondary that works through Deviantart, I believe, and did not effect most users
        Ok, that's what I thought. I wasn't entirely sure what happened. Just that accounts were being messed with. I should have read it better I suppose...
        I'm the 5th horsemen of the apocalypse. Bringer of giggly bouncy doom, they don't talk about me much.

        Comment


        • #5
          I got something from DeviantArt but I hardly ever go on there. If I got one from Amazon I'd be more concerned, but I'd also want to really check that out carefully. Some fraud websites are so well done that you can think you're on the legit site when you're not.
          When you start at zero, everything's progress.

          Comment


          • #6
            Yeah, I knew the Amazon one was legit - they told me to go to Amazon.com and change my password, not to click on a link.

            I also got a phishing attempt for my GoDaddy account today, too, but I don't think it's related.
            Quote Dalesys:
            ... as in "Ifn thet dawg comes at me, Ima gonna shutz ma panz!"

            Comment


            • #7
              Some of my friends have had their Facebook accounts hacked recently also.
              Everything will be ok in the end. If it's not ok, it's not the end.

              Comment


              • #8
                On the subject of passwords/websites/hacking and whatnot... I too have had to change several recently.

                Its made me wonder - what system do YOU use to come up with a password that meets security requirements but is easy to remember? Everything that I see online says "don't use the same password for multiple sites" but with so many websites/banks/forums/blogs/etc its IMPOSSIBLE to memorize every single one!!! I actually have a small notepad with all my logins/passwords written down (I know - they say don't do that) but there's no easy way to remember them. Some places ONLY allow letters and numbers. Some places require you to have both AND a symbol. Some places say you have to have a PW that is over X characters long, others say it can only be (for example) "between 7 and 13" characters. Its enough to drive you insane.

                Here's a sampling of my notebook:
                Banking (4 banks, 3 credit cards, student loans - all different), Paypal, Ebay, Gmail (several emails,), Pogo, Myspace, IMDB, DIGG, BlueMountain, Feedburner, Facebook, Blogger, Consumerist, Gawker, Youtube, Sitemeter, Pogo, My cellphone company, my college, my scholarship website, Monster, CNN, YouTube, Audible, LinkedIn, and about 30 different forum websites/blogs.

                This is just 2 pages of more than 10 I have filled out. Like I said - its IMPOSSIBLE to remember every single password unless I make them similar.

                Any suggestions on how to make this easier? It doesn't help when you get emails like the above and have to suddenly make a new password and then remember THAT one....
                The large print giveth, and the small print taketh away.

                Comment


                • #9
                  If you don't have to move around on various computers a lot, programs like KeePass or LastPass are great. I have long, unique, and ridiculously complex passwords set for all of my important accounts, except the e-mail address I use to register them all -- for that one I have a password that is easy for me to remember, but still reasonably complex.

                  I have KeePass set up so that I just have to place the cursor in the username field, press ctrl-alt-a, and it automatically types and submits it. I can make more complex macros if the login form requires more than a username and password. Everything in the password keeper is encrypted, accessed with yet another password/passphrase, so now I only need to remember the passphrase to the KeePass database (so the program can access my other passwords) and the password to my e-mail address (so I can reset passwords if my KeePass database is lost).

                  You can also use password keepers on a flash drive.
                  Last edited by Jack; 12-18-2010, 11:42 AM.

                  Comment


                  • #10
                    I use a pattern system for my passwords.

                    The initial part of the password is based on the site it goes to. The middle portion of the password is based on a static pattern typed on the keyboard with the start of the pattern based on the site it goes to. The final portion is a stock number plus punctuation combination that goes on all of my passwords.

                    It's easy to remember for every site I have a password to, can be changed easily if a site changes its name, and is about a dozen characters. Due to this scheme, all of my passwords are unique, and not worth brute force hacking, which is what happens to most hacked accounts.

                    ^-.-^
                    Faith is about what you do. It's about aspiring to be better and nobler and kinder than you are. It's about making sacrifices for the good of others. - Dresden

                    Comment


                    • #11
                      This drives me crazy, too. I've stopped signing up for a lot of things because there are too many passwords to remember, and honestly it often turns out that I never go back to a site again anyway, so why bother.

                      It's also frustrating as hell because it seems like every password (or user name) I come up with, the site will tell me it's already in use, so I have to come up with more and more unusual things.
                      When you start at zero, everything's progress.

                      Comment


                      • #12
                        Quoth Primer View Post
                        Some of my friends have had their Facebook accounts hacked recently also.
                        FB accounts are *always* getting hacked. People get a link to what looks like a profile or a game and it will go to what looks like a FB login screen - they type in their login and password and they're done.

                        Quoth DeltaSierra View Post
                        Its made me wonder - what system do YOU use to come up with a password that meets security requirements but is easy to remember?
                        I have 3 levels depending on how important the site is.

                        For most forums I have low security. Very easy to remember.

                        For other forums (mod / admin access, etc.) I have one that's a little more secure. It won't be guessed but a brute force attack would eventually get it.

                        Anything that has to do with money, domains, hosting, etc. I have very secure passwords (I won't go into too much detail). 99.99% of brute force attacks won't get it (most don't try non-alphanumeric characters and most of the ones that are left won't try non-English characters like æ). I'll even mix up words in different languages as well as replace letters with numbers. Like cæsarhouseisAzul


                        Quoth Jack View Post
                        If you don't have to move around on various computers a lot, programs like KeePass or LastPass are great. I have long, unique, and ridiculously complex passwords set for all of my important accounts, except the e-mail address I use to register them all -- for that one I have a password that is easy for me to remember, but still reasonably complex.

                        I have KeePass set up so that I just have to place the cursor in the username field, press ctrl-alt-a, and it automatically types and submits it. I can make more complex macros if the login form requires more than a username and password. Everything in the password keeper is encrypted, accessed with yet another password/passphrase, so now I only need to remember the passphrase to the KeePass database (so the program can access my other passwords) and the password to my e-mail address (so I can reset passwords if my KeePass database is lost).

                        You can also use password keepers on a flash drive.
                        I really don't trust those. Yeah, they're giving you easy access to important accounts but you're potentially doing the same for them. We use one at work and I pointed out that it's a violation of our password security policy, I uninstalled it from my PC.
                        Quote Dalesys:
                        ... as in "Ifn thet dawg comes at me, Ima gonna shutz ma panz!"

                        Comment


                        • #13
                          Two weeks ago, I saw my e-mail account had been compromised.

                          Someone got my e-mail password and was sending spam e-mail to probably everyone on my list. And it went to their regular mail, didn't get caught in spam or junkmail where it belonged.
                          You really need to see a neurologist. - Wagegoth

                          Comment


                          • #14
                            No password is hacker proof. You can make the most complicated one, heck even somehow use Egyptian Hieroglyphics, and if somebody gets a keylogger on your computer..oops. However to make it more effective here are some simple rules.

                            1) Use passwords that nobody would associate with you. Things that have nothing to do with you in any aspect. No, not something you hate (this would still be associated with you), but things that don't even have six degrees of separation.

                            2) Use alphanumeric, with special characters. 10 is good, 15 is better. Random upper and lower case for the letter part of it is even better.

                            3) Make it something that you remember, but keep rule number 1 in mind.

                            4) Do not write it down, anywhere. Bad idea. (Especially not right next to the computer ).

                            5) Change it frequently. Even slight changes can help, but complete changes (ie none of the letters, numbers, or symbols of the old one used in the new one) are better.

                            6) Don't use the same one for multiple places. If somehow somebody gets a hold of one, you don't want them to get access to EVERYTHING.

                            Blas from what people have been telling me, your email may not have actually been compromised. They spoofed your email address. Even changing your password won't help (and you won't find a virus either). Don't know what to tell you besides get a new email address..contact your friends/family/etc through other means and let them know not to open anything from the old address.
                            Last edited by Mytical; 12-20-2010, 09:01 AM.
                            Engaged to the amazing Marmalady. She is my Silver Dragon, shining as bright as the sun. I her Black Dragon (though good honestly), dark as night..fierce and strong.

                            Comment


                            • #15
                              What does spoofing mean?

                              I panicked a bit and went off the deep end and called the bank and the credit card companies and did that rigomorale because some of the places I pay bills online, I use my e-mail address to access.
                              You really need to see a neurologist. - Wagegoth

                              Comment

                              Working...