- Nov 5, 2011
- 5,855
Handing over your password is just EASY! Look:
Handing over your password is just an app away : on naked security blog : http://nakedsecurity.sophos.com/2009/11/12/handing-password-app/
I was checking my personal Twitter feed today and saw friends posting how long they've been tweeting along with a link. The tweet looked something like this:
"Tweeting for # years, # months, # weeks, # day, # hours, # minutes # seconds (MM DD, YYYY) How about you? <link>
Being curious, I decided to investigate the link.
The first thing it does is ask for your screen name and shows a bunch of ads of "How to get more Twitter followers". Ok, not the best ads, but moving on. You enter the screen name, then hit go. It looks up the name and gives an accurate date, but then it offers to tweet it for you. So you enter in your username and password. Wait a minute. That would be handing over your password to an unknown entity.
I did some initial investigation of the url. It's only been around two months and is hosted with a fairly dodgy source, a proxy hosting service. This is a private hosting so you can't see any info on the person/business who actually own the site. Hmmm. Usually, legit sites don't mind having that info available. I also notice it doesn't use the OAuth verification that many Twitter sites use to mean they are trying to be legit. Again, seems suspicious.
But how many people have willingly sacrificed their passwords by using such seemingly benign tools or links or applications? They seem totally harmless, don't they? Like I posted in my previous blog post here there's great value to malware authors to get that info. Now I'm not necessarily condemning this particular tool, this one may be totally innocent, but I feel compelled to warn people to not just blithely hand over their passwords. PLEASE think about what you are doing, even if it seems like it's harmless fun.
----------
800,000 Customers' detail stolen in Data Breach at French Telecom 'Orange' : on the Hacker News : http://thehackernews.com/2014/02/800000-customer-details-stolen-in-data_2.html
Sunday, February 02, 2014
..
The hacker has successfully stolen customers' names, mailing address, email, landline and mobile phone numbers.
The company warned, with the information lost in this attack, hackers can perform phishing attacks, allowing them to steal personal data, including bank account details and passwords by sending emails that look as if they have come from official sources.
----------
NEWS:
I hear on the radio today that Orange is again hacked recently, and passwords of many customers are stolen!
----------
Yah I Got Hacked – Facebook & Hotmail – Don’t Save Passwords! : on shaolintiger.com : http://www.shaolintiger.com/2014/05/06/yah-i-got-hacked-facebook-hotmail-dont-save-passwords/
So almost a year ago I got hacked, hacked real bad in fact and I literally (almost) pooped my pants – it was scary watching your whole online life disappearing before your eyes. Ironic in a way as I spend my time securing other people’s sites and lives – but often forget about my own.
Seriously, getting hacked – in front of your own eyes in not fun or nice – it’s really very terrifying thinking you could lose all those memories/connections/messages/e-mails.
I’d been ‘meaning’ to transition to some kind of online password management system for a long time – but as usual never actually got around to it.
I was super lucky that I was actually online when it was happening, I was browsing something on Facebook then suddenly I got logged out and I couldn’t get back in – then the panic set in because when I tried to login..Facebook said there was no account with that e-mail!
'Incorrect Email
The email you entered does not belong to any account.
You can login using any email, username or mobile phone number associated with your account. Make sure that it is typed correctly.'
..
Read more on the website, please.
Handing over your password is just an app away : on naked security blog : http://nakedsecurity.sophos.com/2009/11/12/handing-password-app/
I was checking my personal Twitter feed today and saw friends posting how long they've been tweeting along with a link. The tweet looked something like this:
"Tweeting for # years, # months, # weeks, # day, # hours, # minutes # seconds (MM DD, YYYY) How about you? <link>
Being curious, I decided to investigate the link.
The first thing it does is ask for your screen name and shows a bunch of ads of "How to get more Twitter followers". Ok, not the best ads, but moving on. You enter the screen name, then hit go. It looks up the name and gives an accurate date, but then it offers to tweet it for you. So you enter in your username and password. Wait a minute. That would be handing over your password to an unknown entity.
I did some initial investigation of the url. It's only been around two months and is hosted with a fairly dodgy source, a proxy hosting service. This is a private hosting so you can't see any info on the person/business who actually own the site. Hmmm. Usually, legit sites don't mind having that info available. I also notice it doesn't use the OAuth verification that many Twitter sites use to mean they are trying to be legit. Again, seems suspicious.
But how many people have willingly sacrificed their passwords by using such seemingly benign tools or links or applications? They seem totally harmless, don't they? Like I posted in my previous blog post here there's great value to malware authors to get that info. Now I'm not necessarily condemning this particular tool, this one may be totally innocent, but I feel compelled to warn people to not just blithely hand over their passwords. PLEASE think about what you are doing, even if it seems like it's harmless fun.
----------
800,000 Customers' detail stolen in Data Breach at French Telecom 'Orange' : on the Hacker News : http://thehackernews.com/2014/02/800000-customer-details-stolen-in-data_2.html
Sunday, February 02, 2014
..
The hacker has successfully stolen customers' names, mailing address, email, landline and mobile phone numbers.
The company warned, with the information lost in this attack, hackers can perform phishing attacks, allowing them to steal personal data, including bank account details and passwords by sending emails that look as if they have come from official sources.
----------
NEWS:
I hear on the radio today that Orange is again hacked recently, and passwords of many customers are stolen!
----------
Yah I Got Hacked – Facebook & Hotmail – Don’t Save Passwords! : on shaolintiger.com : http://www.shaolintiger.com/2014/05/06/yah-i-got-hacked-facebook-hotmail-dont-save-passwords/
So almost a year ago I got hacked, hacked real bad in fact and I literally (almost) pooped my pants – it was scary watching your whole online life disappearing before your eyes. Ironic in a way as I spend my time securing other people’s sites and lives – but often forget about my own.
Seriously, getting hacked – in front of your own eyes in not fun or nice – it’s really very terrifying thinking you could lose all those memories/connections/messages/e-mails.
I’d been ‘meaning’ to transition to some kind of online password management system for a long time – but as usual never actually got around to it.
I was super lucky that I was actually online when it was happening, I was browsing something on Facebook then suddenly I got logged out and I couldn’t get back in – then the panic set in because when I tried to login..Facebook said there was no account with that e-mail!
'Incorrect Email
The email you entered does not belong to any account.
You can login using any email, username or mobile phone number associated with your account. Make sure that it is typed correctly.'
..
Read more on the website, please.
