General > General Technical Chat

Check your email address(s) and passwords for cyber security breaches

<< < (16/22) > >>

nctnico:

--- Quote from: Halcyon on January 21, 2023, 01:04:27 am ---
--- Quote from: nctnico on January 21, 2023, 01:01:54 am ---AFAIK lots of companies have checked their user databases against these public records and pre-emptively deactivated the passwords for breached accounts. But let's be realistic here: for many websites you don't really need that much security. Who cares if a forum account gets used by somebody else? Or somebody can login into a webshop without being able to make a payment anyway? In fact, it would be better if many of such websites just send you a link through email when you login instead of needing yet another password.

Things are different ofcourse for websites like Paypal where you can do financial transactions and so on.

--- End quote ---
The problem is, "unimportant" websites, like forums etc... form part of the low-hanging fruit attackers love and that comes down to people being lazy, re-using the same email addresses and/or passwords for more important services.

--- End quote ---
The latter is not a smart move ofcourse. Interestingly the article you linked to also contains a link to an article telling a password manager service was compromised due to a similar attack. At some point you can't fix stupid.

madires:

--- Quote from: nctnico on January 21, 2023, 01:01:54 am ---But let's be realistic here: for many websites you don't really need that much security. Who cares if a forum account gets used by somebody else? Or somebody can login into a webshop without being able to make a payment anyway?

--- End quote ---

If a bad guy uses your forum account to slander someone, to post illegal content or sell drugs then you might get into trouble, despite you being innocent. And with the latest ideas of the EU commision to scan for illegal content this will be even exacerbated.

Halcyon:

--- Quote from: madires on January 21, 2023, 12:06:51 pm ---
--- Quote from: nctnico on January 21, 2023, 01:01:54 am ---But let's be realistic here: for many websites you don't really need that much security. Who cares if a forum account gets used by somebody else? Or somebody can login into a webshop without being able to make a payment anyway?

--- End quote ---

If a bad guy uses your forum account to slander someone, to post illegal content or sell drugs then you might get into trouble, despite you being innocent. And with the latest ideas of the EU commision to scan for illegal content this will be even exacerbated.

--- End quote ---

All of those types of offences require solid evidence that the person being accused of the crime was the person actually behind the keyboard. It's not good enough to say "it was your account, so therefore you're in trouble" and that kind of thing would be extraordinarily easy to disprove or introduce doubt. For example, the EEVblog forum stores your IP address alongside every post you make (but this information is only visible to yourself and moderators/admins).

Speaking from personal experience, investigating crimes like child exploitation on the internet can be extremely difficult. In Australian courts, it's not even good enough to rely on the IP address of the user, you need additional evidence on top of all of those types of records to say "this is the person that did the bad thing", you can't just assume.

mendip_discovery:

--- Quote from: nctnico on January 21, 2023, 01:01:54 am ---Who cares if a forum account gets used by somebody else?

--- End quote ---

Becuase to the average hacker its somewhere to share dodgy links and random rants of propaganda. But to the skilled one they can use it to advertise items for sale a very attractive price take the money and leave the original user with the reputation.

It also helps them confirm that a person has reused passwords before so go hunting for more places they may have used it. In our case it could be digikey to RS and there they can buy a load of stuff even using stolen cards and have it sent to a different address or even have someone call in and collect from your own house (remember reading about it once).

PlainName:

--- Quote from: nctnico on January 21, 2023, 01:01:54 am ---Who cares if a forum account gets used by somebody else?

--- End quote ---

Your reputation on that site can  be used to leverage a scam. Often, security fails because some seemingly innocuous thing is compromised that leads to better (for the scammer) access. What if someone you've previously dealt with here, say, sends you a PM with a fantastic offer of 80% off something you're after? You're far more likely to fall for that one and send money than the same thing from some random Ebay account (and people fall for those).

This is also why leaking 'trivial' data is important - in itself it's nothing, but add to lots of other 'trivial' things and it can build to a powerful attack. Just knowing someone's age can tilt the balance if you're trying to impersonate them, and just look at how many users have let slip that info in the forums.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod