[conspire] Fwd: Conspire Hey!
Rick Moen
rick at linuxmafia.com
Thu Nov 15 13:38:42 PST 2012
Quoting Adrien Lamothe (alamozzz at yahoo.com):
> check this out [spamvertised URL]
Adrien's Yahoo login credentials were apparently stolen by spamvertising
cretins pushing a work-from-home scam. I've telephoned him to advise of
his problem and made sure no further pollution from his subscribed
account is possible pending his cleanup.
I'm also purged that post from the archives. (It takes ~20 mins
to rebuild archives for a mailing list with 12 years of traffic.)
Popular 'free' webmail services (Yahoo, GMail, Hotmail, etc.) seem
hotbeds of this sort of credential theft, and Yahoo accounts seem
particularly affected. A propos of that, I notice:
http://www.wired.com/threatlevel/2012/07/yahoo-breach/
Report: Half a Million Yahoo User Accounts Exposed in Breach
By Kim Zetter
07.12.12, 12:19 PM
Article ends with this valuable reminder:
The attacks highlight the danger of re-using passwords at different
websites, as hackers can mine the data and attempt to use the same
credentials with more sensitive accounts that users may have, such as
online banking and e-mail accounts.
Personally, I keep my (globally unique and strong) username/password
data in a PDA, airgapped from the computers and other places I use them,
using this open-source 3DES-encrypted datastore utility for PalmOS:
http://gnukeyring.sourceforge.net/
Other people elect, instead, to use an online computer-workstation-based
encrypted datastore -- which is a defensible choice but faces attack
modes that my airgapped one evades. Regardless, in either case, the
win is that you are enabled to cease reusing passwords or relying on
weak passwords, as the datastore helps you overcome human memory
limitations that naturally lead people to do dumb things with passwords.
More information about the conspire
mailing list