moderateGOP
Active Member
Working in the Information technology industry can be hectic and at times scary. Not only do you have to worry about setting up everything right in the first place and to make sure nobody loses any information if their computer crashes: usernames, passwords, emails, profiles, cloud accounts and servers. You also have to worry about what goes on in the outside world.
Like when the New York Times pulled this stunt on Tuesday 8/5.
http://www.nytimes.com/2014/08/06/t...billion-stolen-internet-credentials.html?_r=0
There are many problems with this story:
1. 1.2 Billion Passwords seems like a lot. There are no details about which passwords and usernames were stolen and they in fact refuse to tell anyone! So we have no real "proof" except conjecture from an unknown security firm.
2. Did they do it overnight? At first glance that's what it sounds like in the NY Times article. However, for all we know these hackers could have just been collecting and buying this information since the 1990s! There's no way to tell for sure. How scary is 1.2 Billion passwords if 85% of them are useless?
3. Who and what is Hold Security? Just read this Forbes article to find out:
Firm That Exposed Breach Of 'Billion Passwords' Quickly Offered $120 Service To Find Out If You're Affected Classic marketing scheme right over here
4. Not many websites actually have over a Billion user names to steal. So if we are led to believe that these hackers are currently going around and hacking some of the biggest sites on the internet. I think they would know about it, and fix their horrible user login systems. The fact of the matter is internet companies are usually one step ahead of hackers especially those with two step verification processes. Such as unique IDs or Captchas.
6. It is unclear if they bought the 1.2 Billion usernames and passwords or actually hacked them. It's looking more and more like they simply either bought them, or found them floating around the internet. This is quite easy to find.
7. Their hacking methods are outdated as well. SQL injection is pretty much outdated. Basically you may be able to hack a wordpress blog with that, but not a giant well funded site like Facebook or Youtube. Any IT organization knows about SQL and how to protect against it.
8. Twitter seems to be the only large website affected. It's said the gang is using the passwords to spam twitter accounts. Probably just using old ones to rank up twitter followers.
The hype around this is pretty stupid to me.
Like when the New York Times pulled this stunt on Tuesday 8/5.
http://www.nytimes.com/2014/08/06/t...billion-stolen-internet-credentials.html?_r=0
There are many problems with this story:
1. 1.2 Billion Passwords seems like a lot. There are no details about which passwords and usernames were stolen and they in fact refuse to tell anyone! So we have no real "proof" except conjecture from an unknown security firm.
2. Did they do it overnight? At first glance that's what it sounds like in the NY Times article. However, for all we know these hackers could have just been collecting and buying this information since the 1990s! There's no way to tell for sure. How scary is 1.2 Billion passwords if 85% of them are useless?
3. Who and what is Hold Security? Just read this Forbes article to find out:
Firm That Exposed Breach Of 'Billion Passwords' Quickly Offered $120 Service To Find Out If You're Affected Classic marketing scheme right over here
4. Not many websites actually have over a Billion user names to steal. So if we are led to believe that these hackers are currently going around and hacking some of the biggest sites on the internet. I think they would know about it, and fix their horrible user login systems. The fact of the matter is internet companies are usually one step ahead of hackers especially those with two step verification processes. Such as unique IDs or Captchas.
5. To put this "credential collection," not a hack. As I'd like to call it in the same category as the Target Data Breach is just laughable in the IT world.1.2 billion accounts, covering 500 million unique email addresses over 420,000 websites.
6. It is unclear if they bought the 1.2 Billion usernames and passwords or actually hacked them. It's looking more and more like they simply either bought them, or found them floating around the internet. This is quite easy to find.
7. Their hacking methods are outdated as well. SQL injection is pretty much outdated. Basically you may be able to hack a wordpress blog with that, but not a giant well funded site like Facebook or Youtube. Any IT organization knows about SQL and how to protect against it.
8. Twitter seems to be the only large website affected. It's said the gang is using the passwords to spam twitter accounts. Probably just using old ones to rank up twitter followers.
The hype around this is pretty stupid to me.