Account hi-jacking is still a question of ignorance, then. Who in their right mind would add an application -- and thereby granting the application certain rights -- unless they know what the application did and who made it? Certainly not the type of person I would allow to cross the street unattended, much less connect to the Internet.
Same thing with people who do not make sure not to send passwords over clear-text. Not using SSL/TLS these days is stupid beyond all mortal ken, especially when it comes to authentication. Most web browsers even warn you if you try to send any form data over an unencrypted connection. However, the ignorance isn't always on the client side. Some service providers are notoriously daft when it comes to password management. For one, the password should never, *ever*, be stored server-side. It should be stored as a salted hash value, and the salt should be kept separate from the hash table lest the database be compromised by hackers. So even if you are as careful as you should be, there is still a risk of a security breach. And that's why one will never ever use the same password for different services. If one has thirty accounts on various sites, one should have thiry passwords in active use. That's all there is to it. When you hear about Google accounts getting hacked, it is never actually about Google accounts getting hacked, because it is not Google who lapsed in security, it's the user wielding the account. In a way, one could say the user itself got mind hacked. On 30 April 2012 04:37, Jake Markhus <[email protected]> wrote: > Much to my uttermost shock I met someone with a hacked GOOGLE account! > Until then I thought people > getting p0wned was due to negligence or ignorance. The user had a great > password, never used internet cafes > and never left his laptop un attended!**** > > Someone is getting successful at not only guessing or obtaining usernames > but also cracking passwords because > the Google hack was flawless! Even Google (who were also perplexed) > commented on the strangeness of the user > being in two countries (continents) at the same time. The account was not > totally taken over except for a number > of emails being sent. The user had some skill but forgot to empty the > deleted items folder where all his work remained > after he deleted it.**** > > One great and usually successful way of compromising an account is by > having yourself added innocuously as an application, > service for various innocent sounding reasons such as mailing lists, > authentication and social media integration. The smart hacker > no longer goes for the big boys. Instead he targets the low hanging fruit > like new social media apps (remember gawker) or huge > online game stores such as sony. Compromise of a tertiary service often > yields a whole lot of GREAT info. Take for example > a certain list I know who store your password as plain text and mail it to > you on a regular basis. ;-)**** > > Got to prepare for the day job but the means are endless especially with > the popularity of social media that attracts more people > every day from all walks of life, makes them mesmerised by the utility and > while forgetting the security. Did you know that while > Orange offers “FREE” facebook they do not allow you to connect using > https? Think about it ;-)**** > > Great day great week**** > > Carpe JUGulum (not what they did to Ingrid!! It means seize the throat! > Fine Carpe Diem you illiterate!) Carpe diem jugulum!**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Peter C. Ndikuwera > *Sent:* 30 April 2012 01:08 > *To:* Uganda Linux User Group > *Subject:* Re: [LUG] Hi**** > > ** ** > > The joy of yahoo accounts. Large number of people I know with yahoo > accounts have had them hacked and used for such spam advertisement. **** > > ** ** > > Anyone know how it's being done? Purely as an *ahem* educational exercise. > **** > > ** ** > > Peter**** > > > **** > > --**** > > Evolution (n): A hypothetical process whereby infinitely improbable events > occur with alarming frequency, order arises from chaos, and no one is given > credit.**** > > > > **** > > On 29 April 2012 12:28, Benjamin Tayehanpour <[email protected]> > wrote:**** > > Spam with obfuscated referrer URL, probably some kind of "make $$$ fast, > all you have to do is spam this URL everywhere". Renders a permanent ban on > most mailing lists.**** > > ** ** > > On 28 April 2012 21:07, vincent solomon <[email protected]> wrote:**** > > > wow this is crazy you should look into this http://t.co/6vQj4GTD > > > > ~*Advertisement > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way.**** > > ** ** > > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way.**** > > ** ** > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. >
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
