Russian gang has stolen 1.2B(!) passwords: security researchers - Polidicks

[QUOTE=redBadger;45605308]Out of a billion passwords what are the chances they'll pick your password and account. Nothing will happen[/QUOTE] automation

[QUOTE=redBadger;45605308]Out of a billion passwords what are the chances they'll pick your password and account. Nothing will happen[/QUOTE] Yeah man, guess we're safe then. It's a good job computers can't automate tasks or anything.

[QUOTE=Roll_Program;45605197]Is gmail safe? I feel like if it was compromised it would be much bigger news.[/QUOTE] I haven't seen anything happen with my GMail, but then again I have two step verification.

I don't even know how this one makes sense. The hacker was actually inside your computer all along? [t]http://reachingutopia.com/wp-content/uploads/2013/02/Computer-Hacker.jpg[/t]

its his skeleton controlling him

[IMG]http://s2.postimg.org/xguh33qnt/computer_theft_hacker_protection_1000.jpg[/IMG]

[QUOTE=lavacano;45604912]Seems pretty obvious to me that the concept of the password is now obsolete. Go ahead and set your passwords to "12345" now folks, your account's going to be compromised just as soon either way [editline]5th August 2014[/editline] more sites need two-factor auth of some sort[/QUOTE] Two factor auth or public key exchange is the best way, of course it's harder for the general public to use (Which is the reason most two factor auth stuff has a checkbox that says "Don't ask me again")

[QUOTE=Roll_Program;45605197]Is gmail safe? I feel like if it was compromised it would be much bigger news.[/QUOTE] you should have an authenticator of some kind for your email, if someone gets access to your email they have access to almost every single thing you sign up for with it

[QUOTE=Roll_Program;45605197]Is gmail safe? I feel like if it was compromised it would be much bigger news.[/QUOTE] If it wasn't, Gmail would have stopped being a thing long ago. Google hashes and salts its client info. Nobody would ever be able to crack it. [editline]6th August 2014[/editline] [QUOTE=Zergeant;45603856]I think I might have witnessed the effects of this, I got a email that was supposedly from Paypal, it displayed no email address and told me that they had made changes that I needed to review. I hovered the link in the mail and it led to some site called startup(dot)ru/hack. I then went to block the sender, to which it asked me if I wanted to block mails from my own address. Creepy stuff, promptly changed password.[/QUOTE] Chances are it was just SMTP spoofing. You don't need someone's account info to do it, you just need the address.

[QUOTE=lavacano;45604912]Seems pretty obvious to me that the concept of the password is now obsolete. Go ahead and set your passwords to "12345" now folks, your account's going to be compromised just as soon either way [editline]5th August 2014[/editline] more sites need two-factor auth of some sort[/QUOTE] Modern standards require the password to be salted and hashed when put into the database, so if someone did steal it all they would get is a jumble of characters which, each individual one, would take years to "decrypt"

[QUOTE=mdeceiver79;45607174]Modern standards require the password to be salted and hashed when put into the database, so if someone did steal it all they would get is a jumble of characters which, each individual one, would take years to "decrypt"[/QUOTE] That depends on what hashing algorithm is being used and the length of the password. With SHA2 or MD5 you can try millions of password combinations per second using your CPU and even billions per second using a powerful GPU, whereas with bcrypt and PBKDF2 the number of iterations per password can be adjusted so that calculating the password hash takes two seconds, for example. Then there are all the sites such as Linkedin that have ignored some or all of the said modern standards and either stored their passwords in plain-text, without any salting, using a broken algorithm or any combination of those. My advice is to use a password manager like KeePass, so that even if your password gets stolen, it won't matter much because you are already using a different password for every site.

be sure to protect your hotmail account because once they've got that it's really fucking hard to get it back. i was really lucky when it happened to me

[QUOTE=Zeke129;45604101][img]http://i.imgur.com/zA4zDES.jpg[/img][/QUOTE] Oh boy, there's a second one aswell :v: [img]http://www.colourbox.com/preview/2909283-670894-hacker-sitting-in-dark-room.jpg[/img]

Ha. Joke's on you, I switched to KeePass not long ago.

I wonder if that's why Steam asked me to verify my e-mail address again today.

[QUOTE=Mitchel.;45608098]Oh boy, there's a second one aswell :v: [img]http://www.colourbox.com/preview/2909283-670894-hacker-sitting-in-dark-room.jpg[/img][/QUOTE] She looks like female version of Michael Myers from Halloween

[QUOTE=DrAkcel;45610740]She looks like female version of Michael Myers from Halloween[/QUOTE] Pretty sure that's a dude.

[QUOTE=cqbcat;45604107]Hurray! Let's make this a thread for generic stock images of hackerz. [/QUOTE] What about "Script Kiddies" [img]http://i.kinja-img.com/gawker-media/image/upload/s--0sNlhiim--/c_fit,fl_progressive,q_80,w_636/18k297j0vcyenjpg.jpg[/img]

Creepily enough I had an email from spotify today (someone tried to reset my password), first time I've ever received an email like this.

Is there a list out yet? I honestly can't remember every site I've signed up to, and if I have used the same password. I know my email(with two-step verification on), and a few other sites have a different password, but that's it.

oh no [IMG]http://i.imgur.com/Fc2Mpjk.jpg[/IMG]

Heh, they got into my Hotmail account, which made me laugh. Those Russian hackers will love getting all that spam and my 1000+ unread e-mails.

Dafuq :v: [IMG]http://cdn.sadanduseless.com/wp-content/uploads/2011/12/h9.jpg[/IMG]

This kind of shit gets me really stressed and worried. Like if someone manage to crack my Steam account or something I could potentially lose access to all the games I spent some of my hard earned cash on or if one of my email accounts gets cracked I could lose access to tons of services I use. Back when you bought games, movies and music's on CDs I didn't have to worry about this kind of shit. Sure I still mostly buy my music on Cs and vinyl and my movies on DVD but it's getting harder to find games as physical copies, expecially PC games and I fear that In the future I might not even be able to find movies or albums in physical form and streaming something from a server becomes the norm I've been really stressed out lately and the fact that I have to rely more and more on Internet based services that could be compromised by some asshole in another country is not making it any better. I keep worrying more and more about having things I've spent my hard earned cash on or more importantly, my personal information compromised and sold by some random asshole. Maybe I'm worrying to much and maybe I'm sounding like some kind of technology fearing luddite but I think we are starting to rely on the Internet a bit to much.

[QUOTE=Zergeant;45603856]I think I might have witnessed the effects of this, I got a email that was supposedly from Paypal, it displayed no email address and told me that they had made changes that I needed to review. I hovered the link in the mail and it led to some site called startup(dot)ru/hack. I then went to block the sender, to which it asked me if I wanted to block mails from my own address. Creepy stuff, promptly changed password.[/QUOTE] Most likely just a fake/forged sender, you can do that really easily with email. (There are [I]some[/I] limitations, for example it's more difficult to forge GMail to GMail users, but you can still make it appear as coming from someone as long as noone checks more closely.)

i'm not too worried about this kind of thing, because i doubt they're going to sit down and input every single address + password combination that they've decrypted. chances are they aren't even paired, they just have a jumble of addresses and passwords.

[QUOTE=cqbcat;45604107]Hurray! Let's make this a thread for generic stock images of hackerz. [IMG]http://31.media.tumblr.com/tumblr_lwap2iVkPR1r5c8qzo1_400.jpg[/IMG][/QUOTE] [IMG]http://fistchatsteve.files.wordpress.com/2012/08/computer-hack-hacker-hacking-icloud.jpg[/IMG]

[QUOTE=LilRobot;45617328]i'm not too worried about this kind of thing, because i doubt they're going to sit down and input every single address + password combination that they've decrypted. chances are they aren't even paired, they just have a jumble of addresses and passwords.[/QUOTE] IF they get a database then they would be paired. They wouldn't need to sit down to check them; automate the process. Send a request with username and password and log the response. Any which return a valid response are good to go.

None of my accounts have any real monetary value, if they took over they'd be wasting their time.

Took my NPower account. Enjoy paying my £200 gas bill.