Russian gang has stolen 1.2B(!) passwords: security researchers - Polidicks

Just upped my security on my paypal account, I'm going to get one of those cards which generates a number.

[QUOTE=StrawberryClock;45605641]I don't even know how this one makes sense. The hacker was actually inside your computer all along? [t]http://reachingutopia.com/wp-content/uploads/2013/02/Computer-Hacker.jpg[/t][/QUOTE] Counter Strike in 3D!

I think this might be fake. Some security firm says that billions of passwords have been stolen but refuse to say who is affected? Why is nobody else reporting this besides one security firm? Why haven't I heard anything else or received emails? Usually there is more info by now. Something is wrong.

Changed my Gmail and Facebook passwords just in case. Better safe than sorry.

Fucking hell i just got use to my new passwords i don't want to go changing them again [editline]7th August 2014[/editline] Whats a good way to make a secure password

[QUOTE=Lexinator;45618486]Fucking hell i just got use to my new passwords i don't want to go changing them again [editline]7th August 2014[/editline] Whats a good way to make a secure password[/QUOTE] mixed characters, like: skj89$2!

[QUOTE=-Sleepy-*;45618508]mixed characters, like: skj89$2![/QUOTE] They won't stop a keylogger and if the websites DB is not/poorly encrypted no amount of password complexity will save you. The only 2 advantages of such a password is that it is impossible to guess and won't appear in rainbow tables for commonly used passwords.

[QUOTE=Xploder;45612439]What about "Script Kiddies" [img]http://i.kinja-img.com/gawker-media/image/upload/s--0sNlhiim--/c_fit,fl_progressive,q_80,w_636/18k297j0vcyenjpg.jpg[/img][/QUOTE] [t]http://thumbs.dreamstime.com/z/young-computer-hacker-8806983.jpg[/t]

Does keepass work with steam the application not the website?

Oh shit. They had better not have jacked my Habbo and Club Penguin accounts. :pwn:

[QUOTE=Lexinator;45618683]Does keepass work with steam the application not the website?[/QUOTE] yes

I logged into facebook today and was informed that someone from Baghdad had tried to enter my account. Thankfully facebook blocked it, but be wary guys. Changing all my passwords as I type this.

This is why you don't use facebook.

I too communicate with my friends using smoke signals and messenger pigeons.

[QUOTE=Lexinator;45618683]Does keepass work with steam the application not the website?[/QUOTE] The way KeePass works is it's just a database to contain your passwords because remembering a random string of characters would be impossible. You set a master password to the database and, if you want, a key file, you need both to access the database. You just make an entry and call it whatever you want, type in the username and generate a password like f2d94814f8ab828a1c0d034cd03bc514 (example), save it to the database and change the password on Steam to that. In the database you see the entries you created and you double-click the password you want and it's copied to the clipboard for a default amount of 12 seconds to give you time to paste into the dialog box. If you're out and about and you wanna log into your e-mail and you can't remember the garbled password, no problem, there are some KeePass apps too. You could have your database on something like Dropbox and a local backup on your hard drive so you can get to your passwords on your smartphone Honestly just download it and give it a try, I expected the switch to be really grueling but it's quite nice now that I'm used to it

I keep reading KeePass as KeepAss

[QUOTE=Jojje;45624430]The way KeePass works is it's just a database to contain your passwords because remembering a random string of characters would be impossible. You set a master password to the database and, if you want, a key file, you need both to access the database. You just make an entry and call it whatever you want, type in the username and generate a password like f2d94814f8ab828a1c0d034cd03bc514 (example), save it to the database and change the password on Steam to that. In the database you see the entries you created and you double-click the password you want and it's copied to the clipboard for a default amount of 12 seconds to give you time to paste into the dialog box. If you're out and about and you wanna log into your e-mail and you can't remember the garbled password, no problem, there are some KeePass apps too. You could have your database on something like Dropbox and a local backup on your hard drive so you can get to your passwords on your smartphone Honestly just download it and give it a try, I expected the switch to be really grueling but it's quite nice now that I'm used to it[/QUOTE] Another alternative to KeePass is LastPass, which is more of a service run by a company than just a free program you run on your own computer. Personally, I like LastPass more. Some of KeePass's integration with Chrome was a little finicky and I found LastPass's integration across multiple device pretty much seamless and effort free.

You people are all wrong. This was a Russian [B]gang[/B]. That's more than one person. I'm sure something of this caliber would've been at least a three-man job. [img]http://puu.sh/aJamv/aff20393a2.jpg[/img]

[QUOTE=-Sleepy-*;45618508]mixed characters, like: skj89$2![/QUOTE] [IMG]http://imgs.xkcd.com/comics/password_strength.png[/IMG]

That XKCD doesn't apply anywhere ever. Also on note Marvel account passwords are stored in plaintext

[QUOTE=bdd458;45625200][IMG]http://imgs.xkcd.com/comics/password_strength.png[/IMG][/QUOTE] Not a security specialist here but isn't word passwords like that relatively easy to brute with dictionary attack? Sure there's more characters but they're all common words.

[QUOTE=itisjuly;45625559]Not a security specialist here but isn't word passwords like that relatively easy to brute with dictionary attack? Sure there's more characters but they're all common words.[/QUOTE] brutes are uncommon as hell unless you're a special target though social engineering is far, far more common in these cases, and you're way more likely to have your password stolen because you had a keylogger or because you let people know stuff about your life on the internet and someone pieced together that your password is probably your dog's/girlfriend's name or your birthday or because the site's database was accessed than because someone spent time going through and trying to brute your password

outlook Successful sign-in7/10/2014 1:57 PMUnited States IP address ****** Device/platform Mac OSBrowser/app Safari fucking disturbing they didn't lot in again after that however unsuccesful and then a successful log in, but nothing after that [editline]7th August 2014[/editline] do online application sites store any info I should worry about? like noco/etc it's literally impossible to do anything about those, who knows what the site is

[QUOTE=Loriborn;45625584]brutes are uncommon as hell unless you're a special target though social engineering is far, far more common in these cases, and you're way more likely to have your password stolen because you had a keylogger or because you let people know stuff about your life on the internet and someone pieced together that your password is probably your dog's/girlfriend's name or your birthday or because the site's database was accessed than because someone spent time going through and trying to brute your password[/QUOTE] It's usually a dictionary attack first then a brute attack so yes its kinda pretty very common. Social engineering is much easier though

[QUOTE=sloppy_joes;45617817]I think this might be fake. Some security firm says that billions of passwords have been stolen but refuse to say who is affected? Why is nobody else reporting this besides one security firm? Why haven't I heard anything else or received emails? Usually there is more info by now. Something is wrong.[/QUOTE] not only that but the insane number of apparently stolen passwords there are just so many massive security features on the sites, and that many sites? just like that?

so far nothing for me, email passwords changed anyway.

[QUOTE=J!NX;45625878]not only that but the insane number of apparently stolen passwords there are just so many massive security features on the sites, and that many sites? just like that?[/QUOTE] It could possibly be billions of passwords from tiny sites or whatnot, but yeah, without saying who is affected this announcement is basically meaningless. It seems like marketing or something.

[QUOTE=sloppy_joes;45625926]It could possibly be billions of passwords from tiny sites or whatnot, but yeah, without saying who is affected this announcement is basically meaningless. It seems like marketing or something.[/QUOTE] who the fuck is... hold security anyways? I've literally never heard of them it sounds like one of those sites that are geek squad wannabe's and are super cheap yet "take pride in their work", only in this case its with security [url]https://www.mywot.com/en/scorecard/holdsecurity.com?utm_source=addon&utm_content=rw-viewsc[/url] it has like 2 ratings and none of them are good at least I discovered that someone logged into my hotmail. If anyone can tell me more by looking at the IP address please PM me, incase I can (maybe?) found out who did it in-case they ever try it again. They probably saw that it was all bullshit and left though :v:

[QUOTE=itisjuly;45625559]Not a security specialist here but isn't word passwords like that relatively easy to brute with dictionary attack? Sure there's more characters but they're all common words.[/QUOTE] A dictionary attack usually is a dictionary of previously used passphrases, not a literal dictionary. This password would be basically impossible to guess, and would be considered almost literally impossible to crack if there was a number in the middle of the string.

[QUOTE=Hamsterjuice;45603823]is my neopets account safe[/QUOTE] "Means nothing to me. My [I]real[/I] treasure is in my Habbo Hotel account."