Everybody's password stolen - almost

[destrekor]

You're part of a society who calls it hacking when they find somebody still logged into Facebook, so I think you're fighting a losing battle.

According to mainstream news: "Any bad thing done to a computer system = hacking," even if you gained access by using login information that you got simply by asking someone for it.

Sometimes, I like to forget. It keeps my hopes up. 😉

 

[Jeff7]

Sometimes, I like to forget. It keeps my hopes up. 😉

🙂 Yeah.
Likewise, it's often not safe for me to mingle when I'm out and about.
I learn too much about other people.

Faster than I can think, more often than not. 😉

No idea, haven't measured WPM in forever. I've been tested before to reach 80-90+, but I can be sloppy too, especially if I'm just typing by way of a stream of consciousness moment.

😀

I'm known for writing "novels" at work - e-mails. Though I've come to learn that "Greater than 140 words" is "holy shit, how long did it take you to type that?"
I know some people who use a computer every day, but still type like they've never seen one before. Their e-mails tend to be lacking in length, as well as information content.
(Ask a question that's looking for an explanation and the backstory surrounding a situation. Reply: "Yup, sounds good.")

- Send e-mail short enough to be read, which causes information to be lost: Didn't understand it. Deleted it.
- Short enough to be read, includes the necessary information, but the vocabulary is too lofty: Didn't understand it. Deleted it.
- Reasonable vocabulary, and long enough to convey the necessary information: tl;dr


I suppose everyone should be glad my joints are becoming saddled with RSI from years of rapidly and efficiently using a computer, and that my coordination has never been terribly good. Otherwise, I might type even faster. (I think I max out at around 60-70WPM. :\ Beyond that, my hands get out of sequence. The left and right will end up trying to type their letters in parallel. Damn FIFO input devices...)

 

[silverpig]

According to mainstream news: "Any bad thing done to a computer system = hacking," even if you gained access by using login information that you got simply by asking someone for it.

"Hacking" = selecting the advanced install and including support for another language.

 

[akugami]

Holy crap...my twitter and facebook passwords might be stolen...time to make an account on twitter and facebook to check...

 

[ImpulsE69]

Holy crap...my twitter and facebook passwords might be stolen...time to make an account on twitter and facebook to check...

Make sure to do it from some place public. You never know what kind of hoodlums could be watching your PC just waiting..waiting..

 

[l Thomas l]

I just started working for a company that uses ADP. My SSN is in their system.. They have printed it out on documents, in full. And they still use Internet Explorer too. Not too many technical people at this job. Obviously not too concerned about privacy. Is there anything I can do to protect myself? Does anyone know an affordable service that notifies you when someone signs up for a credit card or uses your SSN?

I'm not worried at all about any of my website accounts or my computer. I know what I'm doing. I'm only worried about other people who have my data.

 

[destrekor]

"Hacking" = selecting the advanced install and including support for another language.

If that's the case, what is my Rooting and ROMing of Android phones? Sorcery?

I'd love to know sorcery! 😀

 

[RossMAN]

I just started working for a company that uses ADP. My SSN is in their system.. They have printed it out on documents, in full. And they still use Internet Explorer too. Not too many technical people at this job. Obviously not too concerned about privacy. Is there anything I can do to protect myself? Does anyone know an affordable service that notifies you when someone signs up for a credit card or uses your SSN?

I'm not worried at all about any of my website accounts or my computer. I know what I'm doing. I'm only worried about other people who have my data.

CreditKarma.com is free and trustworthy, worth looking into.

 

[Red Squirrel]

How can they consider this a hack when it's a key logger? That's more like a virus that happens to grab passwords.. facebook password being one of them. So if you don't have the keylogger installed then you are not at risk. Hacked would be if someone managed to get into their servers and download the entire password DB.

 

[destrekor]

How can they consider this a hack when it's a key logger? That's more like a virus that happens to grab passwords.. facebook password being one of them. So if you don't have the keylogger installed then you are not at risk. Hacked would be if someone managed to get into their servers and download the entire password DB.

We've been down that path.

Oh young grasshopper, you have much to learn about humans. They are not so wise, the filthy illiterate masses.

 

[JimmiG]

Well...you can get A LOT of information about a person from Facebook at least, that could be used for identity theft.

Also, the main point is most people use 1 or 2 passwords for everything..so more than likely most of those Facebook passwords could be useful for other more dangerous areas of the persons life (such as online bank accounts etc).

Yep, Facebook gives you the answer to the "secret" question (what's the name of your school/mom/pet etc.), so if you used the same password for your Gmail, they can reset the password for any site or service you use.

 

[Jeff7]

"Hacking" = selecting the advanced install and including support for another language.

"....I've never seen this screen before. Are you hacking the server?"

"No, this is called 'Device Manager.'"

 

[Ichinisan]

...only if you had the malware key logger in your system, OP.

 

[rudeguy]

did they steal yahoo passwords?

I forgot mine like 10 years ago. Maybe they have it?

 

[CZroe]

318,000 Facebook (FB, Fortune 500) accounts
70,000 Gmail, Google+ and YouTube accounts
60,000 Yahoo (YHOO, Fortune 500) accounts
22,000 Twitter (TWTR) accounts
9,000 Odnoklassniki accounts (a Russian social network)
8,000 ADP (ADP, Fortune 500) accounts (ADP says it counted 2,400)
8,000 LinkedIn (LNKD)accounts

That's 495,000. Whatever pushed the amount up to "2 million" as they claim must have been too insignificant to list despite forming the bulk of the stolen passwords.

Notably missing: PayPal.

 

[Fritzo]

Massive hack? Seriously? What a misnomer and grossly errant fear-mongering statement.

That was a cumulative total, accumulated over time from organized keylogging malware that managed to get spread quite well.

If they spread malware and only have that which they directly captured from individual infections, that's not hacking.
If they obtained access into the central servers to these services and obtained a large number of credentials straight from the source... that's hacking. 😉

Yeah, it looks like having even rudimentary antivirus protection would have prevented it from happening.

 

[CZroe]

Yeah, it looks like having even rudimentary antivirus protection would have prevented it from happening.

They seem to be describing a rootkit keyloger that may be invulnerable to after-the-fact AV scans. If so, as long as the malware was wide-spread before its discovery, there's nothing a typical AV scan can do. The nasty rootkits even persist after a boot drive format and OS re-installation these days.

 

[Zargon]

How can they consider this a hack when it's a key logger? That's more like a virus that happens to grab passwords.. facebook password being one of them. So if you don't have the keylogger installed then you are not at risk. Hacked would be if someone managed to get into their servers and download the entire password DB.

because its CNN Money writing the article

 

[Scarpozzi]

I turned on facebook notifications. If anyone logs into my account on FB from an unrecognized device, I'm notified in an Email. ....which is basically every device except the app on my phone.

I like how they don't mention what the malware is, give it a name, or any details, yet they seem to know so much about it...

 

[Red Squirrel]

"....I've never seen this screen before. Are you hacking the server?"

"No, this is called 'Device Manager.'"

Actually wasn't there a member here that got fired for "hacking"? He was using ipconfig or something like that... lol.

My cat actually hacked a laptop once, it was right in the middle of a windows install and she pulled up a command prompt. No idea what she did at the time. Turns out there's a key combination to get a command prompt for debugging purposes.

 

[highland145]

That's exactly what you said the last two times.



😛

Yeah, AnAnd needs to beef up security.

😛

 

[Ichinisan]

I turned on facebook notifications. If anyone logs into my account on FB from an unrecognized device, I'm notified in an Email. ....which is basically every device except the app on my phone.

I like how they don't mention what the malware is, give it a name, or any details, yet they seem to know so much about it...

...and how did they find out how many passwords were stolen? Were they all being stored in a place that is accessible to the public? Sophisticated malware would distribute them across a botnet.

 

[Jeff7]

did they steal yahoo passwords?

I forgot mine like 10 years ago. Maybe they have it?

😀

That'd be an excellent thing to say while in court.

"Well, see, I lost my password a long time ago, and Customer Service just wasn't helping. Once I found a way in, the hashes were all stored in one big folder, so I figured that if I took them all, I'd eventually find mine."



You'd probably have at least a third of the jury, and maybe one of the lawyers, asking if you could find theirs as well.

Actually wasn't there a member here that got fired for "hacking"? He was using ipconfig or something like that... lol.

My cat actually hacked a laptop once, it was right in the middle of a windows install and she pulled up a command prompt. No idea what she did at the time. Turns out there's a key combination to get a command prompt for debugging purposes.

Link. (OLD THREAD. Don't necro the old thread.)

I work (worked?) in a surveillance department. My bosses all knew that I was very competent with hardware, software, and networking so they would routinely ask me for help with things.

An IT position opened up in the department, and I was elated. I could get a $4 an hour raise for doing what i like to do.

Other associates, who were far less qualified, also put in for the position and we all had to wait for interviews.

Two days before my interview, during one of my breaks, i opened a command prompt and ran some diagnostic commands to help me understand how the network was set up. I wanted to have an edge at the interview because I could specifically talk about how our network is laid out and discuss the hardware installed on the machines.

I only used diagnostic commands.

ipconfig /all
tracert
nbtstat
netstat
arp -a

Long story short, my supervisor (whom had also put in for the position, and was far less qualified, he didnt even know how to install a wireless router in his home) turned me for "hacking the network".

HR gets involved, they don't know a damn thing about networking. They take statements from both of us. I ask them to go to IT to verify that I did nothing wrong. They don't.

Boss fires me for "tampering with surveillance equipment" while he is on vacation.

I now have no job and don't know how i am going to pay rent next month. Awesome. I have never been fired from a job in my life. I have never even been in trouble with an employer before.

On a side note, one of the other employees INSTALLED AN UNSECURED WIRELESS ROUTER ON THE CORPORATE NETWORK IN SURVEILLANCE , GOT CAUGHT, and nothing happened to him.

Is this wrongful termination? I don't know how the law works.

Updates with some FAQs:

I will not be allowed to take unemployment because i was fired for misconduct.

Getting another job in this field may not be easy because of the bad reference.

Upon conversation with another employee tonight, I learned that the boss that fired me leaked that he was going to fire me before my statement was even taken by HR.

I may have been fired for being an Atheist in the bible belt. I have proof that someone did much worse things with the network (i didn't do anything wrong) and he was promoted. He is the same religion as the boss that fired me.

http://forums.anandtech.com/showthread.php?t=2281732

 

[highland145]

😀

That'd be an excellent thing to say while in court.

"Well, see, I lost my password a long time ago, and Customer Service just wasn't helping. They were all in one folder, so I figured that if I took them all, I'd eventually find mine."

😀