For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
What leads you to the conclusion that the strong passwords were hacked rather than phished ?
My understanding is that the stronger the password, the harder it is to hack (i.e. guess) and therefore the more likely it is to have been phished (social engineering) or recorded by a key logging trojan or virus.
One of the fundamental issues that should be mentioned here is that people often use the same password on many different sites.
You should always make sure that you use different passwords for your banking sites and your email sites - having one password for low risk sites is not a good idea but probably expedient.
(P.S. Banks should be standardising on
anti-phishing measures in their email)
I hadn't noticed this blog until you'd flagged it, so thanks for pointing out some of the glaring errors.
Title - hacked via a botnet or phished
Para 1 - they're phished -good old social engineering!
Para 2, line 1 - they're hacked, but some were very weak!
Para 2, line 3 - now they're stolen (so not UK victims, as you can't steal information, merely exploit it for other unlawful purposes)
Para 2, line 5 - back to hacking, and only insecure passwords can be hacked, clearly
Para 3 - strong passwords are on the compromised list.
So, actually back to para 2 because, in itself (over and above the truism that those who are using stronger passwords are likely to be security aware and hence have anti-virus, et al, and not fall for Dear Mister emails) anyone using an insecure password is
no more likely to be a victim of hacking or phishing.
If you've an insecure machine and you're gullible then the security of your password makes not the slightest difference (besides the chances of a friend or colleague logging in as you).
Final paras are valid, but hardly news, so I'm afraid to say the only 'laziness and less than sophisticated approach to security' rests with the author.
Thanks for dragging me under the bus gents. Bet your mum is proud of you. I was pointing out how some researchers had come to the conclusion. I reported on it. So eat it.
Play nice please fellas.
congrats that you made it to say write/report something that shown that PASSWORDS are a big part causing all this internet fraud. Just imagine we wouldnt use them any more. Meaning to use something that one has to remember and when beeing authenticated to
type in his PC.... just look at the solution that shows a real altenative solution which provides strong authentication without costs...www.weblookon.com
Dont be soo bad to Mike. This blog is very usefull for all who are concerned to security. Of course there are very few of them with a proved knowledge on all these topics like you. And I mean it. By the way, you still have´nt found out (cracked) the WebLookOn
key-secret according to your WebLookOn Key-ID : a.churchill ......
04 Feb 2009
24 Mar 2020
12 Mar 2020
05 Mar 2020
27 Feb 2020