Author

Topic: Need for encryption stronger!!!Russia gang hacks 1.2 BILLION usernames/passwords (Read 1172 times)

member
Activity: 62
Merit: 10
Quote

"""""A Russian crime billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Even Adobe Systems doesn’t encrypt their data, this will hurt their image. There should be some laws which force companies to encrypt customer data, in the end this is damaging the economy more when it occurs - then the time it consumes to add crypto.

If they do encrypt it I bet you it is such a low level encryption that it got solved after weeks/months. If they were using bitcoins encryption however, it would probably take all super computers in the year 2,100 to be able to solve one privatekey hehe.

That is interesting adobe got hacked like that, there should be a law to encrypt at least at a SHA-3 or 4 level or something.

SHA isn's secure enough on its own, it can be brute forved too quickly unless many rounds are used. Password hashing is easy, I use it even in websites that don't need to be secure. That being said, there doesn't need to be a law. There are too many laws already. Users need to avoid using the same password on every site.
Amen, vote with your money, or boycott Adobe for it's lax encryption. It worked to dry up the market for Harp Seal pup fur.
hero member
Activity: 700
Merit: 500
Is this news good or bad for the Bitcoin? I mean the price.

Well, sometime they are going to find out your password, so the golden tip is to just use a differend password on every site, so you conceal the risk to 1 site at a time.

While that is also very true there are some other ways to protect yourself. You can for instance encrypt an Auto Hotkey script that can input your password for you. Essentially you can create something yourself or use something someone else uses. Then you bind it to hot keys and launch it when needed. The great thing about this is that you can make your password as long and confusing as possible. For example, say your password is DonkeyKong49of4080.

The Auto Hot Key file would be able to type that in for you, but here is the obfuscation part, code it in such a way that the end result is your password. Make it into a program that goes around in circles so many times and hits so many different keys and back spaces and copy and pastes and does all these thing and mostly every keylogger can't track it.

So your code might type in the word D30dk3jK03jdke49 then delete out the bad parts, then later add in more letters then the password is later fully reassembled. I haven't heard of a keylogger that could decipher what is going on with these types of things, you could actually have it copy and paste multiple things from text files too and run it through a lot of spoofs before your end result password ends at DonkeyKong49of4080. But the keylogger sees D23030jDk300jjfKj30fjjlkjdkljlk3j0Kjf0303084O030afjajwfjnNG2300jfalk305rq3u0awe 0rja0 wja0wef aw9jh i34ojal34kjflkj 3-40 1=34 1-241=2-3 =3049-19408608567056 0-394-91234-93 4340 34 923040 23534tu- 085t 4534i5 jq234058 34. Know what I mean?
sr. member
Activity: 518
Merit: 250
Is this news good or bad for the Bitcoin? I mean the price.

Well, sometime they are going to find out your password, so the golden tip is to just use a differend password on every site, so you conceal the risk to 1 site at a time.

I think for bitcoin it doesn't matter too much, private keys are unlikely their adobe passwords. It's bad news for Adobe and other corporations, but -  I think in the end none of them will encrypt their customer data - so we will see the same thing all over again, making this crime a profitable business. The solution is so easy though  Smiley
hero member
Activity: 812
Merit: 1000
I <3 VW Beetles
Is this news good or bad for the Bitcoin? I mean the price.

Well, sometime they are going to find out your password, so the golden tip is to just use a differend password on every site, so you conceal the risk to 1 site at a time.
hero member
Activity: 700
Merit: 500
Quote

"""""A Russian crime billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Even Adobe Systems doesn’t encrypt their data, this will hurt their image. There should be some laws which force companies to encrypt customer data, in the end this is damaging the economy more when it occurs - then the time it consumes to add crypto.

If they do encrypt it I bet you it is such a low level encryption that it got solved after weeks/months. If they were using bitcoins encryption however, it would probably take all super computers in the year 2,100 to be able to solve one privatekey hehe.

That is interesting adobe got hacked like that, there should be a law to encrypt at least at a SHA-3 or 4 level or something.

SHA isn's secure enough on its own, it can be brute forved too quickly unless many rounds are used. Password hashing is easy, I use it even in websites that don't need to be secure. That being said, there doesn't need to be a law. There are too many laws already. Users need to avoid using the same password on every site.

Exactly. I cringe every time someone says "there should be a law" when something like this happens. We are so dead set on giving government carte blanche to grow. 


So there should just be guidelines set forth by what entity then? There is a federal law stating women should get contraception coverage because they can't afford it(which only costs 10 bucks a month in most states). So if we are allowed to lie about these types of things and make laws, why not make a law that is actually pretty legit? Mandatory encryption. Just sayin.

Just because there are worse laws doesn't mean we should give up on reducing the growth of government.

While I do agree the government needs to be reduced and they need to stop over promising on entitlements and welfare and all these other programs, I also advocate for the government to do certain things. If you didn't know about corporate espionage here are some estimates of how much is lost to other countries that steal our secrets. Keep in mind government policy is the primary driver for why businesses get data stolen from them, when they are not required to protect their own data at a higher level it gets stolen.

Estimations of having 500 Billion USD worth of innovations stolen per year, which if you take a average tax rate of lets say 20% on that is 100 Billion USD the government loses in taxes each year, and 400 Billion companies lose overall. I would say in this scenario if you are against having the government make some policies for this(which causes the U.S. to get hacked because of bad policies already put in place) than you are advocating that we should let people get more innovations stolen and lose tons of money. Applying 100 Billion towards taxes is a huge lift that would go a long way to paying down our national debt. Especially letting companies bring their overseas money that is stored in different countries back over for a reduced tax(which most companies leave it in other countries because the penalty to bring back is way too high so we never get any taxation benefits from them).

http://www.theepochtimes.com/n3/326002-the-staggering-cost-of-economic-espionage-against-the-us/

http://www.bloomberg.com/news/2012-03-15/china-corporate-espionage-boom-knocks-wind-out-of-u-s-companies.html

http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf

 
legendary
Activity: 1330
Merit: 1003
Quote

"""""A Russian crime billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Even Adobe Systems doesn’t encrypt their data, this will hurt their image. There should be some laws which force companies to encrypt customer data, in the end this is damaging the economy more when it occurs - then the time it consumes to add crypto.

If they do encrypt it I bet you it is such a low level encryption that it got solved after weeks/months. If they were using bitcoins encryption however, it would probably take all super computers in the year 2,100 to be able to solve one privatekey hehe.

That is interesting adobe got hacked like that, there should be a law to encrypt at least at a SHA-3 or 4 level or something.

SHA isn's secure enough on its own, it can be brute forved too quickly unless many rounds are used. Password hashing is easy, I use it even in websites that don't need to be secure. That being said, there doesn't need to be a law. There are too many laws already. Users need to avoid using the same password on every site.

Exactly. I cringe every time someone says "there should be a law" when something like this happens. We are so dead set on giving government carte blanche to grow. 


So there should just be guidelines set forth by what entity then? There is a federal law stating women should get contraception coverage because they can't afford it(which only costs 10 bucks a month in most states). So if we are allowed to lie about these types of things and make laws, why not make a law that is actually pretty legit? Mandatory encryption. Just sayin.

Just because there are worse laws doesn't mean we should give up on reducing the growth of government.
hero member
Activity: 700
Merit: 500
Quote

"""""A Russian crime billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Even Adobe Systems doesn’t encrypt their data, this will hurt their image. There should be some laws which force companies to encrypt customer data, in the end this is damaging the economy more when it occurs - then the time it consumes to add crypto.

If they do encrypt it I bet you it is such a low level encryption that it got solved after weeks/months. If they were using bitcoins encryption however, it would probably take all super computers in the year 2,100 to be able to solve one privatekey hehe.

That is interesting adobe got hacked like that, there should be a law to encrypt at least at a SHA-3 or 4 level or something.

SHA isn's secure enough on its own, it can be brute forved too quickly unless many rounds are used. Password hashing is easy, I use it even in websites that don't need to be secure. That being said, there doesn't need to be a law. There are too many laws already. Users need to avoid using the same password on every site.

Exactly. I cringe every time someone says "there should be a law" when something like this happens. We are so dead set on giving government carte blanche to grow. 


So there should just be guidelines set forth by what entity then? There is a federal law stating women should get contraception coverage because they can't afford it(which only costs 10 bucks a month in most states). So if we are allowed to lie about these types of things and make laws, why not make a law that is actually pretty legit? Mandatory encryption. Just sayin.
legendary
Activity: 3766
Merit: 1217
So what they intend to do with all this data? Are they putting it up for auction in any of the dark market sites such as Silk Road 2.0 or Pandora? How many people were involved in these attacks?
sr. member
Activity: 406
Merit: 250
Quote

"""""A Russian crime billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Even Adobe Systems doesn’t encrypt their data, this will hurt their image. There should be some laws which force companies to encrypt customer data, in the end this is damaging the economy more when it occurs - then the time it consumes to add crypto.

If they do encrypt it I bet you it is such a low level encryption that it got solved after weeks/months. If they were using bitcoins encryption however, it would probably take all super computers in the year 2,100 to be able to solve one privatekey hehe.

That is interesting adobe got hacked like that, there should be a law to encrypt at least at a SHA-3 or 4 level or something.

SHA isn's secure enough on its own, it can be brute forved too quickly unless many rounds are used. Password hashing is easy, I use it even in websites that don't need to be secure. That being said, there doesn't need to be a law. There are too many laws already. Users need to avoid using the same password on every site.

Exactly. I cringe every time someone says "there should be a law" when something like this happens. We are so dead set on giving government carte blanche to grow. 
legendary
Activity: 1330
Merit: 1003
Quote

"""""A Russian crime billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Even Adobe Systems doesn’t encrypt their data, this will hurt their image. There should be some laws which force companies to encrypt customer data, in the end this is damaging the economy more when it occurs - then the time it consumes to add crypto.

If they do encrypt it I bet you it is such a low level encryption that it got solved after weeks/months. If they were using bitcoins encryption however, it would probably take all super computers in the year 2,100 to be able to solve one privatekey hehe.

That is interesting adobe got hacked like that, there should be a law to encrypt at least at a SHA-3 or 4 level or something.

SHA isn's secure enough on its own, it can be brute forved too quickly unless many rounds are used. Password hashing is easy, I use it even in websites that don't need to be secure. That being said, there doesn't need to be a law. There are too many laws already. Users need to avoid using the same password on every site.
hero member
Activity: 700
Merit: 500
Quote

"""""A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Even Adobe Systems doesn’t encrypt their data, this will hurt their image. There should be some laws which force companies to encrypt customer data, in the end this is damaging the economy more when it occurs - then the time it consumes to add crypto.

If they do encrypt it I bet you it is such a low level encryption that it got solved after weeks/months. If they were using bitcoins encryption however, it would probably take all super computers in the year 2,100 to be able to solve one privatekey hehe.

That is interesting adobe got hacked like that, there should be a law to encrypt at least at a SHA-3 or 4 level or something.
sr. member
Activity: 518
Merit: 250
Quote

"""""A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Even Adobe Systems doesn’t encrypt their data, this will hurt their image. There should be some laws which force companies to encrypt customer data, in the end this is damaging the economy more when it occurs - then the time it consumes to add crypto.
hero member
Activity: 700
Merit: 500
Talk about hitting a jackpot in terms of hacking data!!!!

http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html

Holy crapppppppppppp!!! Hacking over 1.2 Billion usernames and passwords should be a wake up call to normal users on anything. This strongly and proudly screams WE NEED MORE ENCRYPTION. I hope more people turn to bitcoin to protect their money.

Here is a short excerpt from the article.

"""""A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information."""""


While I do agree the government needs to be reduced and they need to stop over promising on entitlements and welfare and all these other programs, I also advocate for the government to do certain things. If you didn't know about corporate espionage here are some estimates of how much is lost to other countries that steal our secrets. Keep in mind government policy is the primary driver for why businesses get data stolen from them, when they are not required to protect their own data at a higher level it gets stolen.

Estimations of having 500 Billion USD worth of innovations stolen per year, which if you take a average tax rate of lets say 20% on that is 100 Billion USD the government loses in taxes each year, and 400 Billion companies lose overall. I would say in this scenario if you are against having the government make some policies for this(which causes the U.S. to get hacked because of bad policies already put in place) than you are advocating that we should let people get more innovations stolen and lose tons of money. Applying 100 Billion towards taxes is a huge lift that would go a long way to paying down our national debt. Especially letting companies bring their overseas money that is stored in different countries back over for a reduced tax(which most companies leave it in other countries because the penalty to bring back is way too high so we never get any taxation benefits from them).

http://www.theepochtimes.com/n3/326002-the-staggering-cost-of-economic-espionage-against-the-us/

http://www.bloomberg.com/news/2012-03-15/china-corporate-espionage-boom-knocks-wind-out-of-u-s-companies.html

http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf
Jump to: