Lately a lot of 'internet famous' people have been getting their accounts hacked by an individual/group calling themselves poodlecorp.
Youtube and Twitter aren't sites you can hack by typing ' OR TRUE OR ''=' into the password field. They also did some DDOSing - not surprising they have a botnet. But I don't think you can brute-force these types of accounts. I know google start asking for captchas after a few tries - sure you can probably buy these for <10000/$1, but they'd ask for phone verification or lock down the account when your number of attempts gets suspiciously high.
I'm not an expert by any stretch of the imagination, but I'm guessing it's more likely they just hacked into their victims' PCs. Still, they'd have to find their IP, hope the machine isn't behind a router or has ports forwarded, then find some unpatched vulnerability, and make sure their malware doesn't get detected after they send the payload...
I don't want this to be another 'i wanna b 1337 plz t33ch me h0w 2 h4x0r' post, but does anyone know how they could pull off something like this?
I'm guessing it's more likely they just hacked into their victims' PCs. Still, they'd have to find their IP, hope the machine isn't behind a router or has ports forwarded, then find some unpatched vulnerability, and make sure their malware doesn't get detected after they send the payload...
Unlikely.
The most likely scenario is a case of weak and reused passwords. Even if I don't know your password on StrongSite, if I know you have an account on WeakSite and you have reused the password, by brute-forcing WeakSite I'm indirectly brute-forcing StrongSite.
I'd like to see a website that automatically rejects the user's first choice of password, then chastises the user if their second choice of password appears on any of those "most common password" lists.
I have at least 7 passwords along with user names that I have to change monthly all with slightly different rules on what they will accept making it difficult to use the same passwords for each user name. So I like everyone that I know either uses the same password each month and and increments a number within the password so I am able to remember them or we write them down.
Either common system for remembering passwords is very insecure. I pray every night that passwords will be replaced with keys. You don't have to remember them you just have to keep them on you. Keys work fine for cars and doors why not computers if the data is actually valuable?
And for most websites I find passwords silly--who cares if I am "hacked" why can't I use an insecure passwords--if I could I would always use "GOD".
There are freeware/free programs that manage passwords for you. From creating a random string of letters and numbers, to remembering them in an encrypted data file with associated website. A few password protect the program itself. Just do a search and see what is available.
Yep. If you're remembering more than one or two passwords, you're doing it wrong. Not necessarily because you might forget them, but because using wetware storage encourages you to use weak passwords with low information density.
Damn, I was hoping for something more spectacular.. guess I just assumed the people with 5 million subs would know better
There is nothing spectacular or cool with cracking like in movies, almost all of the time it's about finding simple vulnerabilites which most people overlook.
Vulnerabilites like password resue, simple passwords and even brute-force (this is how the The Fappening occurred, Apple didn't deter brute-force attempts by using a timer/count in one of it's login point).
Consider this situation. You go to your office, near the parking lot you see a flash drive. What would you do ?
If you're like most people, you'd pick it up and open it. And a lot of people are technically illiterate to the point of recklessly opening things inside it which could get you a key-logger or a worm.
Consider this situation. You go to your office, near the parking lot you see a flash drive. What would you do ?
If you're like most people, you'd pick it up and open it. And a lot of people are technically illiterate to the point of recklessly opening things inside it which could get you a key-logger or a worm.
Maybe I should try this at my work..
Also saw the poodlecorp stream last night and it was pretty disappointing. Mostly just dumb 'dem google 0-days' jokes