Wednesday, May 30, 2012

Hacked Passwords


Currently it happens way too often that passwords of email accounts get hacked. The compromised accounts get used to send out spam emails that will one way or another make money for the crooks behind this scam.  Mainly affected are accounts that end with
  • @yahoo.com
  • @hotmail.com
  • @aol.com
  • @att.net
  • @sbcglobal.net
AT&T and SbcGlobal accounts are affected because AT&T subcontracted Yahoo to technically handle their email accounts. This is true for our local area. In other parts of the country other email accounts may be affected as well.

Affected accounts are used to send out spam email that look mostly like that:
this is rather awesome http://www.eudonews.net/biz/?read=6036326
The leading text and readable part of the link can be different but so far the general format has been similar. I expect that sooner or later (I am afraid sooner) the crooks will replace the leading text with more intriguing and/or salacious creations.

Again and again I have to say: Even when such an email seems to come from someone you know DO NOT CLICK on the link! The sender address in an email is NOT trustworthy, it can easily be faked to show whatever the crook wants you to see!

The links always lead to known malicious and untrustworthy websites. One way or another the crooks make money, lots of money. Some gang that recently got busted had collected about 14Million dollars.

The accounts could get hacked because the passwords were too short, simple, easy or any combination thereof.

In April 2011 I wrote an article about "Passwords too simple - What to do about it". It still is valid!

Just as an example: A collector of classic cars uses the password "fordbuff". Eight character length is by some technicians considered to be a fairly good password. BUT see this from passwordmeter.com:



Had he chosen "I am a Ford buff" it looks like this:

And now look at the result for "Driving 2 Fords":


Impressive differences, aren't they? And where come these differences from? Example two contains capital letters and special characters (spaces), example three contains an additional number.

If you have not yet done so please read my April 2011 article about "Passwords too simple - What to do about it". It still is valid! 

And another possible reason for your account passwords being hacked may be that you have a password sniffing virus on your machine. Do you already run Microsoft Security Essentials or are you still on Avast, AVG or Avira, "the other" free anti-virus programs? 

Conclusion: A simple little sentence with a number somewhere in it is way better than any single word!

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

No comments: