• This is a political forum that is non-biased/non-partisan and treats every person's position on topics equally. This debate forum is not aligned to any political party. In today's politics, many ideas are split between and even within all the political parties. Often we find ourselves agreeing on one platform but some topics break our mold. We are here to discuss them in a civil political debate. If this is your first visit to our political forums, be sure to check out the RULES. Registering for debate politics is necessary before posting. Register today to participate - it's free!

2 million Facebook, Gmail and Twitter passwords stolen in massive hack

Mr. Invisible said:
Well, this is somewhat worrying. Shows that the aforementioned companies need to have more/better security.
Click to expand...

Reread. Security problem wasn't at those sites, it was on the individuals computers. Didn't see how it was getting to individual computers though.

Personally, not worried too much about it. My OS is always up-to-date and I don't use windows. Unless the software somehow was run as a add-on to Firefox, then no way they got in.
 
PeteEU said:
What the article does not mention (as far as I can see) is the fact that this is not a "hack" per say. It is users who are idiots.

Why? Because these are accounts that used the following passwords..

password
1
1234
123456789
god

and so on and so on.

To be frank, they deserved to be hacked.
Click to expand...

If they are dumb enough to belief microsoft/windows security are not oxymorons, then they deserve to be hacked.
 
DVSentinel said:
If they are dumb enough to belief microsoft/windows security are not oxymorons, then they deserve to be hacked.
Click to expand...

Has NOTHING to do with Microsoft/windows. In fact these days it is Mac OSX that is the most insecure because Mac users are the most ignorant on security because they believed in the Apple hype about their systems being secure. Not even Apple believe their own hype any more. Mac OSX has massive amounts of security holes that go unplugged. Just look at the security hole that Google got fined for exploiting in Safari. It was know bug .. for 2 years, that Apple never fixed and Apple was never fined (not even sure it is fixed yet to be honest).

This has everything to do with ignorant users being exploited. I have had plenty of clients coming to complain that their email is sending out spam mail via outlook or yahoo or gmail (or other online systems). And when I tell them to change their password, they are shocked that they actually have been hacked. When I hear the password then I am not shocked.. at all. And when they change the password then suddenly the spam sending stops.. wonder why!

Sorry but people are in general stupid on passwords, both in creation but also in remembering them. Nothing is more annoying when migrating PCs or smartphones when the customer cant remember their Skype or email passwords... ARGH. And then when doing my own hacking on the PC to find the damn passwords, I find out that it is 12345 and I just laugh for a few hours shaking my head.
 
PeteEU said:
Has NOTHING to do with Microsoft/windows. In fact these days it is Mac OSX that is the most insecure because Mac users are the most ignorant on security because they believed in the Apple hype about their systems being secure. Not even Apple believe their own hype any more. Mac OSX has massive amounts of security holes that go unplugged. Just look at the security hole that Google got fined for exploiting in Safari. It was know bug .. for 2 years, that Apple never fixed and Apple was never fined (not even sure it is fixed yet to be honest).

This has everything to do with ignorant users being exploited. I have had plenty of clients coming to complain that their email is sending out spam mail via outlook or yahoo or gmail (or other online systems). And when I tell them to change their password, they are shocked that they actually have been hacked. When I hear the password then I am not shocked.. at all. And when they change the password then suddenly the spam sending stops.. wonder why!

Sorry but people are in general stupid on passwords, both in creation but also in remembering them. Nothing is more annoying when migrating PCs or smartphones when the customer cant remember their Skype or email passwords... ARGH. And then when doing my own hacking on the PC to find the damn passwords, I find out that it is 12345 and I just laugh for a few hours shaking my head.
Click to expand...

Ok. I didn't mention Apple because I have never owned one and don't feel qualified to make such statements about them.
 
DVSentinel said:
Ok. I didn't mention Apple because I have never owned one and don't feel qualified to make such statements about them.
Click to expand...

Sorry but I hear it every day... the myth about Apple being more secure and Windows being unsecure.. it is bull****. 10 years ago yes sure, Windows XP had more holes in it than Swiss cheese, but Windows 7 and 8 are some of the most secure systems out there.. far more secure than Mac OS and even Linux, because Windows gets patched for any vulnerability much faster. Linux is slow as hell in patching vulnerabilities but that is because hackers dont eat their own and so few people (other than nerds) actually use linux.

Mac OSX is also very bad because even basic 3rd party programs that get patched day to day on Windows and even Linux, have to go through Apple first and that takes a lot of time. Java is especially plagued by this problem. When Java's makers find a vulnerability they starting fixing it, but Apple blocks that Java version on its platforms until Java has sent a fix to them and they have approved it. It means that most online banking is down for Mac users when this happens.. for days and even weeks. There are workarounds, but most average Mac users cant understand how to do that, because the system behind the nice glossy front is so damn complicated compared to say Windows. And then add the usual arrogance of Apple when it comes to their products... "they just work" and are bug free.. then you have a massive security problem for Macs. Service updates are slow as hell even for critical problems.

But security now days is down to one thing... the user. Even on Macs and Windows machines there are few "holes" allowing a hacker access without interaction of the user.. aka downloading a keylogger or other crap...

In closing.. dont press on attachments! and read the bloody text on the screeen when you are installing a program! damn tool bars.. grr (yes just removed 5 .. yes 5 tool bars from a clients machine that was running slow!)
 
PeteEU said:
Sorry but I hear it every day... the myth about Apple being more secure and Windows being unsecure.. it is bull****. 10 years ago yes sure, Windows XP had more holes in it than Swiss cheese, but Windows 7 and 8 are some of the most secure systems out there.. far more secure than Mac OS and even Linux, because Windows gets patched for any vulnerability much faster. Linux is slow as hell in patching vulnerabilities but that is because hackers dont eat their own and so few people (other than nerds) actually use linux.
Click to expand...

Do you have any sources for your claims, other than maybe the marketing department at microsoft?

August 2013 Web Server Survey | Netcraft shows Apache is still way ahead of MS for servers on the net.

Hackers don't eat their own? Where did you ever come up with that?
 
I am glad I don't have accounts on any of those sites.
 
DVSentinel said:
Do you have any sources for your claims, other than maybe the marketing department at microsoft?

August 2013 Web Server Survey | Netcraft shows Apache is still way ahead of MS for servers on the net.
Click to expand...

Not talking about freaking servers. I am talking about personal computing. Much easier to hack a personal computer than a server.

But speaking about servers, it is not like that we would get much info if they managed to hack servers. Look at the whole Playstation hack.. that was because of a vulnerability in their Linux based servers... that they had not patched. It took quite a while to fix but also to come clean on. Businesses dont want to have people know that their systems are not secure.

Fact is on the server area, there are vulnerabilities in all severs software over time, and they are fixed relatively fast, but it still requires the server administrators to apply the freaking patches, something that was not done in the Playstation hack and most likely in the Adobe hack, and the Apple hack and so on and so on. IT administrators are extremely conservative in rolling out new software or updates and live on the edge instead. Look at how many companies still run on Windows XP, a very "holed" OS.

And we are back to user fault again.

Hackers don't eat their own? Where did you ever come up with that?
Click to expand...

Not me that came up with that.
 
PeteEU said:
Not talking about freaking servers. I am talking about personal computing. Much easier to hack a personal computer than a server.

But speaking about servers, it is not like that we would get much info if they managed to hack servers. Look at the whole Playstation hack.. that was because of a vulnerability in their Linux based servers... that they had not patched. It took quite a while to fix but also to come clean on. Businesses dont want to have people know that their systems are not secure.

Fact is on the server area, there are vulnerabilities in all severs software over time, and they are fixed relatively fast, but it still requires the server administrators to apply the freaking patches, something that was not done in the Playstation hack and most likely in the Adobe hack, and the Apple hack and so on and so on. IT administrators are extremely conservative in rolling out new software or updates and live on the edge instead. Look at how many companies still run on Windows XP, a very "holed" OS.

And we are back to user fault again.



Not me that came up with that.
Click to expand...

So I take you don't actually have any sources that back up the claim of windows being "more secure" or the update rate.
 
PeteEU said:
Sorry but I hear it every day... the myth about Apple being more secure and Windows being unsecure.. it is bull****. 10 years ago yes sure, Windows XP had more holes in it than Swiss cheese, but Windows 7 and 8 are some of the most secure systems out there.. far more secure than Mac OS and even Linux, because Windows gets patched for any vulnerability much faster. Linux is slow as hell in patching vulnerabilities but that is because hackers dont eat their own and so few people (other than nerds) actually use linux.

Mac OSX is also very bad because even basic 3rd party programs that get patched day to day on Windows and even Linux, have to go through Apple first and that takes a lot of time. Java is especially plagued by this problem. When Java's makers find a vulnerability they starting fixing it, but Apple blocks that Java version on its platforms until Java has sent a fix to them and they have approved it. It means that most online banking is down for Mac users when this happens.. for days and even weeks. There are workarounds, but most average Mac users cant understand how to do that, because the system behind the nice glossy front is so damn complicated compared to say Windows. And then add the usual arrogance of Apple when it comes to their products... "they just work" and are bug free.. then you have a massive security problem for Macs. Service updates are slow as hell even for critical problems.

But security now days is down to one thing... the user. Even on Macs and Windows machines there are few "holes" allowing a hacker access without interaction of the user.. aka downloading a keylogger or other crap...

In closing.. dont press on attachments! and read the bloody text on the screeen when you are installing a program! damn tool bars.. grr (yes just removed 5 .. yes 5 tool bars from a clients machine that was running slow!)
Click to expand...

Windows 7 vulnerable to 8 out of 10 viruses | Naked Security

According to Number of Viruses - Computer Knowledge there are well over 100,000 viruses, so that means more than 70,000 that affect windows 7.

According to Is Linux Operating System Virus Free? there are 863 for Linux. But then, they use a rather loose definition of virus. So Meet Linux Viruses | Unixmen . Wow, wonder how long a list of virus for just Windows 7 would be?

Linux

One of the biggest advantages in terms of security for Linux lies in its huge, highly-skilled and diligent community.

"The open source nature of Linux allows for more peer review of the code to find and fix the code before zero day hacks can be done," said Williams. "It is a labor of love, not license."

from:Is Linux Really More Secure than Windows? - eSecurity Planet

Definitely does not support your claim of slow security updates, quite the opposite I would say.

For those still interested.

Windows 8: $92.95 Amazon.com: Microsoft Windows 8 Pro - Upgrade: Software of course you have to already own another versions of windows.

Linux: Ubuntu-- $0. Fedora--$0. All come with versions of office programs, compilers, servers all for free. Don't want those distro's, try Linux Distributions | Linux.org , two pages of distros with even more available.
 
PeteEU said:
What the article does not mention (as far as I can see) is the fact that this is not a "hack" per say. It is users who are idiots.

Why? Because these are accounts that used the following passwords..

password
1
1234
123456789
god

and so on and so on.

To be frank, they deserved to be hacked.
Click to expand...

None of the websites listed allow you to put those as your passwords. Password standards today require you to have a minimum of 6 characters. Which rules out 1, 1234 & god - and to my knowledge few websites today allow you to have a password made up of purely of numbers. Which rules out the 123456789. I could be wrong of course on maybe one of the website, but this is pretty much standard now. No way they got anywhere near 2 million passwords based on passwords like that.
 
Mr. Invisible said:
Well, this is somewhat worrying. Shows that the aforementioned companies need to have more/better security.
Click to expand...

seems the problem was on the users end, not the providers.

PS I was having massive issues with an ol;d yahoo account like 6 months ago, and heard similar from a number of other people.
 
PeteEU said:
No,... They were not breached. It was users with weak ass passwords. Since most login names are peoples email addresses, then you only have to guess the password. And when people use passwords like 12345678 then well. Companies actually are now stating that new passwords have to a letter, capital letter and number in it, and that helps security a lot.
Click to expand...

it says they loaded key loggers maliciously. At that point, it doesn't matter what your password is
 
Dr. Chuckles said:
it says they loaded key loggers maliciously. At that point, it doesn't matter what your password is
Click to expand...

Yes that is the claim, but with those passwords you dont need a keylogger...
 
Hatuey said:
None of the websites listed allow you to put those as your passwords. Password standards today require you to have a minimum of 6 characters. Which rules out 1, 1234 & god - and to my knowledge few websites today allow you to have a password made up of purely of numbers. Which rules out the 123456789. I could be wrong of course on maybe one of the website, but this is pretty much standard now. No way they got anywhere near 2 million passwords based on passwords like that.
Click to expand...

Actually at the start the websites did not require this. Now days when you change or sign up yes, but if you never changed your password the last say 3 years, then 12345678 is quite possible.

For example I was servicing a clients Apple Mac a few weeks ago, and his password for the Apple ID was set up ages ago and it did not meet the present day requirement of 1 capital and 1 number in the password. He was never prompted to change the password by Apple.
 
You must log in or register to reply here.
Back
Top Bottom