English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

0.2
 

We speak about attacks on online providers that result in the leak of personal usersí passwords. Just recently we saw the leak of 6.46 million Linkedin user passwordss. Right after this we saw a leak of 400 thousand Yahoo Voices passwords. These are not isolated cases; nowadays we see many successful attacks that lead to personal data leaks. One more example of this is the leak of personal information of users of one of the popular Android forums and finally the hack of the NVIDIA developer forum. Itís worth saying that many successful attacks are just not announced and the Internet community doesnít find out about them.

So, how do we deal with cases when our passwords can be leaked? Obviously the end user canít do much to protect his on-line service provider and prevent the leak, but there are some basic tips on how to avoid a big disaster when our passwords are compromised.

1.†† †Use a different password for each different online resource. Never reuse the same password for different services. If you do, all or many of your other online accounts can be compromised.
2.†† †Use complex passwords. This means, in a perfect scenario, a combination of symbols, letters and special characters. The longer the better.
3.†† †Sometimes our online service providers donít let us create really complex passwords, but try to use long passwords, with at least 23 characters in a combination of uppercase and lowercase letters. A password of 23 characters (131 bits) would be ok.

For some users itís hard to remember complex passwords, in which case a good solution would be to use a password manager like Kaspersky Password Manager.

Remember, you canít stop your service provider being hacked, but you can avoid a bigger disaster when all of your accounts get compromised at once just because you used the same password!

Comment      Link
0.1
 

Sweden recently experienced a large banking scam where over 1.2 million Swedish kronor (about $177,800) were stolen by infecting the computers of multiple victims. The attackers used a Trojan which was sent to the victims and, once installed, allowed the attackers to gain access to the infected computers. Luckily these guys were caught and sentenced to time in jail, but it took a while to investigate since over 10 people were involved in this scam.

It's possible that these attacks are no longer as successful as the bad guys would like, because we are now seeing them use other methods to find and exploit new victims. For quite some time now we have seen how hijacked Facebook accounts have been used to lure the friends of whose account has been hijacked to do everything from click on malicious links to transfer money to the cybercriminals’ bank accounts.

Please note that this is not a new scam - it has been out there for quite some time. But what we are now seeing is the use of stolen/hijacked accounts, or fake accounts, becoming very common on Facebook. So common, in fact, that there are companies creating fake accounts and then selling access to them to other cybercriminals. As you might expect, the more friends these accounts have, the more expensive they are, because they can be used to reach more people.

The problem here is not just technical – it’s primarily a social problem. We use Facebook to expand our circle of friends. We can easily have several hundred friends on Facebook, while we in real life we may only have 50. This could be a problem because some of the security and privacy settings in Facebook only apply in your interactions with people who you are not friends with. Your friends, on the other hand, have full access to all the information about you.