Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#340390 - 14/12/2010 10:26 Under attack?
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
Yesterday evening I was unable to launch my Facebook app on my phone. Eventually I tried logging into the mobile site, which stated that my account had been suspended due to "suspicious activity," and I proceeded to go through a verification process to get access to it and change my password.

Then, I received a notice that my LinkedIn password needed to be reset. I've reset it, and now it's telling me I need to do it again!

Lastly, I attempted to log in to my Twitter account, but was told I had the wrong password. I then had to go through a password reset process to change that too.

Any ideas what's going on? I'm not frightened or anything, but I'm a little concerned. I have, in the past, commented on many Lifehacker articles, so it's possible that someone from the Gawker attack is trying to brute force my account on various sites, but I use unique passwords for each site. It's a little annoying that they'd simply deny me, the one with the accurate password, access to my account just because someone with a completely different IP address is trying variations on a password that's nothing like mine.

Then again, back in the day I had this problem with MySpace. I hated the site, but my friends used it so I joined. At one point, I received a notice from MySpace that too many login attempts had been made on my account and it would be locked for 24 hours or something. The problem is it was clear that a bot was attempting constant attacks on my account, so it was locked constantly. It baffled me that MySpace could be so stupid about their account management, that I could be completely locked out of using their service because of someone else, even if they didn't break into my account. By that time, though, Facebook was around.

Sorry for that tangent. Any ideas about what's going on with my current accounts?
_________________________
Matt

Top
#340392 - 14/12/2010 11:13 Re: Under attack? [Re: Dignan]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
Do you have an account on any of the Gawker sites ? They had their entire set of password hashes (and much more) stolen the other day.
_________________________
Remind me to change my signature to something more interesting someday

Top
#340393 - 14/12/2010 12:32 Re: Under attack? [Re: andy]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
Worth checking: DidIGetGawkered

Top
#340394 - 14/12/2010 14:54 Re: Under attack? [Re: DWallach]
Phoenix42
veteran

Registered: 21/03/2002
Posts: 1424
Loc: MA but Irish born
There was a link recently to a site, plugin, application,that would handle password management for many of ones sites. I am guilty of over using the same password on many sites, but too lazy to manage individual passwords.

Top
#340395 - 14/12/2010 17:25 Re: Under attack? [Re: Phoenix42]
g_attrill
old hand

Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
Originally Posted By: Phoenix42
There was a link recently to a site, plugin, application,that would handle password management for many of ones sites. I am guilty of over using the same password on many sites, but too lazy to manage individual passwords.


I believe the app de jour is Password Safe

Top
#340397 - 14/12/2010 19:08 Re: Under attack? [Re: g_attrill]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
I'm pretty sure he already uses LastPass.
_________________________
Bitt Faulk

Top
#340398 - 14/12/2010 19:55 Re: Under attack? [Re: wfaulk]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
Originally Posted By: wfaulk
I'm pretty sure he already uses LastPass.

I do, and it appears I was a victim of the Gawker attack (as I said in the initial post, I've commented on Lifehacker, which is a Gawker site - unfortunately). Still, none of the sites that I've had login problems with have passwords ANYWHERE near being similar to the one I used on Lifehacker. That one was a fairly easy to hit password, admittedly. It was sort of a dictionary word plus some numbers, but I didn't really care because I didn't use it on other sites. My passwords for the sites I'm having problems with are passwords like: uK38wric (randomly generated using LastPass). I'll probably up the password requirements so they're a little longer have have special characters.

Just now I changed my Facebook password for the third time, and it's still a new, secure password... It looks like someone was definitely accessing the account, because now Facebook is freaking out about some event "I created" called "Fr3e PS3 Slim for Holiday," which they removed, and they're not hounding me with a message that they've removed it, and even though I "acknowledge" it, they keep showing it to me. This is getting strange.

Sigh...I think my evening is going to be spent changing passwords on all my sites one-by-one. Damn, I was going to finish Dexter tonight. Boo frown
_________________________
Matt

Top
#340401 - 15/12/2010 01:26 Re: Under attack? [Re: Dignan]
matthew_k
pooh-bah

Registered: 12/02/2002
Posts: 2298
Loc: Berkeley, California
LinkedIn sent an email this afternoon saying they disabled accounts proactively if your email address was in the gawker db. Presumably doing it twice was an accident, especially after I'd already changed when they emailed the first time.

Top
#340402 - 15/12/2010 02:33 Re: Under attack? [Re: matthew_k]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
Originally Posted By: matthew_k
LinkedIn sent an email this afternoon saying they disabled accounts proactively if your email address was in the gawker db. Presumably doing it twice was an accident, especially after I'd already changed when they emailed the first time.

Yeah, I saw that. But for me, it keeps happening! I don't know what the hell they think they're doing over there, but I already hate LinkedIn, and constantly disabling my account "to protect me" makes me want to never go there again.
_________________________
Matt

Top
#340789 - 07/01/2011 01:11 Re: Under attack? [Re: Dignan]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Reading this makes me glad I use unique e-mail addresses for sites I interact with. Within a few days of the Gawker hack, my address I used there was being sent tons of spam and phishing attempts. I tossed it into the server blacklist a few days later to just avoid any overhead of that crap on my server.

For any GMail users, remember that you can use user+whatever@gmail.com as a valid address.

Top
#340791 - 07/01/2011 01:20 Re: Under attack? [Re: drakino]
gbeer
carpal tunnel

Registered: 17/12/2000
Posts: 2665
Loc: Manteca, California
Originally Posted By: drakino
For any GMail users, remember that you can use user+whatever@gmail.com as a valid address.


OOOh! didn't know that.
_________________________
Glenn

Top
#340793 - 07/01/2011 01:25 Re: Under attack? [Re: drakino]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
Originally Posted By: drakino

For any GMail users, remember that you can use user+whatever@gmail.com as a valid address.

Except for the (seemingly increasing) number of online forms that don't consider the plus sign a valid part of an email address. I'm never sure whether to blame incompetence (inability to write a proper parser) or malice (knowing that folks might use the sub-addressing functionality to nuke their unsolicited mail) but it's certainly annoying.
_________________________
- Tony C
my empeg stuff

Top
#340804 - 07/01/2011 03:06 Re: Under attack? [Re: drakino]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
Originally Posted By: drakino
For any GMail users, remember that you can use user+whatever@gmail.com as a valid address.

Like Tony said, I stopped doing this because so many places wouldn't accept the +. And it won't help if someone is trying this manually, as they'll see the plus sign.

Besides, it really is the password issue that's the real danger. Since the Gawker attacks, I've seen zero increase in spam that's reached my inbox. I haven't had any, actually.

I also meant to check back with this thread, so thanks, Tom. Since all this went down, I've taken LastPass's "Security Challenge." It basically looks at all my passwords and grades their security, while also identifying if you're using the same password on multiple sites. I've been going through, one by one, and changing my passwords. It's a bit daunting and takes a long time, but it's like a game to see if you can increase your score and move up the ranks (it compares your score with other LastPass users).
_________________________
Matt

Top
#340822 - 07/01/2011 14:28 Re: Under attack? [Re: Dignan]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Thats frustrating that more web forms are rejecting the + these days. For me, it's not an issue, as I've had my domain set to use a _ instead, and gave users a choice of a 1 or 2 letter alias usable only with an _. That way, even if a script sees the separator and removes it, they don't know the proper e-mail address to use.

The spam I was seeing to the Gawker leaked address made it past my first hard deny wall of defense, meaning a bunch of new spammers were getting into the game with the distribution list. First line for me uses the public databases of known spamming IPs and will just reject a message with nothing making it through to the spool. The second line of defense, my SpamAssassin content based filter was catching most of them, and tossing them into a "probably spam" folder. A few that made it through just said "Hey, FYI, your address was leaked by Gawker" and usually came from some security company, probably hoping I'd be thankful enough for the message and go buy their product or something.

I had stopped visiting Gawker sites well before the incident, and the hack only helped reaffirm my decision to stay away. I wonder if they have the ability to delete accounts yet.

Though, due to my e-mail system, I know they are just one of many organizations bad about keeping their user list private. I sign up for a lot of gaming/MMO related discussion boards and services, and nearly all of them have leaked their user list at some point. Those addresses then start getting hit with phishing attempts trying to steal my World of Warcraft or Aion account. A good portion of the hack attempts out there today are driven by the desire to gain access to people's gaming accounts, to then steal anything of value and sell it to other people for real world money. Phishing attempts are the most popular way, but they also keep up to date on the latest computer exploits, and tend to try and embed them in Flash ads that could run on a gaming news site.

Eve Online has been one of the few games to address this problem head on, by adding a sanctioned way to buy in game money for real money. Their system works by allowing players to buy 30 day game cards, then those codes from the cards can be turned into an in game item that can be sold to other players. The market system in Eve isn't connected between stations either, so if you want to sell it for a higher price, you have to risk transporting the item in your ship to sell at another station. During transport, it's very possible to be attacked by another player and lose your ship and it's contents. So not only did CCP help combat gold farmers, they integrated the concept completely into the normal gameplay.

Top
#340824 - 07/01/2011 14:35 Re: Under attack? [Re: drakino]
Tim
veteran

Registered: 25/04/2000
Posts: 1529
Loc: Arizona
Originally Posted By: drakino
Eve Online has been one of the few games to address this problem head on, by adding a sanctioned way to buy in game money for real money. Their system works by allowing players to buy 30 day game cards, then those codes from the cards can be turned into an in game item that can be sold to other players. The market system in Eve isn't connected between stations either, so if you want to sell it for a higher price, you have to risk transporting the item in your ship to sell at another station. During transport, it's very possible to be attacked by another player and lose your ship and it's contents. So not only did CCP help combat gold farmers, they integrated the concept completely into the normal gameplay.


There was an article about that sometime last year. Some guy had a lot of game codes he was transporting and ended up dying and they were lost. I wish I remember the exact amount, but want to say it was over $20k worth.

Top
#340825 - 07/01/2011 15:41 Re: Under attack? [Re: gbeer]
canuckInOR
carpal tunnel

Registered: 13/02/2002
Posts: 3212
Loc: Portland, OR
Originally Posted By: gbeer
Originally Posted By: drakino
For any GMail users, remember that you can use user+whatever@gmail.com as a valid address.

OOOh! didn't know that.

I'd be willing to bet you the spammers know that, and automatically strip the "+whatever" from any gmail address.

I'm a happy user of Spamgourmet.

Top
#340835 - 07/01/2011 19:41 Re: Under attack? [Re: canuckInOR]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
The sad thing is that the only thing to come out of the Gawker hack smelling okay was Facebook Connect. If you posted on their sites with your Facebook login, you weren't affected. It's an unfortunate endorsement for something I'm not a fan of...
_________________________
Matt

Top
#340838 - 07/01/2011 19:59 Re: Under attack? [Re: Dignan]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Originally Posted By: Dignan
If you posted on their sites with your Facebook login, you weren't affected.

So instead of trusting your data with Gawker who were awful about privacy and security, you're going to trust it with Facebook who are even more awful with privacy but so far better with security? Yeah... I can see your issues with endorsing that idea smile

Top
#340842 - 07/01/2011 20:33 Re: Under attack? [Re: tman]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
Originally Posted By: tman
Originally Posted By: Dignan
If you posted on their sites with your Facebook login, you weren't affected.

So instead of trusting your data with Gawker who were awful about privacy and security, you're going to trust it with Facebook who are even more awful with privacy but so far better with security? Yeah... I can see your issues with endorsing that idea smile

Sorry if I wasn't clear, but yeah, that was my point wink
_________________________
Matt

Top