Welcome - Please Login or Register !

[fishki]

The recent Gawker media hack is probably related to a spate of malicious activity from 174.132.178.37, trying to log into forums, according to a couple of different reports on the web.The purpose is unknown, but the person behind it may well be trying to use established accounts to spam forums.

The email:

Dear xxxxxx,

Your account on zxzxzxzxzx - Community Forums has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 174.132.178.37

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
http://forums.zxzxzxzxzx.com/login.do=lostpw

All the best,
xxxxxxxxxx - Community Forums

If you recieve this I would not be to concerned about it, I have recieved 5 of these today alone. Some from sites I have not been to in years.


The Gawker Hack:

Normally in the business of making others embarrassed, Nick Denton’s Gawker Media empire had some awkward explaining to do itself on Monday after hackers breached the database containing hundreds of thousands of usernames and passwords that people used to comment on the sites in the network.

Gawker executives, who had initially denied the breach, were forced to reverse course and apologise after the hackers posted a large batch of the passwords online. The intruders also took Gawker’s own source code and perused internal chats and employee e-mails, which in turn provided log-in credentials for Google Apps, taking a similar trajectory to the 2009 electronic break-in at Twitter that unearthed sensitive financial information.

In an exchange with an interviewer, the hackers said they were motivated in part by Mr Denton’s dismissive comments against the online bulletin board 4chan, which has a user base that overlaps with Anonymous and is likewise heavily populated by teenagers.

The most immediate cost to Gawker is in its relationship with its readers. The company urged them to change the passwords they use to comment at blogs including Gawker, Lifehacker and Gizmodo.

But many people use the same password at many services, and spammers grabbed the posted information and immediately tried the name and password combinations at Twitter. They used the compromised accounts to advertise herbal drinks.

It would be much worse for those who relied on the same combination for e-mail, which could provide tools for entry into the networks at their own employers. The moral for all web users: employ a different password everywhere, or use a “throwaway” version that wouldn’t be worth anything to anyone who finds it.

For companies, the lessons are more serious. Analysis of the posted material shows that Gawker was running an old and unpatched version of Linux with DES “encryption” for the user data that had been cracked more than a decade ago.

Finally, Mr Denton noticed that someone had logged in as him to an internal chat system when he wasn’t on it, and asked for an investigation–which turned up nothing–more than a month before the hackers went public.

It might cost more than it used to to have good security practices and personnel. But it still costs a heck of a lot less than this kind of debacle.

[twistedblister]

cool fish. i read and saw tv stuff about this. brutal. lesson upgrade your hardware and fimrware and web software. still its pretty harsh.