Phishing scams, hotmail and GMail passwords

OK so now someone has posted a ton of email accounts and passwords on the net.

http://news.bbc.co.uk/2/hi/technology/8292928.stm and

http://www.thestar.com/sciencetech/article/706223--hacked-email-accounts-affect-thousands

The problem with a lot of the coverage is either pointing fingers at Microsoft and Google (for not educating their users and not making it more secure) or at the users for getting caught in the phishing scheme.

Speculation is that it is a phishing scheme, but as far as I can see there is no proof of that yet.

(Microsoft believes a phishing scheme is behind the security breach)

(If you have anything better then MS says it is please forward)

But who is out there trying to get the mals who did this?

I try to educate those around me to phishing and other security issues but most people don't want to know and can you blame them? They have other things to do and while some of us live to do this type of thing most people do not have the time.

People want email because it is easy and no fuss. So they want to just get it and they put up with passwords but a lot of people set the password and never have to do anything again.

And while there are things out there like the cryptocard and other pass key generators (which work very well) but a lot of people don't like them because of they are fiddly and you have your pin plus the generated number and, all good for us but most people don't want it, not to mention that they cost money and most people want these email accounts because they are free.

I have seen sites that asked if their users want to buy these devices and the users said no.

I would pay the cost of the device (I believe they are about 20 bucks per in bulk) so that my Google account (or MSN) is secure.

What about you?

Post a comment if you would or wouldn't and why?

MalZ and Crackers, detect, identify and eliminate

Do you think you have been cracked? Someone has been trying to guess usernames and passwords for days on end. How do you know if they have? How do you find out who they are?
What can you do about it?
First thing is detecting the attack, how can you find a Mal if you don't know they are there?
Sings of an attack: 1 Log files. You have to have something watching your log files to see if there is an attack. And that something better not be human as humans don't like boring jiobs and find ways of not doing them.
You need an IDS (Intrusion Detection System) that reads all of your logs and tells you when suspicious activity happens.
How? Well if someone tries to login for a number of times they either forgot their login credentials (I do all the time, early signs of Alzheimer's?) or they are trying to break in (crack your system, hence cracker). If they are trying to break in then your IDS will catch them and in the case of system or network login and also email or whatever you can set on most systems a maximum number of login attempts before you time out that username for a specific period of time after a number of tries (usually 3 but you can set this.)
If the user then starts using other names and trying again then after a number of different names tried unsuccessfully from that location then block the IP for a while. This can all be done with your IDS if you want it to; and have it alert you and you can then watch as the attack unfolds or you can do something about it.
So you now have an crack attempt; if you want to find out who the cracker is then this is where a sniffer comes in handy. You can watch all packets to and from the system being attacked and get the information you need to start finding out who the cracker is.
What you might want to do about it is up to you. And most likely the subject of a future post.

MalZ not hackers

OK I am introducing a new term to the lexicon because i see the word Hacker used way to often in the wrong way.
So since the people we want to talk about are people who make 'Malware' and do 'malicious' acts and are 'maligning' the hacker name, MalZ, it just makes sense.
And it's short, easy to remeber, single silable, has the 1337 look and you can even 1337 it a bit 'M41Z' if you want (Although for using in a media outlet of any sort I recommend 'MalZ'.

Why? I am a hacker, old school. I like being called a hacker cause that's what i do. I make things work by hacking them. I know how to use code and use it to do things that are out of this world.
So there you have it, MalZ, tell everyone.

\\//_

Death and Taxes

They say that there are two ineviatable things, death and taxes. This last little while we have had both.
Tracy's mom had a turn for the worse and we had to go see her ar Easter and then the following week she passed after her long struggle with cancer.
Tracy and the kids took it bad, me I am just depressed so no problem. And today is tax day for canadians and so the inevitable hit us.
I hate taxes, not paying them or the idea but the act of doing the stupid things. I hate the paper work and don't start thinking about it in time to get someone else to do it.

Pain in the butt I say.

Anyway LLAP

good morning

Well another really late post. I was sure they had cut this off and I would have to recreate it. I was wrong :-)

July 1

Canada day and the country is a year older.
I have had a bad few weeks. With smog levels in Ontario at record levels I am sick as a dog. Two trips in stretchers in the month. The first one caused exclusively by the smog. The second smog and kidney stones.

Rob and Sue are here and Tracy's Dad. Fred and Craig are adding a new room in the basement for me and then Jen gets my old room.
I am going to have to add a different machine for the firewall and I will probably use the one I brought home from work.
Marty is coming up today so Rob has to leave. Hopefully Marty can help Fred a bit and also we can get his boat in the water and tracy can get a ride.
Long life and Happiness,

Back hopefully for a while

Sorry gone for a bit, recouping from another bad episode.
Was taken from work on a stretcher last week so am still recovering and not to steady on my feet.
I guess hackfest is going to be late.

My lung condition is dependant on air quality. We are having a bad year, maybe the worset on record.
This sucks.