Newsletters
Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home CRM Systems Customer Service Business Intelligence Sales & Marketing More Topics...
Eliminate costly downtime!
Find out how with Free White Paper
& enter to win a Samsung Galaxy Note

www.apc.com
Network Security
24/7/365 Network Uptime
Average Rating:
Rate this article:  
Database Hack Puts Social Media, Webmail Users at Risk
Database Hack Puts Social Media, Webmail Users at Risk

By Jennifer LeClaire
December 5, 2013 10:31AM

Bookmark and Share
It appears that Trustwave's SpiderLabs infiltrated a control server for the massive Pony botnet that was dumping credentials that it had harvested from compromised computers around the world. TrustWave’s SpiderLabs said that the Pony botnet let loose hundreds of thousands of Facebook, Twitter, Google and Yahoo accounts.
 


A massive hack has served up the user names and passwords of nearly 2 million Facebook, Twitter, Google and Yahoo accounts, among others. TrustWave’s SpiderLabs first reported the database breach, which it said was made possible by the Pony Botnet Controller.

“With the source code of Pony leaked and in the wild, we continue to see new instances and forks of Pony 1.9,” Daniel Chechik of SpiderLabs wrote in a blog post.

In addition to hundreds of thousands of Facebook, Twitter, Google and Yahoo accounts, SpiderLabs reports the breached database also let loose credentials for 1.58 million Web site log ins, 320,000 e-mail accounts, 41,000 FTP accounts, 3,000 remote desktops, and 3,000 shell accounts. But the leak itself is only one part of the story.

“In our analysis, passwords that use all four character types and are longer than eight characters are considered ‘excellent,’ whereas passwords with four or less characters of only one type are considered ‘terrible’,” Chechik said. “Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the medium category.”

The Unreported Threat

We turned to Matthew Standart, director of threat intelligence at HBGary, the technology security division of ManTech International, to get his take on the database leak. He told us it appears that Trustwave infiltrated a control server for the massive Pony botnet that was dumping credentials that it had harvested from compromised computers around the world.

What hasn't been reported, he added, is that compromised endpoints are the actual threat and they should not be overlooked. As Standart sees it, the challenge comes in that many end users rely only on antivirus software products to detect and remove malware -- but today's sophisticated malware threats slip past sensors and aren't being regularly detected. For remediation to work, then, the first and most important step is to identify whether the system is compromised with malware.

“If so, the malware needs to be removed before the passwords -- which should be done periodically as standard personal security hygiene -- can be reset,” Standart said. “Resetting the passwords first is like putting the cart before the horse because the new passwords will be compromised over and over again. Today, there are powerful solutions on the market that detect sophisticated strands of malware where antivirus can't.”

A Focus on Data Management

We also asked Aaron Titus, CPO at Identity Finder, a breach prevention and risk management firm, to get his perspective on the attack. He told us this incident underscores the need for whole-lifecycle sensitive data management.

“Even though the scope of the hack is staggering, keylogging remains a somewhat inefficient method to harvest sensitive data,” Titus said. “The fact that even an inefficient hack can amass such an astounding cache of credentials should be a wakeup call that companies should focus their energies on internal sensitive data discovery, classification and remediation, because harvesting that information is typically much easier.”
 

Tell Us What You Think
Comment:

Name:

Herbie Dragons:

Posted: 2013-12-16 @ 4:28pm PT
The trouble with pass phrases is that they can be identified easily if they are, for instance, passages from a book. The alternative is to create a unique pass phrase which may become hard to remember.

MasterPassword:

Posted: 2013-12-05 @ 12:09pm PT
“In our analysis, passwords that use all four character types and are longer than eight characters are considered ‘excellent,’ whereas passwords with four or less characters of only one type are considered ‘terrible’".

Your analysis is terrible. There are no character types for a computing device. it is a fiction made to adapt sequences of bits to human circumnstances.

The best password are passPHRASES. very long sequences of bits, easy for humans to remember and difficult for computers to crack.

Unfortunately, the crackheads that program password protection do not give sufficient space (30+ characters) and force us to use &?#kIjy7769y that are difficult to remember and easy to crack.



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 Network Security
1.   Teen Arrested for Heartbleed Hack
2.   IBM Adds Disaster Recovery to SoftLayer
3.   How To Beat the Heartbleed Bug
4.   OpenSSL Calls for More Support
5.   NSC Backs Disclosing Vulnerabilities


advertisement
Don't Reset Passwords for Heartbleed?
Added caution needed to ensure security.
Average Rating:
Teen Arrested for Heartbleed Hack
Data stolen from Canadian tax agency.
Average Rating:
How To Beat the Heartbleed Bug
Big data analytics could be the key.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Canadian Teen Arrested for Heartbleed Hack
One week after the OpenSSL Heartbleed vulnerability was unveiled, Canadian authorities have made the first arrest -- a London, Ontario teenager -- connected to exploiting the security hole.
 
IBM Offers Security, Disaster Recovery as SoftLayer Service
New disaster recovery and security services for SoftLayer clients are being added by IBM. Big Blue said the new capabilities will speed cloud adoption by alleviating concern over business continuity.
 
How To Beat the Heartbleed Bug
Heartbleed headlines continue as IT admins scramble for answers no one has. Early reports of stolen personal data, including 900 social insurance numbers in Canada, are starting to trickle in.
 

Enterprise Hardware Spotlight
Vaio Fit 11A Battery Danger Forces Recall by Sony
Using a Sony Vaio Fit 11A laptop? It's time to send it back to Sony. In fact, Sony is encouraging people to stop using the laptop after several reports of its Panasonic battery overheating.
 
Continued Drop in Global PC Shipments Slows
Worldwide shipments of PCs fell during the first three months of the year, but the global slump in PC demand may be easing, with a considerable slowdown from last year's drops.
 
Google Glass Finds a Home in Medical Education, Practice
Google Glass may find its first markets in verticals in which hands-free access to data is a boon. Medicine is among the most prominent of those, as seen in a number of Glass experiments under way.
 

Mobile Technology Spotlight
Google Releases Chrome Remote Desktop App for Android
You're out on a sales call, and use your Android mobile device to grab a file you have back at the office on your desktop. That's a bit easier now with Google's Chrome Remote Desktop app for Android.
 
Amazon 3D Smartphone Pics Leaked
E-commerce giant Amazon is reportedly set to launch a smartphone after years of development. Photos of the phone, which may feature a unique 3D interface, were leaked by tech pub BGR.
 
Zebra Tech Buys Motorola Enterprise for $3.45B
Weeks after Lenovo bought Motorola Mobility’s assets from Google for $2.91 billion, Zebra Technologies is throwing down $3.45 billion for Motorola’s Enterprise business in an all-cash deal.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Business Intelligence | Sales & Marketing | Contact Centers | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.