Massive Phishing Campaign Hits Multiple Email Services 183
nandemoari writes "It seems as if the massive phishing campaign reported yesterday was not specific to Hotmail, as was initially believed. According to a report by the BBC, many Gmail and Yahoo Mail accounts have also been compromised. Earthlink, Comcast, and AOL were also affected. While the source of the latest attacks has not been determined, many are pointing to the same bug that claimed at least 10,000 passwords from Microsoft Windows Live Hotmail. Microsoft has done their part in blocking all known hijacked Hotmail accounts and created tools to help users who had lost control of their email. An analysis of the data from Hotmail showed the most common password among the compromised accounts to be '12345.' On their end, Google responded to the attacks by forcing password resets on the affected accounts."
Re:Preaching to the church (Score:5, Interesting)
'Ten minutes to Central Park, and eat pretzels' becomes 10mtCP,&ep, which is trivial to remember for you (well, it is if you live ten minutes from Central Park and like pretzels). Keeping the punctuation in doesn't make it any harder to remember but adds another non-alphnumeric character. And, yes, for punctuation nazis there, I realise the comma in that example is superfluous. This short sentence, which anyone can remember, turns in to a ten symbol password, containing letters (upper and lowercase) and punctuation, which is incredibly difficult to brute force.
Re:Top 20 Passwords (Score:3, Interesting)
Re:HA! My password is 123456 (Score:2, Interesting)
This was a phishing attack. The strength of the password didn't matter.
The article talks about analysis of password data and doesn't really point out anything we didn't know already.
Re:Preaching to the church (Score:3, Interesting)
Re:Where are the details? (Score:5, Interesting)
Saturday, the small ISP I work for had about 1000 users targeting with phishing emails. It's becoming a nearly weekly occurrence, though that was the largest so far. I've had to setup scripts to scan the logs to see who got the messages, send them warning messages, then scan the logs again to see who replied and reset their passwords. In one case, we had a spammer using a responder's account to try to send spam within 2 hours of the response. Squirrelmail is the most common vector, with smtp auth not uncommon. I've had to impose strict rate limit controls on squirrelmail to keep from getting blacklisted all the time; I've got monitors to page me when smtp auth rates get too high, but the false positive rate is to high to impose hard limits at the moment, though we're heading in that direction.
BTW, it's not a good idea to respond to phishers with "F! off" etc: more than one responder doing that has found their address used shortly thereafter in the From of the next round of spam...