Jedi2155 Posted June 13, 2016 Report Share Posted June 13, 2016 https://haveibeenpwned.com/PwnedWebsites Luckily my company work policy forces me to have a new password every 90 days, and I cannot reuse the past 21 passwords. This forced me into a habit of creating new passwords regularly and tracking which accounts I've forgotten to update. I recommend everyone do the same and check to see if any of your old services/social media has been hacked. Funny enough jedi2155 was only pwned on Battlefield Heroes....I thought I did pretty well in that game. Quote Link to comment Share on other sites More sharing options...
kuhla Posted June 13, 2016 Report Share Posted June 13, 2016 A work relevant topic yay. ....check to see if any of your old services/social media has been hacked. This isn't exactly correct. The criteria for something being listed on that site is that a public dump has been made of at least the email addresses of the users. In some cases, passwords were not leaked, so the account could not be logged in to but there was still a database of names, emails, etc. It's more about information privacy than anything, knowing if your information is "out there". There is also no guarantee that the leaked information has even been used by anyone. Sometimes the groups post dumps just as proof of success. Of course, password policies and management of multiple complex passwords is an important point to always be vigilant about. Here is a short, 3 page PDF document from the SANS institute with some good policies: https://www.sans.org/security-resources/policies/general/pdf/password-construction-guidelines For your highest security accounts, you really want to shoot for >15 characters and have them be unique to each website/system. Quote Link to comment Share on other sites More sharing options...
Jedi2155 Posted June 13, 2016 Author Report Share Posted June 13, 2016 A couple of the more recent hacks that were announced such as LinkedIn said that their user/pw database in 2012 was hacked and it was just announced now.... The passwords were SHA1 hashed but unsalted. A couple of people in EVE has been complaining their online game accounts have been hacked to steal their assets and they even turned on their two factor authentication to lock the original user out. Quote Link to comment Share on other sites More sharing options...
kuhla Posted June 14, 2016 Report Share Posted June 14, 2016 Trivia: Since SHA1 has been weak for years, both Microsoft and Google have announced publicly that they will start penalizing sites using SSL certificates still signed with SHA1. Quote Link to comment Share on other sites More sharing options...
Jedi2155 Posted June 14, 2016 Author Report Share Posted June 14, 2016 Yeah they're already on SHA3. THREE. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.