Friday 5 February 2010

Trusting the untrusted.


Most internet users are reluctant to change their password, trusting they are not victims of exploits. Well I suppose we all do it thinking what possibly could our credential worth. Password change is very vital when operating from home networks. These are more susceptible to exploit attack as witness from Twitter and not long ago Hotmail. "An intruder doesn't have to be inside your home or office building to manipulate a wireless signal. For example, they could be sitting outside in their car sniffing out your data all while enjoying a sandwich. Before they have a chance to complete the meal, the intruder can learn just who you work for, how to access the company network or even transfer money out of your bank account if the right security is not implemented."

Not only that, changing your web password from work area networks can be prone to exploits due to exploit sniffing tools utilised by trusted network and security engineers and other internal staffs, to filter, sniff and intrude in our private mails and explore your private life around social networks. I think everyone is purely aware of the capabilities of the expert, consequently an oversight and perhaps a little trust is what is keeping our virtual instance alive.

A few days ago "Officials at Twitter linked the resetting of passwords to a malicious Torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days. Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts today." Darknet blogged.

"According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reason, the company decided to push out a password reset to the accounts, he said. After launching an investigation, Twitter officials linked part of the problem to malicious torrent sites." Darknet blogged.

"It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own," Harvey blogged. "However, these sites came with a little extra — security exploits and backdoors throughout the system. This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up."

No comments:

Post a Comment