funsec mailing list archives
Quick way to find out if your account has been hacked?
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Fri, 13 Jul 2012 11:23:58 -0700
In the wake of the recent account "hacks," and fueled by the Yahoo (and, this morning, Android) breaches, An outfit called Avalanche (which seems to have ties to, or be the parent company of, the AVG antivirus) has launched https://shouldichangemypassword.com/ They are getting lots of press. "If you dont know, a website called ShouldIChangeMyPassword.com will tell you. Just enter your emailthey wont store your address unless you ask them toand click the button that says, Check it. If your email has been associated with any of a large and ever-growing list of known password breaches, including the latest Yahoo hack, the site will let you know, and advise you to change it right away." http://www.slate.com/blogs/future_tense/2012/07/12/yahoo_hacked_how_to_find_ out_if_your_email_and_password_have_been_stolen.html Well, I tried it out, with an account that gets lots of spam anyway. Lo and behold, that account was hacked! Well, maybe. (I should point out that, possibly given the popularity of the site, it is pig slow at the moment.) The address I used is one I tend to give to sites, like recruiters and "register to get our free [fillintheblank]" outfits, that demand one. It is for a local community site that used to be a "Free-net." I use a standard, low value password for registering on remote sites since I probably won't be revisiting that site. So I wasn't completely surprised to see the address had been hacked. I do get email through it, but, as noted, I also get (and analyse) a lot of spam. When you get the notification, it tells you almost nothing. Only that your account has been hacked, and when. However, you can find a list of breaches, if you dig around on the site. This list has dates. The only breach that corresponded to the date I was given was the Strategic Forecasting breach. I have, in the past, subscribed to Stratetgic Forecasting. But only on the free list. (Nothing on the free list ever convinced me that the paid version was worth it.) So, my email address was listed in the Strategic Forecasting list. But only my email address. It never had a password or credit card number associated with it. It may be worth it as a quick check. However, there are obviously going to be so many false positives (like mine) and false negatives (LinkedIn isn't in the list) that it is hard to say what the value is. ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org On the side of the software box, in the System Requirements part, it said Requires Windows 95 or better. So I installed Linux victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Quick way to find out if your account has been hacked? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 13)