Login details hacked.

What are your guy's views on static vs dynamic IP addresses for the home network? They say that static can provide slightly better security protection to the network. How so when such cases as above the address never changes?

The main advantage of a fixed WAN IP address is access to the network from outside, The owner of a network could have very valid reasons to "phone home" including running a personal website, or just getting a copy of the file you forgot to take to a meeting. this is all less needed these days where cloud storage is available to all, so sites can be run by others for a home user and things such as Onedrive allow files to be accessed from anywhere easily, (and microsoft's servers are more difficult to access (for those who are not Microsoft) than any Home network

Iif the system is setup with the potential that the IP address could change at any time, you need to put in place mechanisms to allow this, these are available that run a background and route the user to the current IP when you enter a web address which make a network easier to find. The major disadvantage is also that it make the network easier to find

The discussions of fixed v Floating IP address pools is more to do with Internal network addresses, what I do is all my standard devices on my network are allocated a fixed IP address based on their Unique (ish) MAC address. in addition to the standard devices I allocate a small pool of addresses for Client systems, Visitors Etc - A quick check of the list of devices attached to the network will easily show those that are not allowed

This system is aimed against the regular range of hacking attempts, I know some Pro's could probably get around this, but I'm not a Government Department, or a Multinational Company who may well be a target, but I am more protected than my neighbours, who are less aware and a therefore an easier target for the criminals, who are more often as not, of a lazy state of mind, (otherwise they'd work legally)

It's, I'm afraid, the way it's always been in security, make your neighbour a more attractive target than yourself

Kol12 said:

@simrick

A password change would not matter for the Soundblaster forum because it has been completely pulled down... Pretty serious?

Thanks for the have I been Pwned link and it seems that I have... Does anyone know anything about the first two breaches (highlighted in blue)? Exploit.in?

Attachment 200197

All I know off the top of my head is what he has there, and what's in the links he's provided. In cases like these, it's probably best to update your email password, since we don't know exactly where the leaked data came from. A quick search on reddit found that someone who downloaded the 10GB Exploit.in file says there is no indication of where the data came from (so, could have been some other online help forum or something - then again, could be something similar to the Yahoo breaches that took a very long time to be made public). You just don't know with these.

Kol12 said:

Does Exploit.in actually have matching passwords for email addresses?

Unknown - he will not publicize the passwords (for obvious reasons), but sometimes you can find the leaks in places like pastebin, and look for yourself. And so, password reuse is something the bad guys count on.

Kol12 said:

I spoke to my ISP and because I have a dynamic IP address simply turning the modem off for 1 minute will assign a new IP address. Don't dynamic IP addresses have a lease time and are changed periodically anyway?

Usually, yes, but that's not always the case. I've watched mine remain the same for weeks, and have to manually pull a new one myself.

Barman58 said:

...This system is aimed against the regular range of hacking attempts, I know some Pro's could probably get around this, but I'm not a Government Department, or a Multinational Company who may well be a target, but I am more protected than my neighbours, who are less aware and a therefore an easier target for the criminals, who are more often as not, of a lazy state of mind, (otherwise they'd work legally)

It's, I'm afraid, the way it's always been in security, make your neighbour a more attractive target than yourself

Exactly!

One thing I will mention, that has been happening lately, since the latest breaches:

You'll get an email from someone; it will have a password of yours in the subject line (it may or may not be your email password, but it will be an actual password you use somewhere so it gets your attention).
The email will then try to get you to pay money. It will accuse you of viewing porn, and it will tell you that your computer has been compromised. It will say that your camera has been used to record you while viewing porn and recording your computer screen as well. It then threatens to send a split-screen recording of you viewing porn to all the contacts in your address book if you don't pay.

People are falling for this, because the password in the subject line is a real one that they use (somewhere).



People who don't use a password manager, who use simple passwords, who re-use passwords, who just save passwords in their browser and don't keep track of what they use where, are prime candidates for this type of scam.

Steve C said:

I note many people store their passwords online via tools like Lastpass. I only store passwords on a password protected file on a USB stick protected by Bitlocker.

Seems kind of cumbersome. So you have to pull the USB stick out and type all of your passwords manually for each site you login to? Do you have an aversion to online password tools?

@Barman58

Are you saying that your fixed IP system is aimed against the regular range of hacking attempts? If so how?

Because I only have a very small pool of Free IP addresses any rogue device stands out so may be interrogated. Of course it's also possible to set the spare pool of addresses to zero, so the Router DHCP will not have any adresses available when queried, or go the old way, allocate all IPs manually and switch of the DHCP server completely