The 773 Million Record Collection #1 Data Breach

Page 4 of 5 FirstFirst ... 2345 LastLast

  1. Posts : 6,789
    22H2 64 Bit Pro
       #30

    FYI:

    Blur

    I never use my personal email address for signing up to websites. I've always had one email address for personal use only plus other email addresses for anything else. For those sites that ask for your email when you want to download software I just use a temporary email like tenminute mail dot net.

    Blur - Chrome Web Store
    Last edited by Callender; 19 Jan 2019 at 10:48. Reason: add info
      My Computer


  2. Posts : 750
    Windows 10 Pro 64-bits
       #31

    Anak said:
    Other than I don't trust a third-party to manage my credentials?

    There had been a discussion on the subject awhile ego here:

    Microsoft Wants to Kill Passwords, Starting With Windows 10 - Windows 10 Forums
      My Computer


  3. Posts : 1,800
    10 Home 64-bit | v22H2 | Build - 19045.3930
    Thread Starter
       #32

    Callender said:
    FYI:

    Blur

    I never use my personal email address for signing up to websites. I've always had one email address for personal use only plus other email addresses for anything else. For those sites that ask for your email when you want to download software I just use a temporary email like tenminute mail dot net.

    Blur - Chrome Web Store
    Now he tells me! Just kidding.

    Cr00zng said:
    Other than I don't trust a third-party to manage my credentials?

    There had been a discussion on the subject awhile ego here:

    Microsoft Wants to Kill Passwords, Starting With Windows 10 - Windows 10 Forums
    Thanks! I'll check it out.
      My Computers


  4. Posts : 84
    Windows 10 Home x64
       #33

    Hi @Anak,

    Anak said:
    That's what I don't understand about some of these web sites, your first concern when starting a site should be security not how much you're gonna make from ads or info sold about your members.
    Ideally, yes but companies focus primarily on getting their service as quickly as possible to the market before their share of the pie shrinks. Data security figures somewhere on their list of operational requirements for the solution but it's not their primary focus. They can get away with implementing some basic form of security. As they develop the solution, as long as there are no immediate issues to address, it gets pushed down further on the list of priorities. Most of these companies consider data to be the new oil. Irrespective of whether it's a free or paid service they're offering, they would like to collect as much of it about you as possible.

    Anak said:
    I used to use spybot back in the day but gravitated away from it, IIRC, didn't spybot have some problems back then after a merger? I think it was more about poor scan results and not security.
    Anyways, I'll give it a look along with FireFox's Monitor, I forgot about that until I saw it in Brinkman's article. Thanks for the links!
    Me too. I used to use MSE along with Spybot S&D and Malwarebytes Free on my Vista system. Never had any malware problems. That said, the nature of threats have changed today. I stopped using Spybot S&D after they brought out a new version, which I did not like (don't remember what exactly.) I'm glad you found the links useful. Have a nice day!
      My Computer


  5. Posts : 1,656
    Windows 10 Pro x64
       #34

    Callender said:
    FYI:

    Blur

    I never use my personal email address for signing up to websites. I've always had one email address for personal use only plus other email addresses for anything else. For those sites that ask for your email when you want to download software I just use a temporary email like tenminute mail dot net.

    Blur - Chrome Web Store
    Unfortunately, even services like these aren't immune - my Blur account was compromised in this breach (thankful I hadn't started using it in anger), so I would never consider using Blur ever again.

    Data of 2.4 million Blur password manager users left exposed online - Windows 10 Forums
      My Computers


  6. Posts : 84
    Windows 10 Home x64
       #35

    Cr00zng said:
    Yes, excellent advise on credential management, but...

    When the authentication server(s) hacked and becomes known, the knee jerk reaction of most of the security experts is:




    Like the password strength would matter in the case of data breaches. Does it really matter, if the password is “123456Ab” or “3pHj1P38JVF4A”? Especially, if the the password stored in plain text and/or easily reversible password hash. Yes, end user's credential management matters, but it does not account to much, if the subject of the data breach does not inform its end users and the public about the data breach. As you experienced...

    And for that matter... Biometric or other types of authentication methods may not provide the level of account security sought after either. For cyber-criminals, it does not make a difference, if the stolen account credential is password or fingerprint for example. Well, there is a difference. It is easier to replace the password than the fingerprint. Not to mention that while passwords are unlimited, fingerprints for the end-user in question limited to ten, for most people. Once the biometric credential is out in the open, the end user is toast...

    And that's just on the authentication server side. Hacking the client side is even worse, where smartcards, SecurID tokens, etc., can be exploited with ease.

    Prior to settling the type of authentication that we'll use, both the server and client side security need to change. Without securing the systems at the end points, there's not much reason to change the password based authentication systems. Unfortunatrely, not much effort put in to this, it's much easier to blame the end user for not having credential management in place, lack of 12+ character strong password.

    Entities can also blame APT and point finger at Russia, China, North Korea, or any other other politically correct country for the data breach at hand. That's the "get-out-of-the-jail" card for the lack of security for these entities systems and has been working for every one of them...
    True. Irrespective of who they point their fingers at, the ones impacted most by such data breaches are us - users, especially when our personal and financial security is at stake. All of this data collection, fingerprinting and tracking of users online coupled with data sharing has gone too far. I dread the day biometric data of users gets leaked on the Internet. It could very well be an eventuality considering that Governments around the world are pushing to collect biometric data of citizens. Add to that Government Agencies hoarding vulnerabilities and creating exploits, striving to weaken encryption, pressing for backdoors, etc. - all in the name of keeping us safe. It would just be a matter of time before bad actors discover them and gain access to them. It's all a big mess right now.
      My Computer


  7. Posts : 6,789
    22H2 64 Bit Pro
       #36

    Golden said:
    Unfortunately, even services like these aren't immune - my Blur account was compromised in this breach (thankful I hadn't started using it in anger), so I would never consider using Blur ever again.

    Data of 2.4 million Blur password manager users left exposed online - Windows 10 Forums
    Thanks for the info. I suppose you can use a non personal webmail address and give whatever details you like though.

    Anyway here's what I do when asked for my email address when downloading software:

    The 773 Million Record Collection #1 Data Breach-bitsdujour-discounts-software-deals-secure-checkout-driver-booster-pro-6-months.jpg

    The 773 Million Record Collection #1 Data Breach-10-minute-mail.jpg

    The 773 Million Record Collection #1 Data Breach-10-minute-mail-read-mail.jpg
      My Computer


  8. Posts : 750
    Windows 10 Pro 64-bits
       #37

    PrivacyFreak said:
    True. Irrespective of who they point their fingers at, the ones impacted most by such data breaches are us - users, especially when our personal and financial security is at stake. All of this data collection, fingerprinting and tracking of users online coupled with data sharing has gone too far. I dread the day biometric data of users gets leaked on the Internet. It could very well be an eventuality considering that Governments around the world are pushing to collect biometric data of citizens. Add to that Government Agencies hoarding vulnerabilities and creating exploits, striving to weaken encryption, pressing for backdoors, etc. - all in the name of keeping us safe. It would just be a matter of time before bad actors discover them and gain access to them. It's all a big mess right now.

    That had been considered a good while ego and the "eventuality" is here, quote:

    The U.S. Department of Homeland Security (DHS) is quietly building what will likely become the largest database of biometric and biographic data on citizens and foreigners in the United States. The agency’s new Homeland Advanced Recognition Technology (HART) database will include multiple forms of biometrics—from face recognition to DNA, data from questionable sources, and highly personal data on innocent people. It will be shared with federal agencies outside of DHS as well as state and local law enforcement and foreign governments. And yet, we still know very little about it.

    Source

    Maybe the definition of biometric based authentication should be changed. It's not just who you are, but it should include whoever has your biometric data. If past history is any indication, the chances are that the DHS databases could be stolen in the future, be that hacking and/or insider job. That's pretty much the nature of the operation, when the database is "shared with federal agencies outside of DHS as well as state and local law enforcement and foreign governments".

    I admit that this is a bit far fetched, or at the very least, I hope it is...
      My Computer


  9. Posts : 84
    Windows 10 Home x64
       #38

    Cr00zng said:
    That had been considered a good while ego and the "eventuality" is here...
    Data leaks of biometric data was the eventuality I was referring to. The data collection has already started.

    Wikipedia: Countries applying biometrics

    What are Risks of Storing Biometric Data and Why Do We Need Laws to Protect It?

    Cr00zng said:
    ...If past history is any indication, the chances are that the DHS databases could be stolen in the future, be that hacking and/or insider job.
    ...I admit that this is a bit far fetched, or at the very least, I hope it is...
    It's not really far fetched. It's very much within the realms of possibility.
    And so it begins...

    The risk of centralized storage for biometric data

    ZDNet: A new data leak hits Aadhaar, India's national ID database

    It's just inevitable.
      My Computer


  10. Posts : 84
    Windows 10 Home x64
       #39

    Here's a realistic view on the issue from Brian Krebs

    The 773 Million Record Collection #1 Data Breach-kos-comment.png
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:40.
Find Us




Windows 10 Forums