Is Your Password ‘tigger’?
A website known for providing an online method of “copy” and “paste” storage, Pastebin.com, is often used by debuggers and programmers, as a method to reference multiple volumes of data from various systems. This is largely due to the site’s, along with other similar site’s, ability to easily and anonymously allow for quick entry, and the ease of finding those entries when required.
Hackers love these repositories, because within this junk pile of data, often you can come across all sorts of interesting and sometimes sensitive data. They also love to use the sites for their nefarious programs and scripts.
An example of this occurred recently when security researchers discovered what appears to be the output of a keylogger being uploaded to PasteBin. Inside was a treasure trove of usernames, passwords, e-mail addresses, Myspace and Facebook accounts and other sensitive type information. One of the common passwords, “tigger,” appears to have been used on a number of accounts, which proves that all the yelling we do as security practitioners about complex usernames and passwords, has not really produced the results we would like.
What is scary about this is not the invasion of privacy these people have been feeling from all of this, but also the larger implications towards our enterprises. What do we do when our CIO, head systems administrator, or even Betty from Accounting, has their home or work laptop compromised? Are these guys obtaining her VPN, corporate webmail logins, etc?
What are the best ways to protect our networks from ourselves?
Additonal info:
http://www.thetechherald.com/article.php/201024/5728/Massive-keylogger-cache-posted-to-Pastebin-com
Posted by Eric Irvin
Write a comment
- Required fields are marked with *.
