CIO Today

CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
Daily Briefing for Technology's Top Decision-Makers
Friday, April 25th 
Next Generation Data Center Is Here!
This ad will display for the next 20 seconds. Please click for more information, or scroll down to pass the ad, or Close Ad.
Trending Topics:   Security Heartbleed Big Data Cloud Computing Windows XP Data Centers OS X Mavericks
Home
Enterprise Software
Enterprise Hardware
Big Data
Network Security
Cloud Computing
CRM Systems
Data Storage
Operating Systems
Communications
CIO Issues
Mobile Tech
Chips & Processors
World Wide Web
Business Briefing
After Hours
Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

Viruses & Malware

Database Hack Puts Social Media, Webmail Users at Risk

Database Hack Puts Social Media, Webmail Users at Risk
December 5, 2013 10:31AM

Bookmark and Share
It appears that Trustwave's SpiderLabs infiltrated a control server for the massive Pony botnet that was dumping credentials that it had harvested from compromised computers around the world. TrustWave’s SpiderLabs said that the Pony botnet let loose hundreds of thousands of Facebook, Twitter, Google and Yahoo accounts.

Your Next Generation Data Center Is Here! Vblock™ Systems: the world's most advanced converged infrastructure are built on the Cisco Unified Computing System with Intel® Xeon® processors. Vblock™ Systems deliver extraordinary time to market, ROI and TCO, and flexibility to meet your continually changing demands with 5X faster deployment, 96% less downtime, and 1/2 the cost. Click here to learn more.

A massive hack has served up the user names and passwords of nearly 2 million Facebook, Twitter, Google and Yahoo accounts, among others. TrustWave’s SpiderLabs first reported the database breach, which it said was made possible by the Pony Botnet Controller.

“With the source code of Pony leaked and in the wild, we continue to see new instances and forks of Pony 1.9,” Daniel Chechik of SpiderLabs wrote in a blog post.

In addition to hundreds of thousands of Facebook, Twitter, Google and Yahoo accounts, SpiderLabs reports the breached database also let loose credentials for 1.58 million Web site log ins, 320,000 e-mail accounts, 41,000 FTP accounts, 3,000 remote desktops, and 3,000 shell accounts. But the leak itself is only one part of the story.

“In our analysis, passwords that use all four character types and are longer than eight characters are considered ‘excellent,’ whereas passwords with four or less characters of only one type are considered ‘terrible’,” Chechik said. “Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the medium category.”

The Unreported Threat

We turned to Matthew Standart, director of threat intelligence at HBGary, the technology security division of ManTech International, to get his take on the database leak. He told us it appears that Trustwave infiltrated a control server for the massive Pony botnet that was dumping credentials that it had harvested from compromised computers around the world.

What hasn't been reported, he added, is that compromised endpoints are the actual threat and they should not be overlooked. As Standart sees it, the challenge comes in that many end users rely only on antivirus software products to detect and remove malware -- but today's sophisticated malware threats slip past sensors and aren't being regularly detected. For remediation to work, then, the first and most important step is to identify whether the system is compromised with malware.

“If so, the malware needs to be removed before the passwords -- which should be done periodically as standard personal security hygiene -- can be reset,” Standart said. “Resetting the passwords first is like putting the cart before the horse because the new passwords will be compromised over and over again. Today, there are powerful solutions on the market that detect sophisticated strands of malware where antivirus can't.”

A Focus on Data Management

We also asked Aaron Titus, CPO at Identity Finder, a breach prevention and risk management firm, to get his perspective on the attack. He told us this incident underscores the need for whole-lifecycle sensitive data management.

“Even though the scope of the hack is staggering, keylogging remains a somewhat inefficient method to harvest sensitive data,” Titus said. “The fact that even an inefficient hack can amass such an astounding cache of credentials should be a wakeup call that companies should focus their energies on internal sensitive data discovery, classification and remediation, because harvesting that information is typically much easier.”

Tell Us What You Think
Comment:

Name:

Herbie Dragons:

Posted: 2013-12-16 @ 4:28pm PT
The trouble with pass phrases is that they can be identified easily if they are, for instance, passages from a book. The alternative is to create a unique pass phrase which may become hard to remember.

MasterPassword:

Posted: 2013-12-05 @ 12:09pm PT
“In our analysis, passwords that use all four character types and are longer than eight characters are considered ‘excellent,’ whereas passwords with four or less characters of only one type are considered ‘terrible’".

Your analysis is terrible. There are no character types for a computing device. it is a fiction made to adapt sequences of bits to human circumnstances.

The best password are passPHRASES. very long sequences of bits, easy for humans to remember and difficult for computers to crack.

Unfortunately, the crackheads that program password protection do not give sufficient space (30+ characters) and force us to use &?#kIjy7769y that are difficult to remember and easy to crack.



 Viruses & Malware
1. Lessons from Verizon's Threat Report
2. Malware Targets Facebook Users
3. OpenSSL Calls for More Support
4. How, Why Heartbleed Got Its Name
5. Android Apps Mine Virtual Currency




 Most Popular Articles
1. BlackBerry Drops T-Mobile After Nasty Spat
2. Cisco, IBM Launch Internet of Things Consortium
3. Salesforce CRM Gets Industry Specific for Internet of Customers
4. Intel Bets on Cloudera for Big Data Analytics
5. Fast Seagate 6 TB Drive Offered for Enterprise Data Centers

Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports

  IBM Targets Big Data with Power8 Line
  Opera Coast Offers Safari Alternative
  FCC Defends Internet Traffic Proposal
  Fund Seeks To Head Off Heartbleeds
  Salesforce Developing App SOS Button

 Technology Marketplace
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
Cloud Computing
Next Generation Data Center Is Here! Vblock™ Systems from VCE
 
Contact Centers
HP delivers the future of the contact center with HP Qfiniti 10.
 
Data Storage
Next Generation Data Center Is Here! Vblock™ Systems from VCE
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Enterprise Hardware
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Hardware
Protect your network with APC Smart-UPS battery backup
 
Network Security
Protect your network with APC Smart-UPS battery backup
 

Network Security Spotlight
Tech Giants Fund Initiative To Prevent Future Heartbleeds
Can more funding prevent Heartbleed vulnerabilities in future open-source software? A new Core Infrastructure Initiative at the Linux Foundation is attempting to find out.
 
What Verizon's Data Breach Report Can Teach Enterprises
It’s probably not a jaw-dropper, but cyberespionage is officially on the rise. And the use of stolen or misused credentials is still the leading way the bad guys gain access to corporate information.
 
Top Cyberthreats Exposed by Verizon Report
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Navigation
CIO Today
Home/Top News | Enterprise Software | Enterprise Hardware | Big Data | Network Security | Cloud Computing | CRM Systems
Data Storage | Operating Systems | Communications | CIO Issues | Mobile Tech | Chips & Processors | World Wide Web
Business Briefing | After Hours | Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 CIO Today. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.