The Firefox Monitor informs you about current data thefts and can tell you whether your own data occurs in stolen data records. A practical service that many more people in Germany should know. [Read more…] about Firefox Monitor – new Mozilla service informs about data theft!
The CERT has issued a warning via Twitter that dozens of Lookalike domains are currently in circulation that pretend to belong to popular OpenSource software. Let’s take a closer look at what Lookalike domains are and how to avoid them. [Read more…] about Lookalike domains discovered for Open Source projects!
The blackmail business has been flourishing on the Internet for quite some time – a new scam is now hitting developers who are deleting the public git repository. All that remains is a note with the wallet, to which approx. 0.1 bit coins are to be transferred in order to get back to the data.
The developers are not completely innocent. Since most developers have a local repository, the damage is limited. Interesting and critical to the same is the attack anyway. [Read more…] about Git repository deleted – developers blackmailed!
Was my password stolen? Do you use easy-to-remember passwords? Do you use the same password for different portals? Answers to these questions are essential for the security of your digital identity.
We therefore recommend that you regularly check whether your data has been stolen and act accordingly.
Password stolen, individualized password lists, large data leaks.
A password list is a large text file containing many passwords used by unknown users on the Internet. Not only passwords, but also e-mail addresses are interesting for hackers, so that a personalized contact can be established.
At the beginning of the year, one of the largest records of passwords and e-mail addresses to date leaked out. These are approximately 773 million e-mail addresses and 21 million passwords. An extensive treasure.
With the help of such lists or data, hackers try to gain access to other people’s accounts. The greatest risk as a user is to use the same password for several portals. As soon as only one of these portals is hacked, your password will be on the list. This clears the way for numerous identity and fraud scams.
One cracked, hacked forever. A password stolen – and the digital identity also?
The password list is clearly too big to try it out completely. In order for a hacker to be able to crack the password in time, it is advisable to adjust the list.
Different approaches, partly from the social engineering field, are used for this. Assumptions that a Schalke04 fan will most likely not use Dortmund123 as his password support the attacker in sorting & filtering the list. A hacker tries to get to know his victim.
When the list is adjusted, he tries each of the remaining passwords with possible email addresses. So if your password has already been published and has an indirect connection to you personally, this password is most likely on the attacker’s list.
How can I protect myself?
Basically, we recommend using different passwords for each portal. Otherwise, there is an increased risk that your password will be stolen from a platform and published in this way. It is also advisable not to include any personal reference in the passwords. Therefore, you should refrain from using memory aids such as the child’s or friend’s name.
Long passwords, a separate password for each service and all this without memory aids – not an easy task to protect your own digital identity. If you now want to keep track of which websites you have registered on and which accesses could possibly be deleted, we warmly recommend a password manager. Whether this is off- or online, everyone has to decide for themselves. Known providers are among others:
Must I change all my passwords now?
No, just because a large record of passwords was published doesn’t mean your password was there, does it? To answer this question, Troy Hunt runs the website haveibeenpwnd.com. There you can check passwords as well as e-mail addresses. However, we advise against chasing actively used passwords through the database.
A German alternative is operated by the Hasso Plattner Institute in Potsdam. The Identity Leak Checker only reveals information as soon as you have verified yourself as the owner of the e-mail address.
It is crucial, however, that this information reaches those affected – whether via HIBP or the IDL.
LinkedIn, for some a torture, for others an important tool for networking and exchanging information. Ask any online marketing specialist and they’ll probably say things like “LinkedIn is the most underrated, fastest growing network, just post some ads”.
In the information age, data is gold and attackers find it particularly valuable. For example, for the preparation of targeted phishing campaigns. [Read more…] about LinkedIn and information retrieval!