Re: dropbox security situation

To: John Hasler <jhasler@newsguy.com>
Cc: Debian User <debian-user@lists.debian.org>
Subject: Re: dropbox security situation
From: <l0f4r0@tuta.io>
Date: Sun, 8 Dec 2019 18:55:12 +0100 (CET)
Message-id: <[🔎] LvadeHz--3-1@tuta.io>
In-reply-to: <[🔎] 87immrdj4p.fsf@dhh.gt.org>
References: <[🔎] alpine.NEB.2.21.1912071158190.26808@panix1.panix.com> <[🔎] 07122019203529.4a2ba73a3549@desktop.copernicus.org.uk> <[🔎] alpine.NEB.2.21.1912071643220.12775@panix1.panix.com> <[🔎] 07122019220045.e913ec2b4cb4@desktop.copernicus.org.uk> <[🔎] alpine.NEB.2.21.1912071819060.3711@panix1.panix.com> <[🔎] 87immrdj4p.fsf@dhh.gt.org>

Hi,

8 déc. 2019 à 14:47 de jhasler@newsguy.com:

> Do you use the same username everywhere?  It's common for criminals to
> collect lists of usernames and try them in combination with guessed
> passwords on as many services as possible.  The yield is low but it's
> cost-effective for them because the process is fully automated using
> thousands of bots and many people use poor passwords.
>
It's called Password Reuse attacks or Password stuffing btw if you want to get more information about it.
I've seen last week that some tools like PAF Credentials Checker (https://github.com/kindredgroup/paf-credentials-checker) are developped to detect potential use cases/occurrences to help mitigating the risks.

Usual advice : use strong passwords (i.e. long enough with high entropy => generated&stored in a dedicated password manager) AND 1 different per service, never the same.

Best regards,
l0f4r0

Reply to:

Follow-Ups:
- Re: dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: Charles Curley <charlescurley@charlescurley.com>

References:
- dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>
- Re: dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>
- Re: dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: John Hasler <jhasler@newsguy.com>

Prev by Date: Re: [OT] Google security
Next by Date: Re: dropbox security situation
Previous by thread: Re: dropbox security situation
Next by thread: Re: dropbox security situation
Index(es):
- Date
- Thread