[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dropbox security situation

No google now has a unique one now but didn't when the incidents
happened.

On Sun, 8 Dec 2019, l0f4r0@tuta.io wrote:

> Date: Sun, 8 Dec 2019 12:55:12
> From: l0f4r0@tuta.io
> To: John Hasler <jhasler@newsguy.com>
> Cc: Debian User <debian-user@lists.debian.org>
> Subject: Re: dropbox security situation
> Resent-Date: Sun,  8 Dec 2019 17:55:26 +0000 (UTC)
> Resent-From: debian-user@lists.debian.org
>
> Hi,
>
> 8 d?c. 2019 ? 14:47 de jhasler@newsguy.com:
>
> > Do you use the same username everywhere?  It's common for criminals to
> > collect lists of usernames and try them in combination with guessed
> > passwords on as many services as possible.  The yield is low but it's
> > cost-effective for them because the process is fully automated using
> > thousands of bots and many people use poor passwords.
> >
> It's called Password Reuse attacks or Password stuffing btw if you want to get more information about it.
> I've seen last week that some tools like PAF Credentials Checker (https://github.com/kindredgroup/paf-credentials-checker) are developped to detect potential use cases/occurrences to help mitigating the risks.
>
> Usual advice : use strong passwords (i.e. long enough with high entropy => generated&stored in a dedicated password manager) AND 1 different per service, never the same.
>
> Best regards,
> l0f4r0
>
>

--
Reply to: