Guest
Those would be my guesses, too. One more to add is that you used someone else's computer to access your E-Mail and THAT computer was already compromised.Originally Posted by Ken Platt
Any malware worth its weight will attempt to enumerate any saved passwords and transmit that to a server somewhere, before you even realize you're infected.
That is why I tell people to never save passwords. When an E-Mail app or browser asks if you want to save a password, answer "nope."
This is where I was headed. People don't realize they hand out all of the info needed... there's a reason it's suggested you use multiple accounts for different things.
Hi-Tec Designs, LLC -- Owner (and self-proclaimed LED guru)
Trotec 80W Speedy 300 laser w/everything
CAMaster Stinger CNC (25" x 36" x 5")
USCutter 24" LaserPoint Vinyl Cutter
Jet JWBS-18QT-3 18", 3HP bandsaw
Robust Beauty 25"x52" wood lathe w/everything
Jet BD-920W 9"x20" metal lathe
Delta 18-900L 18" drill press
Flame Polisher (ooooh, FIRE!)
Freeware: InkScape, Paint.NET, DoubleCAD XT
Paidware: Wacom Intuos4 (Large), CorelDRAW X5
Guest
But websites aren't typically saving the password, they've saving a hashed representation of the password. You can't get the password from what they're keeping in their database.
[OP]
Contributor
Thanks for the ideas folks.
So far as I am aware, this site's password was not saved in my browser. I do not let the browser save passwords for important sites, for this exact reason.
And, this password wasn't used anywhere else. It wasn't a terribly strong one, though, just a name and 3 digits. You can be sure all my new passwords are much stronger.
How is bot able to figure out a password? Are they somehow able to get the number of digits and just keep trying combinations? I'd think most login software would lock you out after a few attempts.
Ken
If the website is following proper procedure... but how many high-profile sites have we seen that don't? Of course, just when I need them, names of sites escape me at the moment... but wasn't Tumblr one, or Instagram, etc. There was a pay site in the last year or so, but that one escapes me, too... something about passwords being stored in unencrypted form.
Nutshell, plenty of sites don't follow the rules when it comes to your ID safety.
Hi-Tec Designs, LLC -- Owner (and self-proclaimed LED guru
Trotec 80W Speedy 300 laser w/everything
CAMaster Stinger CNC (25" x 36" x 5")
USCutter 24" LaserPoint Vinyl Cutter
Jet JWBS-18QT-3 18", 3HP bandsaw
Robust Beauty 25"x52" wood lathe w/everything
Jet BD-920W 9"x20" metal lathe
Delta 18-900L 18" drill press
Flame Polisher (ooooh, FIRE!)
Freeware: InkScape, Paint.NET, DoubleCAD XT
Paidware: Wacom Intuos4 (Large), CorelDRAW X5
Guest
Right, that is why I said "typically." I just did some googling and I can't find any major sites, or even sites I recognize on any lists of offenders for storing passwords in clear text.
Member
I'm sorry to hear about your problem. I have been hit by 2 breaches at the CC companies (Target and HD) in the last few years though no bogus charges ever showed on my statement.
Phil T. is the one to listen to about this because he has quite a bit more expertise and knowledge about the subject than I ever will.
There are quite a few options but here are a few that come to my mind:
1)You could have logged into a bogus CC web site providing all of your info
2) Same CC and password used at multiple places as well as with CC website
3) CC breach
4) Data skimmed off your computer via "Autocompete forms" stored "for your convenience" or the convenience of criminals (to remove in IE go to to the following tabs Tools-->Delete Browsing History-->Forms Data or something similar depending on your version of IE. I check to remove all sources of data (cookies, history,etc) regularly and delete all history after every online transaction. This one might be likely since it seems they intercepted email notifications as well (unless your CC company has the wrong email address on file or it didn't reach your email in a timely fashion).
...
Make sure you have a unique password for each site. A friend also used to give a different middle initial for each online transaction that was the first letter of the company (So he was Joe W Smith for Woodcraft purchases and Joe R Smith for Rockler purchases). That way he could figure out where the data originated if there was a breach.
Last edited by Dick Strauss; 03-11-2015 at 12:57 PM.
Moderator
Watch this for about 2 minutes. Then you'll understand the magnitude of it all.
http://map.ipviking.com
Lasers : Trotec Speedy 300 75W, Trotec Speedy 300 80W, Galvo Fiber Laser 20W
Printers : Mimaki UJF-6042 UV Flatbed Printer , HP Designjet L26500 61" Wide Format Latex Printer, Summa S140-T 48" Vinyl Plotter
Router : ShopBot 48" x 96" CNC Router Rotary Engravers : (2) Xenetech XOT 16 x 25 Rotary Engravers
Real name Steve but that name was taken on the forum. Used Middle name. Call me Steve or Scott, doesn't matter.
Contributor
If you visit a hotel, restaurant, or business with free wifi and you log into their service and then go to e-mail or purchase something, the server they use has your log-in information. Another business sent a notification that my credit information was compromised yesterday. It's all to common these days with the military, VA, Home Depot, the list seems endless.
For clarification, Norse is a manufacturer of net-safety products. From that site:
Note the mention of honeypots. There is no indication of what those honeypots consist of, and they could be as simple as a stock SQL server with no security patches or a website that says "hack me". As such, it should be noted the "attacks" they show on that page are illustrative only and unlikely indicative of what's happening on the "real net" (<nudge> It's much, much worse!). Think of it as a tiny simulation of what's really happening, but don't view it as actual threats.Every second, Norse collects and analyzes live threat intelligence from darknets in hundreds of locations in over 40 countries. The attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors.
Hi-Tec Designs, LLC -- Owner (and self-proclaimed LED guru
Trotec 80W Speedy 300 laser w/everything
CAMaster Stinger CNC (25" x 36" x 5")
USCutter 24" LaserPoint Vinyl Cutter
Jet JWBS-18QT-3 18", 3HP bandsaw
Robust Beauty 25"x52" wood lathe w/everything
Jet BD-920W 9"x20" metal lathe
Delta 18-900L 18" drill press
Flame Polisher (ooooh, FIRE!)
Freeware: InkScape, Paint.NET, DoubleCAD XT
Paidware: Wacom Intuos4 (Large), CorelDRAW X5
Guest
Not really, most of the sensitive stuff is transmitted securely.
Moderator
That's what got Winnie the Poo in trouble....
Lasers : Trotec Speedy 300 75W, Trotec Speedy 300 80W, Galvo Fiber Laser 20W
Printers : Mimaki UJF-6042 UV Flatbed Printer , HP Designjet L26500 61" Wide Format Latex Printer, Summa S140-T 48" Vinyl Plotter
Router : ShopBot 48" x 96" CNC Router Rotary Engravers : (2) Xenetech XOT 16 x 25 Rotary Engravers
Real name Steve but that name was taken on the forum. Used Middle name. Call me Steve or Scott, doesn't matter.
Guest
Clearly we aren't doing enough to attack China.
Member
Norse is trying to find out WHO is attacking so they can add that info to their database. I agree with Dan that is just a sample of the "real net" and the reality is much worse.
My own business Watchguard "firewall" gets a hit from a new attacker every minute or so on each of the three internet connections. The types of hits looks very much like those shown in Norse's representation.
I'm about ready to kill the T-1 and only keep the 2 FIOS connections so I set up a honeypot on the T-1 around the first of the year to see if that made it more of a target. I setup Server 2003 running IIS and SQL 2005. I let the traffic go through the Watchguard so I could see it but without any restrictions. It didn't seem to attract any more hits but it was destroyed pretty quickly. After the third time deleting and reinstalling the VMware VM, I came to the conclusion that it wasn't attracting any more hits than the protected connections.
Last edited by Greg R Bradley; 03-11-2015 at 3:35 PM. Reason: spelling
Moderator
I'm aware that Norse is their own little corner of the internet, but it's pretty amazing statistics they show, as far as the number of blocked attacks, etc.
Like Dan and Greg have said, this is just one company, imagine what the entire system is dealing with. It's mind blowing.
Lasers : Trotec Speedy 300 75W, Trotec Speedy 300 80W, Galvo Fiber Laser 20W
Printers : Mimaki UJF-6042 UV Flatbed Printer , HP Designjet L26500 61" Wide Format Latex Printer, Summa S140-T 48" Vinyl Plotter
Router : ShopBot 48" x 96" CNC Router Rotary Engravers : (2) Xenetech XOT 16 x 25 Rotary Engravers
Real name Steve but that name was taken on the forum. Used Middle name. Call me Steve or Scott, doesn't matter.
Posting Permissions
Reply With Quote