We InfoSec types have been spending lots of time of late catching up to the exploits (and use of exploits) of various hacking groups. These bad, bad people have been hacking websites and services, extracting the logins and passwords for thousands of users, and posting them to the net for all to see. Of course, since password reuse is so common, other bad guys come along, take these logins, and use them to send spam and malware through accounts that might use the same login and passwords as the compromised accounts.
The logic behind the activity is complex, and most users who are affected by it all don't seem to care. They care that their online selves have been violated. They care that these attacks lead to identity theft.
We, as the InfoSec community, have tried to educate people to have better account management practices, such as using complex passwords and not reusing logins. Often this advice falls on deaf ears. There have been many studies as to why this is the case, and not all the blame falls on the end user. That said, an ounce of prevention would be a huge help in the cases of the Sony breach and the other recent website breaches.
And yet we still hear the users singing a sad song...
I Couldn't Find Me Without Having You
I'm lost, I don't know what to do
Can't find the words, don't have a clue.
But Google, you're there, you're always true.
I couldn't find me without having you!
I signed up for Sony's gaming net
Bosses to kill, achievements to get.
But now someone who I've never met
Logged in as me, filling me with regret.
Not only have they my gamer tag
They're causing my credit card to sag
I wish I could blame them for the lag
As I blame them for the creditor's nag.
I'm lost, I don't know what to do.
Can't find the words, don't have a clue.
But Google, you're there, you're always true.
I couldn't find me without having you!
So I look to the net and search for my name.
I find that lulzsec is playing a game.
So what if my logins are all the same?
Who'd want my ID, I haven't got fame!
And an Anonymous group has entered the fray.
They seem to hack sites each and every day.
Now my login and passwords are on display.
If I ever forget them, I will know the way:
I'm lost, I don't know what to do.
Can't find the words, don't have a clue
But Google, you're there, you're always true.
I couldn't find me without having you!
They're on my laptop, they're in my iPod.
All my tech toys seem to act rather odd.
I've lost all control, upon my ego they've trod.
It's a matter of time before they hack my poor bod.
I hear your advice, you say what to do.
But I cannot recall more than a password or two!
And you want it complex, even with symbols too?
You're asking too much, your rules make me boo!
I'm lost, I don't know what to do.
Can't find the words, don't have a clue.
But Google, you're there, you're always true.
I couldn't find me without having you!
No comments:
Post a Comment