PDA

View Full Version : Pony Botnet steals 2 million passwords ??????



AppleFan
05-12-2013, 05:42 PM
Have been reading articles about this botnet , and as the headline says 2 million passwords stolen from websites, i think people don't think strongly about passwords as to protect themselves like look at this a security company/lab said people use 123456 as a most common passwords others use admin , 123 and 1 . And Finally Graham Cluley, an independent security expert, said it is extremely common for people to use such simple passwords and also re-use them on multiple accounts, even though they are extremely easy to crack.

"People are using very dumb passwords. They are totally useless," he said.

I put this post because i want to here your views on this , i think yes Graham is right but will our brains remember them , that is why people go 12345 and further i dont think they change them from time to time like every 3-6 months , and also i think websites and security companies so do something about this , because password doesnt seem that secure and not only this issue recently adobe i believe got hacked as well and passwords stolen in million , thats why password are not my way of security . I think for now passwords are number one for cybercrime and will be but n future in some other kind of encryption comes then maybe we can be safe . Here is the link if u want to read the article . Please write your opinion in comments , thanks.

http://www.stuff.co.nz/technology/digital-living/30005649/two-million-passwords-stolen-by-pony-botnet

1101
06-12-2013, 08:34 AM
Its not that simple.
Hackers need to know the users login name before they can start trying to guess these poor passwords.
so when hackers/bots start trying to guess passwords, the 'server'/website/etc should detect that as a dictionary attack & block that IP, or do something to stop multiple attempts a logins

Yes , you shouldnt use the same password everywhere, but its not that big an issue as the hacker would need to know exactly what sites this password could be used on (& know the login name)

even insecure Passwords alone are worthless to hackers without knowing the login name & website its used on.