Identity Fraud Alert

Status
Not open for further replies.
May 17, 2004
5,685
Beneteau Oceanis 37 Havre de Grace
Can't the password managers be hacked? Then you loose everything in one shot.
They're designed so that even if they get hacked and lose everything all the attackers get are blobs of encypted data. The only way to decrypt that blob is with the user's master password. Use a strong password for that and it should be safe.
 
Jun 1, 2015
217
Macgregor 26d Trailer Estates, Fl
Corporations will never come out & publicize they had been hacked most of the time.
Maybe a few down the road months later might publicize the hack.
Check your state laws. Some states have very stiff penalties for companies that do not notify customers, users, clients of breaches within relatively short durations. It’s a little bit of a nightmare now for larger corps as they have to comply with a different set of rules and deadlines in each state.
 
Jun 1, 2015
217
Macgregor 26d Trailer Estates, Fl
In one of my classes we asked the students to provide the best nonsense passwords they could come up. One could only be four characters, one eight, and one twelve. Twenty one students that semester.

Using a brute force attack and only one modern computer it took < 2 seconds to crack all 21 of the 4 character passwords. We ran it multiple times thinking something was wrong before we realized it was doing all of them.

Took about 2 weeks to do the 8 character set.

We killed the 12 character attempt after about three weeks and estimated it would take years. Net 12 characters or more is a lot safer than 8.

Note that there are other ways to slow down an attack on a system, but if someone has a list of encrypted passwords, it doesn’t take long if they are 8 characters or less.
 
  • Like
Likes: Will Gilmore

Phil Herring

Alien
Mar 25, 1997
4,923
- - Bainbridge Island
I want to update everyone on the Lifelock alert situation.

We take security very seriously and upon learning of the alert, we directed several people both inside and outside our organization to investigate the problem immediately.

Here's what we found so far:

- Background: the "dark web" is basically some forums, much like this one, that are encrypted or hosted on a non-standard port so they cannot be located or indexed by search engines. Access to these forums, in which hackers sell or trade data, is by invitation only. This particular Lifelock alert indicates that a file was offered in such a forum that references one of our domains. That is the extent of the evidence. Neither Lifelock nor Symantec monitors our servers or has any way to identify an actual breach. Their notification is based entirely on the claim of an anonymous forum user.

- We have established that the alert was real and sent by Lifelock. However, when we contacted Lifelock for further information they admitted they cannot find any supporting information about a breach of our domain.

- They referred us to Symantec, who does the monitoring and provides the alert information to Lifelock. Symantec has no record of a breach or suspicious activity associated with any of our domains. They confirmed by phone that their records classify all of our sites as safe.

- If you wish to verify that information you can check their assessment of our site at: https://safeweb.norton.com/
Again, this not a generic security check -- Symantec is the source of the data for Lifelock alerts.

- We have asked Lifelock to investigate this alert and why they do not have any data to support it. They have agreed to do so and we hope to hear back from them soon.

- Meanwhile, we have scanned our servers for malware and analyzed the server logs for any suspicious activity. None was found. We scan for these issues daily, but performed a more in-depth scan on Thursday. We found no malware, no successful injection attacks or cross scripting, no rogue file uploads, and no unauthorized access to or unusual activity in our database.

- Please rest assured that even in the event of a breach, no credit card data is stored on our servers and all passwords are encrypted and saved as a 40 character hash of text and numbers.

BOTTOM LINE: Based on this information PLUS data from other professional security resources we believe the following to be true:

  1. There is no forensic evidence of a recent breach
  2. Analyzing the email addresses reported we believe the data may be from an old breach (the only one we have experienced), which we publicly reported a number of years ago
  3. We checked our user passwords against a public database of hacked passwords and found no matches, so we believe that passwords were NOT exposed
NEXT STEPS: We recommend you change your forum password just to be safe. You can do that at:

https://forums.sailboatowners.com/index.php?account/security (you must login to access this screen)

We also strongly recommend that you never use one password for multiple sites, and choose a long password or phrase. 12+ characters is best.

While our site is scanned, tested, and monitored for attacks and breaches daily, we have added an additional layer of security at the network firewall which will block traffic from torrent servers, bots, brute force login attacks, and a wide variety of other suspicious actions and sources. We will also be blocking traffic from countries with little boating but lots of hackers.

We appreciate your patience and understand your concern. If you have any questions please contact us through customer service. We will continue to update you if new information becomes available.
 
Status
Not open for further replies.