- I can't stress this strongly enough, and these alerts never tell you this: It also means that if you use the same username and password on other sites as you use at cisco.com, you should change those as well.
- One of the most common methods of site cracking works like this: (1) Crackers assemble monstrously long lists of known combinations of usernames/passwords. (2) They employ brute force programs to try every combination on major pay sites. One day I had a single guy try to log in with 1.3 million different combinations at scoopy.net (I know because they all came from from a single IP!!) (3) The ones that work get shared or posted on Warez sites.
- Thus, if you use the combination silver/bullet or mickey/mantle (two of the most common combos), it is only a matter of a day or so before the entire internet knows that those are working at site X. Therefore, if you use the same username and password at an unsecured bulletin board site and a major pay site, it is only a matter of time before some cracker finds the unsecured list, adds it to his master cracker list, and finds out that the same combo works on the paysite.
- Bottom line: use a different username/password for every site you belong to. It's worth the little extra time it takes to keep them recorded somewhere.
Friday, August 05, 2005
Cisco.com has been compromised and customers need to change their passwords.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment