* Posts by GundarHarl

2 publicly visible posts • joined 16 Jan 2017

South Korean hosting co. pays $1m ransom to end eight-day outage

GundarHarl

They will have to prove compliance, fire and replace a few lazy sysadmins and layout a pile of money on new gear. To win back or retain customers, they will probably offer a more secure and better supported environment, so it might be okay to go there again if they show lessons were learned and the experience has made them tougher. Just saying... I run my own hosting service, update and replace operating systems every year or two, backup offsite constantly, manage as-built documentation... all the stuff I learnt from not doing that stuff. I could still get hit for sure with some malware, but I can just rebuild elsewhere in under a day.

Just give up: 123456 is still the world's most popular password

GundarHarl

Re: Don't Just Blame Users

I don't agree. There was a time when lame passwords could be used to protect accounts for sites with mundane content.

Social engineering starts with the content and posts on mundane forums and though you may not consider yourself an ideal target of a complex criminal enterprise, you may still pass off as a target for an angry ex, a disgruntled co-worker or a random thrill seeker. Mundane forums posts can contain enough detail to get security clearance for more complicated password resets. Did you mention your mother's maiden name on a genealogy website? Did you mention your dogs name in that pet food forum? Does your local newspaper comments page know your date of birth and address? These are common challenge questions for getting passwords reset at banks and credit bureaus, travel agencies and social media accounts.

A perfect example is in this comments page, here are people, on a 'mundane' comments page, discussing their credential requirements and password policies of other organisations they subscribe to.

Further, I a comment below makes the most sense - make strong passwords because it's a good habit.