from SANS Internet Storm Center, InfoCON: green
I wrote this diary while waiting for my flight back to home. Last week,
SANSFIREwas held in Washington where I met some ISC handlers. I did not pay too much attention to the security news but I faced an interesting story. Recently, a data
leakaffected LinkedIn and a friend of mine had a chance to have access to the data (o.a. decrypted passwords). He contacted my and suggested to change my password as soon as possible (as a proof, he sent my password). It was indeed a “valid” one but not my “current” one. More precisely, it was the very first password that I used when a created my LinkedIn account (a long time ago). Interesting… It means that the leaked is not recent.
Passwords are a sensitive topic: don’t play with fire and follow this golden rule: Change them often and don’t re-use them. The “leak” which affected TeamViewer is a good example. I put leak between quotes because it appeared that some of their users were compromised due to password re-use as they
stated. To track and analyze this, password managers and dormant accounts can be very useful to track data leaks.
Usually, when I receive an invitation to create an account on a website, I accept it and create a unique email account that will NEVER be used somewhere else. I'm using something like: "website-url (at) unused (dot) rootshell (dot) be" or “login_webshop.com". This helps me to track:
- Spammers: I can “learn” which site leaked (or sold?) my details to spammers.
- Data leaks: By crawling paste websites for my dormant email addresses or logins.
Another interesting feature of some password managers (well, the one I’m using includes it), they keep a history of the previous passwords and time stamps (when they have been changed):
Based on this information, I’m able to estimate when the data leak really occurred and if it is really coming from the supposed victim or from another source. This is a new proof that password managers are mandatory for everybody: they protect you and they contain useful data to analyze security incidents. Stay safe!
