@tek Poor effort on the adversary's part then. They could have at least done *some* research.
We tend to see a short 1-2 day wave of them every couple of months. We've noticed that they're only ever sent to domains serviced by our Mimecast MX-es, while the few subdomains that aren't, are left alone.
Does that mesh with what you see?
I hope all the SMART COMPUTER NERDS buying stonks today won't forget their favourite cyberpunk webcomic when they get to the MOON π³π π
and on a completely unrelated note, new page is up!
https://www.drugsandwires.fail/
HOW COULD I FORGET ABOUT THE 3-TIME VIDEO GAME CHAMPION
https://www.youtube.com/watch?v=TizLzFCZt5c&ab_channel=Ruggington
@banjofox @djsundog @thegibson
Administrative shenanigans?
"So it's best to assume whatever you hand to such a service is not controlled by you anymore."
Agreed.
I'm not sure how google hashes/encrypts those passwords, but obviously its not a one-way method. I reckon there's a chance that they use your google password (or another auth token) to encrypt your plaintext password, allowing you to decrypt it.
Again, we don't know, so we can't be sure.
Either that, or they obtained the list of exposed passwords, hashed them with whatever hashing method they use, then compare hashes against the ones that you've got saved.
A match=Compromised password.
That's how I'd do it if I were trying to protect my users without infringing on their privacy.
Trunk is a really good way to follow people who have published an interest in a particular subject: https://communitywiki.org/trunk/
cowboy beeboy
Yes. Please do the thing!
Your community, your library. The Cyberpunk Librarian is back with the first episode in a series of shows on setting up a high tech library for your low budget community! Letβs start it off with the best ILS for your community library needs!
Friendly Neighbourhood Sysadmin.