Educause Security Discussion mailing list archives
Re: Russian Hacker story in today's news
From: "Keller, Alex" <axkeller () STANFORD EDU>
Date: Wed, 6 Aug 2014 17:35:59 +0000
Yes, Krebs posted around the same time I sent my response to the list. It holds a lot of weight that Brian is vouching for him. I stand ready to eat some crow pie, but let's just see how this plays out... Best, alex Alex Keller Information Technology Stanford School of Engineering axkeller () stanford edu<mailto:axkeller () stanford edu> (650) 736-6421 [SoE_IT_Logo] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy Sent: Wednesday, August 06, 2014 10:23 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Russian Hacker story in today's news Brian Krebs has posted on the topic today: http://krebsonsecurity.com/2014/08/qa-on-the-reported-theft-of-1-2b-email-accounts/ Brad Judy From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Keller, Alex Sent: Wednesday, August 06, 2014 11:15 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Russian Hacker story in today's news Hi Folks, I read the NY Times article yesterday and it immediately triggered the BS meter. Article is exceedingly light on details. Hold Security website is rudimentary and vague: http://www.holdsecurity.com WordPress admin interface is running over HTTP (no SSL available): http://www.holdsecurity.com/wp-admin They list Brian Krebs (of Krebs on Security) as a "special advisor": http://www.holdsecurity.com/about/advisory-board/ But Brian has made no note of this story on his blog: http://krebsonsecurity.com None of this passes even the most basic sniff test. Best, alex *http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html Alex Keller Information Technology Stanford School of Engineering axkeller () stanford edu<mailto:axkeller () stanford edu> (650) 736-6421 [SoE_IT_Logo] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chuck Braden Sent: Wednesday, August 06, 2014 6:02 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Russian Hacker story in today's news
As I read Hold Security's release this seems to be more of a marketing ploy to sell services combined with a credential collection scheme of their own.
A news resource I heard this morning said they would provide an ability for users to query to see if their ID or what websites had been compromised. No word when that would be available... Im not hearing a lot from the vendor either - other than crickets and a cash register bell ring. :-/ Jimmy C Braden Information Security Officer AgriLife Information Technology 979-862-7254 j-braden () tamu edu<mailto:j-braden () tamu edu> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Slocum, Stacy Sent: Wednesday, August 06, 2014 7:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Russian Hacker story in today's news Good morning, A news story caught my attention this morning regarding the 1+ billion user accounts being collected by "Russian Hackers" over the last 18 months. The story is based on Hold Security's news release dated yesterday (8/5/2014). As I read Hold Security's release this seems to be more of a marketing ploy to sell services combined with a credential collection scheme of their own. Additionally their Terms of Service must be agreed to before registering for their "trial" service of matching your credentials with those from contained in the breach database and they offer to let you know if your password was also in the breached data... after you provide it to them... Does this seem odd to anyone else? Thanks, Stacy Stacy Slocum Chief Information Officer St. John Fisher College 3690 East Avenue Rochester, NY 14618 (585) 385-8388
Current thread:
- Russian Hacker story in today's news Slocum, Stacy (Aug 06)
- Re: Russian Hacker story in today's news Slocum, Stacy (Aug 06)
- Re: Russian Hacker story in today's news Chuck Braden (Aug 06)
- Re: Russian Hacker story in today's news Keller, Alex (Aug 06)
- Re: Russian Hacker story in today's news Brad Judy (Aug 06)
- Re: Russian Hacker story in today's news Keller, Alex (Aug 06)
- Re: Russian Hacker story in today's news Ruth Ginzberg (Aug 06)
- Re: Russian Hacker story in today's news McCrary, Barbara (Aug 06)
- Re: Russian Hacker story in today's news Tim Doty (Aug 06)
- Re: Russian Hacker story in today's news Louis Aponte (Aug 06)
- Re: Russian Hacker story in today's news Jenny Blaine (Aug 06)
- Re: Russian Hacker story in today's news Chuck Braden (Aug 08)
- Re: Russian Hacker story in today's news Manjak, Martin (Aug 08)
- Re: Russian Hacker story in today's news Keller, Alex (Aug 06)