"According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security."
But obfuscation and secrecy can bring much security! This VP should listen to that other VP, who obfuscated his house and kept his secrets in man-sized safes. He never had a security problem.
According to security research Bogdan Calin, it seems like the passwords were gathered using phising kit, targeting the Latino community
Only 64 out of the 9843 valid passwords leaked were "12345", which indicates that it wasnt a brute force attack on stupid people. Still, the majority of the passwords leaked were weak (lower case or numeral only).
People with "12345" or similar passwords should get their own internet, where they would be allowed to share lolcatz and powerpoint chains, play with their purple internet buddy, and zap those cute webmonkeys on banners without hurting themselves.
Alternatively, maybe the webmail providers should set more strict rules for the passwords.
Slashdot Mirror
Just curious here, i have no idea how the US legislation on mineral resources works.
Don't these companies pay royalties or some kind of compensation to the federal gov. to explore those resources?
"According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security."
But obfuscation and secrecy can bring much security! This VP should listen to that other VP, who obfuscated his house and kept his secrets in man-sized safes. He never had a security problem.
There was a guy arrested in Brazil a couple of years ago that scammed over 10 million dollars.
http://www.acunetix.com/blog/websecuritynews/statistics-from-10000-leaked-hotmail-passwords/
According to security research Bogdan Calin, it seems like the passwords were gathered using phising kit, targeting the Latino community
Only 64 out of the 9843 valid passwords leaked were "12345", which indicates that it wasnt a brute force attack on stupid people. Still, the majority of the passwords leaked were weak (lower case or numeral only).
People with "12345" or similar passwords should get their own internet, where they would be allowed to share lolcatz and powerpoint chains, play with their purple internet buddy, and zap those cute webmonkeys on banners without hurting themselves. Alternatively, maybe the webmail providers should set more strict rules for the passwords.