Password reuse is still a huge problem. Even my friends who are somewhat savvy (not professionally in tech) don't know what a password manager is or use one.
First, rinse with or drink clear water. Then chew some sugarless gum. Both of these practices will produce saliva, restore a healthy pH level in your mouth, and coat your teeth with nourishing minerals. Out of all the sugarless gums available, the best of the best are those that list xylitol as the first ingredient. Another option is to consume cheese, milk, or another non-acidic food or drink to conclude your meal.
After you have given your mouth time to return to a healthy pH, feel free to brush your teeth.
Well, when you're older, with iffy teeth, flossing removes trapped food that will cause inflammation and pain, the next day. That's personal experience.
Sadly I have to upvote this based on personal experience.
Was reading this thread right after the thread on John Goodenough. There are different things that happen as one gets older that one wishes didn't. Still, it beats the alternative.
He isn't giving me any hard data or proof that password managers are superior other than "they are because I say so." I'd like to see statistics. It seems intuitive but often things that seem intuitive are not so. I can see many ways a central repository of ALL my passwords could be more disastrous than someone hacking my login at one site.
After I searched for my credentials on haveibeenpwned I have started to use the suggested password feature for my important sites. I should really move all of them to this instead of my memorized password.
According to the article, Football95 is the top password.
Anyone happen to know why the reference to 95? I can't quite remember anything particularly special about that year to make it a common password for people.
The standard hacker stereotype is of kids in basements, which the author seems to propose here, but most hackers who commit crimes are in their 20s-30s. (I have no direct evidence of this except the majority of public arrest/sentencing of cyber criminals, and generally people in the blackhat and organized crime scenes are not teens) The bravado thing is less a factor of being young, and more that a ton of cyber criminals have comically inflated egos.
> (I have no direct evidence of this except the majority of public arrest/sentencing of cyber criminals, and generally people in the blackhat and organized crime scenes are not teens)
According to Wikipedia, the ages of the people arrested in connection with LulzSec were (sorted): 16 17 18 19 19 20 21 21 23 24 24 29. Plenty of teen representation there, and even low 20s is still pretty young. (Those ages are at the time of arrest, but most of the arrests were in 2011, the same year LulzSec was founded, so they would have been about the same age when they committed the crimes - albeit likely younger when they first got into the 'scene'.)
Similarly, Lizard Squad: 16 17 17 22. (Main activities were in 2014; ages adjusted based on the number of years between then and the news articles specifying the ages.)
Neither of those groups were terribly sophisticated (mainly performing DDoS attacks), but neither is the person(s) in the present case, who just culled passwords from old leaks and got the media to make a fuss.
Anyway, getting arrested ≠ committing crimes. To get arrested, you have to (a) go after a high-profile target and (b) successfully attack them (where DDoS counts as an attack). Lots of kids do things like DoSing personal rivals (and their Minecraft servers), which is definitely a crime but unlikely to result in an arrest. The younger, the more petty...
There's also an element here that should be studied in more detail: These are arrests, not participants. What if the older hackers are just better at not getting caught and it's the kids that make mistakes that get them busted?
Yes and no. LulzSec and Lizard Squad belong to a very specific subset of hackers: people who hack big targets simply because they enjoy it. People in this group tend to be relatively unskilled, and less emotionally mature, hence skew younger. And they also are a lot more likely to end up in the news, and in people's imaginations.
The majority of hackers in the modern day do what they do for financial gain. Among that group things are more even. But the skilled hackers, those that develop and use 0days, will skew older because it takes time and experience to reach that level.
Most hackers would also recognize that demanding ransom from Apple in exchange for not wiping accounts isn't likely to be very effective and may have some negative consequences (e.g. being caught and getting beaten half to death by their victims). I have no trouble believing that the culprits here are likely to be pretty young.
The threat of wiping accounts was silly in the first place. The hackers have user passwords, not access to Apple infrastructure. So they log in as the users, delete files from iCloud... and Apple restores files from yesterday's backup. They could cause a lot of hassle for the users and Apple customer support, but not wipe accounts.
Most hackers don't commit crimes, because most of them aren't stupid. But some are. (I have known those stupid people, and they were in their 30s, did really stupid shit, and are now doing time)
I would posit that most people engaged in cyber crime are not hackers, from the botnet owners who literally paid for and downloaded a tool with instructions, to the people who install skimmers, to carding merchants, people running protection rackets, email scammers, etc. A small number of people actually "hack" into a system using any form of advanced skill in order to do things like extract accounts like those in the article.
What definition of hacker are you using here? I know we're on Hacker News, but in the cybersecurity context hacker refers to someone who hacks into a system, which would mean hackers commit crimes by definition.
No, in a cybersecurity context a hacker is merely someone who knows about or is involved in security hacking. This includes, for example, researchers and government employees. It also means people who self identify as a hacker, and again, they usually don't commit crimes. The vast majority of DefCon attendees, for example, don't commit crimes, and then there's all the corporate shills at BlackHat.
