Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)DI
diffusive @ diffusive @lemmy.world
Posts
2
Comments
186
Joined
2 yr. ago

More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user

Jump

  • It's software, everything can be done. Even if username and passwords are not kept in plaintext as you suggest (and likely nobody would do)

    Problem is that the number of people that self host password repositories is so little that it makes no financial sense. And so for this reason your "massive scale" is an hyperbole because there isn't a massive scale of people that self host password repositories

    Botnets that stole from local password repositories makes more sense because there are more people that use password managers of sort.

    Humans looking are flexible enough to look at all possible long tail cases like this.. but not going to happen except for high profile targets.

    All in all what i am saying is that i don't see clear evidence that self hosting is more dangerous (in practice) than centralized hosting

    PS: pro tip If you link references, make sure to read the references you link... The second one has nothing to do with password stealing, it was about a password cracker that was a trojan horse for a botnet. Yes, it fits the search "botnet password" but it doesn't sustain your point

    • More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user

    Jump

  • You need to aumatize any operation... It's not conceivable that an human look at every device for stuff to steal. It would be even more expensive.

    Generally all these bit malware do is 1) using a vulnerability to replicate themselves 2) mine crypto or other kind of crap. Sometimes (1) involves also stealing ssh keys but it's not the goal, it the mean.

    Self hosting password/code/photos/whatever niches you are almost guaranteed that no human will look at hit because the amount of IoT/Routers/etc with nothing valuable beyond themselves generally composes the majority of these compromised bots

    This is just the economic incentive

    • More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user

    Jump

  • Self hosting is less appealing for criminals, though. Especially if the protocol is "vanilla" like ssh.

    When you hack LastPass you know what you'll find, millions of passwords. When you hack a dude ssh you have one chance over one million that there is one dude password wallet.

    It doesn't make financial sense to hack self hosting (unless it's specific server software)

    • This still baffles me, but I guess it's good for federation?

    Jump

    • Is it odd that I can't hold a grudge?

    Jump

  • The real question is... Are these people repeatidly hurting you or they were one offs?

    If it's repeated... Well that is an issue... You don't have a defense mechanism.

    If it's one off... Well you just are an optimist person 😃

    • Met with a psychiatrist for ADHD diagnosis

    Jump

  • I guess they may have thought you were there only for the "legal speed".

    I would just try another doctor... I would not take it personally... Albeit it sucks you had the experience 😕

    • My Lemmy experience so far

    Jump

  • You can change the settings of your account to not show NSFW and porn is filtered out 🙂

    • Taliban Endorses Twitter Over Threads

    Jump

  • From "free speech absolutist" to "free speech extremist" 😃