Comments on: UK Telegraph web site compromised

By: HackersBlog » Blog Archive » Telegraph.co.uk hacked - when will they learn?

Thu, 28 May 2009 15:43:52 +0000

[...] the one used to log in to telegraph.co.uk . We also recommend to follow the advices listed here: here. Please read this too if you want to make an article about [...]

By: +++ Telegraph Users Passwords and Emails Hacked +++ - Guy Fawkes' blog

+++ Telegraph Users Passwords and Emails Hacked +++ - Guy Fawkes' blog — Fri, 03 Apr 2009 14:43:44 +0000

[...] boasting here. Security warning here. The Telegraph, as far as Guido can tell, has not alerted users that their passwords have been [...]

By: Rik Ferguson

Rik Ferguson — Tue, 10 Mar 2009 08:44:01 +0000

Heh, nice observaration Boris as regards webmail accounts, my recommendation would certainly be to use a local client to store historical mails, especially those containing sensitive information., rather than leaving them in your online account.

I like the idea of encrypting your paswords locally, but I don’t completely understand how that would protect your credentials from being guessed, brute-forced, socially engineered or simply given away….

The other downside to using a locally encrypted password database is of course the fact that you are no longer as mobile (with logins) as you otherwise would be.

Having said that, the email account is always the holy grail of anyone trying to gain illicit access to any service online and should be protected with a very secure, difficult to guess password.

By: Boris Yeltsin

Boris Yeltsin — Tue, 10 Mar 2009 07:14:21 +0000

You write:
Use the first password as a general one for the majority of sites that require passwords to login. The second password, use for your email account and only your email account, that way, should your email be compromised, you do not have to worry about your other services.

DOH. If your email account is compromised, then why shouldn’t “they” go through your email, find your “sign up” emails and go back to all of those sites asking for passwords to be reset, or to be emailed the password or whatever?

No, get a simple encryption app to protect a database of different passwords. It should be secured using a master password that is not used anywhere else. Use a virus/trojan scanner if you’re using Windows so you don’t get keylogged. Use Steel for Mac, or KeyPass for Windows.

By: Telegraph site attacked, claim hackers

Telegraph site attacked, claim hackers — Tue, 10 Mar 2009 00:59:47 +0000

[...] email addresses and more worryingly, passwords in clear text,” according to Rik Ferguson on Trend Micro’s security blog. If that means you, you should change your password on that and perhaps other sites. His post adds: [...]

By: Telegraph site attacked, claim hackers | PTC07NEWS

Telegraph site attacked, claim hackers | PTC07NEWS — Mon, 09 Mar 2009 14:37:29 +0000

By: Rik Ferguson

Rik Ferguson — Mon, 09 Mar 2009 11:26:36 +0000

Thanks Kate, I have updated the original blog post to include the Telegraph’s response, Well done on reacting so rapidly to this!

By: Kate Day

Kate Day — Mon, 09 Mar 2009 10:46:58 +0000

This did not affect the main Telegraph.co.uk site or Telegraph blogs and My Telegraph. For the full story please see here . Thanks.

By: Hackersblog and Telegraph.co.uk | News in brief

Hackersblog and Telegraph.co.uk | News in brief — Mon, 09 Mar 2009 10:13:18 +0000

[...] you may have read elsewhere, Telegraph.co.uk was targeted by hackers at the end of last week. The main part of our website are not affected, nor are the accounts of My [...]

By: Telegraph.co.uk hacked | Developer Oracles

Telegraph.co.uk hacked | Developer Oracles — Mon, 09 Mar 2009 10:09:13 +0000

[...] after the hacker reported his success, TrendMicro re-confirmed the event and informed that they already reported the attack to the Telegraph. They [...]