The perils of password re-use have been laid bare with the discovery of a botnet dedicated to finding account credentials on websites and testing the logins it finds on banks. The work is clever since it avoids tripping botnet detection and brute force rate limiters in place at most security-savvy banks, but absent across the wider web. It is likely to work too: wholly unscientific statistics indicate password reuse is a lazy habit of anywhere from 15 percent to 60 percent of users, possibly more. News of the password-purloining practice appeared in security firm ThreatMetrix’s new cybercrime report (PDF).
View full story
ORIGINAL SOURCE: The Register