Forgot Password
Pentax Camera Forums Home
 

Reply
Show Printable Version Search this Thread
09-23-2016, 10:18 AM   #31
Loyal Site Supporter
Loyal Site Supporter
micromacro's Avatar

Join Date: Jan 2014
Location: Florida
Posts: 3,197
I also checked my information there, so far so good. I've been with Adobe only on their CC free trial recently.
Good news no pwnage found!

09-23-2016, 02:13 PM   #32
mee
Pentaxian




Join Date: May 2010
Posts: 6,240
QuoteOriginally posted by chuck_c Quote
Yahoo!!! Not on the list.
But now you're on that site's list.
09-23-2016, 11:43 PM   #33
Pentaxian
Jonathan Mac's Avatar

Join Date: Apr 2009
Location: Madrid, Spain
Posts: 4,940
QuoteOriginally posted by interested_observer Quote
This is somewhat of an interesting problem - that may be an indication of future activities. If you used XXYJJ as a username and it popped up as pawned in 5 different websites, 2 of which were yours, then you know that at least one other person (or up to 3 other folks) used that same username in 3 other websites. Is it dangerous? - not really, unless someone is after either you or one of them, and wants to spend the time and money to go after one of you.

The technique is called Data Mining.

Data Mining is simply getting the data you want from one or more databases and it's perfectly legitimate, not associated with hacks or illegal activity in any way. I do it every day at work.
09-24-2016, 04:21 AM   #34
Loyal Site Supporter
Loyal Site Supporter




Join Date: Jun 2009
Location: Tumbleweed, Arizona
Photos: Gallery | Albums
Posts: 5,222
Original Poster
QuoteOriginally posted by Jonathan Mac Quote
Data Mining is simply getting the data you want from one or more databases and it's perfectly legitimate, not associated with hacks or illegal activity in any way. I do it every day at work.
Morning Jonathan, You are correct that Data Mining is a generic reference to an analytical process that attempts to find correlations or patterns in large data sets for the purpose of data or knowledge discovery. This approach is perfectly legal and a normal every day activity. However, there is an area of System Engineering referred to as Information Assurance (IA) which is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.

Let's say that you are designing an entire system architecture for a bank. Consider a couple of scenarios.
  • Tellers are going to need to know if an account has sufficient funds so the customer standing in front of them can make a withdrawal. Should the system show the teller, that the little old lady as a customer has $7,381,936.12 in her checking account? Or should the teller just receive an indication that the account has sufficient funds to cover her withdrawal of $300.00?
  • Marketing may need a list of customers who have more than say $100K in their accounts to send information to about a new type of high interest savings account. Does marketing need to know the exact balance, the account numbers and if there are any restrictions on the account(s)? On the other hand, do you want the marketing guy rolling the information off on a thumb drive and walking out the door with it?
Both are examples of legitimate operations, with reasonable controls placed on the interactions with the database, to prevent possible abuse. Within IA, you want to create an overall system architecture and design that will facilitate legitimate normal operations, while enabling you to detect and potentially deter malicious operations. It is tied into a lot of other areas - like identity management and access control (letting legitimate users have access, but denying the rogue process initiated by an unknown user). Facilitating a legitimate SQL query, while denying a SQL injection attempt.

If you think about the Sony intrusion, it turns out every Sony employee had access to their film library - both released and to be released films. The location was just hidden (security thru obscurity). The intruders made off with all of their new to be released films. They were never detected until they took down the entire corporate system one morning. They also extracted and published everyone's salary, emails, etc. So, there are operations that need to take place, some you want to promote, while others you would rather not happen (detect and prevent).

Going back to the original example, I was just pointing out that even the most innocent public database interaction, you can legitimately extract or make inferences to additional information - intentionally or unintentionally. Sorry about the wall of text.....



09-24-2016, 10:55 AM   #35
Site Supporter
Site Supporter
RGlasel's Avatar

Join Date: Sep 2013
Location: Saskatoon
Photos: Gallery | Albums
Posts: 1,562
QuoteOriginally posted by interested_observer Quote
it turns out every Sony employee had access
Which is done to reduce expenses related to help desk support and system administration when Employee X is told to go to a shared file and discovers that s/he doesn't have access. It's cheaper to not do anything to limit access to resources that haven't been compromised yet than to set up controls that might never be needed. Ultimately it's a result of poorly defined work processes and a backwards approach to information control that makes employees responsible for decisions when they can't get the information they need in order to make better decisions. Decision making, at any level in the organization, becomes a game, where moves are based on an imperfect understanding of probabilities instead of attempting better strategies.
09-24-2016, 05:19 PM   #36
Loyal Site Supporter
Loyal Site Supporter




Join Date: Jun 2009
Location: Tumbleweed, Arizona
Photos: Gallery | Albums
Posts: 5,222
Original Poster
QuoteOriginally posted by RGlasel Quote
Which is done to reduce expenses related to help desk support and system administration when Employee X is told to go to a shared file and discovers that s/he doesn't have access. It's cheaper to not do anything to limit access to resources that haven't been compromised yet than to set up controls that might never be needed. Ultimately it's a result of poorly defined work processes and a backwards approach to information control that makes employees responsible for decisions when they can't get the information they need in order to make better decisions. Decision making, at any level in the organization, becomes a game, where moves are based on an imperfect understanding of probabilities instead of attempting better strategies.
You are right! Doing absolutely nothing is cheaper. It's even been documented...Your company and your home system. Just become part of a bot army and start participating in distributed denial of service attacks.... and have your disk encrypted followed by an extortion demand bill for some bitcoins... Pay now, or pay later, but one way or another you are going to pay... There is always the pay in Court plan...That's the business model of today.

09-25-2016, 10:59 PM   #37
Pentaxian
Class A's Avatar

Join Date: Aug 2008
Location: Wellington, New Zealand
Posts: 9,629
QuoteOriginally posted by victormeldrew Quote
The cynical half of my brain is saying "what a great way to gather a database of valid emails without needing to hack one of these other services!"
Yahoo says (-> "Was my account affected?")
"We are notifying potentially affected users by email and posting additional information to our website. Additionally, we are asking potentially affected users to promptly change their passwords and adopt alternate means of account verification."
Hence the safest approach appears to be to see whether one receives an email from Yahoo.
Reply

Bookmarks
  • Submit Thread to Facebook Facebook
  • Submit Thread to Twitter Twitter
  • Submit Thread to Digg Digg
Tags - Make this thread easier to find by adding keywords to it!
accounts, address, breach, data, email, million, photography, sources, user, yahoo
Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Yahoo (Flickr) exploring sale of core businesses monochrome General Photography 19 07-27-2016 10:52 PM
Is there a need to store data for 14 billion years? boriscleto General Talk 22 02-22-2016 05:09 PM
How Yahoo Killed Flickr and Lost the Internet interested_observer Photographic Industry and Professionals 7 05-20-2012 07:30 PM
Flickr, from Yahoo! jct us101 General Talk 50 09-25-2009 02:41 PM
Flickr and Yahoo Photo Merger fletcherkane Photographic Technique 3 09-04-2007 01:47 PM



All times are GMT -7. The time now is 02:38 AM. | See also: NikonForums.com, CanonForums.com part of our network of photo forums!
  • Red (Default)
  • Green
  • Gray
  • Dark
  • Dark Yellow
  • Dark Blue
  • Old Red
  • Old Green
  • Old Gray
  • Dial-Up Style
Hello! It's great to see you back on the forum! Have you considered joining the community?
register
Creating a FREE ACCOUNT takes under a minute, removes ads, and lets you post! [Dismiss]
Top