Home |
Search |
Today's Posts |
|
UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions. |
Reply |
|
LinkBack | Thread Tools | Display Modes |
#1
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security.
Two days ago I got an email from Spotify, reporting a login from Germany. I set up my Spotify account in 2012 and haven't used it since then, so I was curious. On checking, the login email address and password is the same old combo as for the vitamin co. Yesterday I got an email from Amazon, warning of a new, suspicious login. Sure enough, my Amazon account uses the old email address and password (all registered credit cards recently expired, so no possibility of rogue purchases). In the small hours of this morning, I got an email from Netflix, warning of a login in the USA. Same deal with email address and password. Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7. Thanks. Ant. |
#2
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
|
#4
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
They are always telling us that we should use a password manager of cours.
However there is no 100 percent secure system if as has been mentioned servers with customer data can be just sold to any tom dick or Serge. I mean, another thing to look at is wifi password. Now if its too hard, nobody can remember it, if its too simply people can guess it, and of courrse many devices that use a cloud storage system actually store it, supposedly encrypted. The hackers know about exploiting apis these days as people use these off the shelf like a way to stop having to write new ones, but if they don't use them properly often a breach is created bigger than the brain of Marvin. Brian -- ----- -- This newsgroup posting comes to you directly from... The Sofa of Brian Gaff... Blind user, so no pictures please Note this Signature is meaningless.! "Paul" wrote in message ... wrote: Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security. Two days ago I got an email from Spotify, reporting a login from Germany. I set up my Spotify account in 2012 and haven't used it since then, so I was curious. On checking, the login email address and password is the same old combo as for the vitamin co. Yesterday I got an email from Amazon, warning of a new, suspicious login. Sure enough, my Amazon account uses the old email address and password (all registered credit cards recently expired, so no possibility of rogue purchases). In the small hours of this morning, I got an email from Netflix, warning of a login in the USA. Same deal with email address and password. Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7. Thanks. Ant. I think it's pretty safe to assume some aspect of this "small company" website is compromised. Small companies rent everything. They can't even rent a clue. I generate long, random, password sequences for each Internet account created. They're a pain to type in, but I keep a stack of pieces of paper with the new ones printed on it. Only one site had a security issue - the company went bankrupt, and we heard later the servers they had were sold without being sanitized. (All the account info left the building intact, destination unknown.) If you're using the same password for all of them, well, stop doing that :-) Or, uh... Oh. It already happened. Paul |
#5
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
Stick the email address in he
https://haveibeenpwned.com Ah, that shows LinkedIn as an affected site for a data breach associated with the email address in question. I just realised that my LinkedIn account also used the old favourite email/password combo, so the recent activity could all be down to the LinkedIn breach. https://haveibeenpwned.com says that while the LinkedIn breach was in 2016, it was 4 years later that the data began appearing on the dark web market. Maybe the vitamin supplier transaction was not at fault (still could be, though). Cheers. Ant. |
#6
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 00:59:43 -0400, Paul
wrote: wrote: Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security. Two days ago I got an email from Spotify, reporting a login from Germany. I set up my Spotify account in 2012 and haven't used it since then, so I was curious. On checking, the login email address and password is the same old combo as for the vitamin co. Yesterday I got an email from Amazon, warning of a new, suspicious login. Sure enough, my Amazon account uses the old email address and password (all registered credit cards recently expired, so no possibility of rogue purchases). In the small hours of this morning, I got an email from Netflix, warning of a login in the USA. Same deal with email address and password. Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7. Thanks. Ant. I think it's pretty safe to assume some aspect of this "small company" website is compromised. Small companies rent everything. They can't even rent a clue. I generate long, random, password sequences for each Internet account created. They're a pain to type in, but I keep a stack of pieces of paper with the new ones printed on it. Why would you need pieces of paper? Can you not use a program that saves passwords in an encrypted form. What happens if someone breaks into your house and steals the pieces of paper? Mine uses military security and allows you to view, cut and paste the passwords as required. |
#7
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 08:17:42 +0100, Richard
wrote: On 20/07/2020 05:24, wrote: Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security. Two days ago I got an email from Spotify, reporting a login from Germany. I set up my Spotify account in 2012 and haven't used it since then, so I was curious. On checking, the login email address and password is the same old combo as for the vitamin co. Yesterday I got an email from Amazon, warning of a new, suspicious login. Sure enough, my Amazon account uses the old email address and password (all registered credit cards recently expired, so no possibility of rogue purchases). In the small hours of this morning, I got an email from Netflix, warning of a login in the USA. Same deal with email address and password. Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7. Thanks. Ant. Stick the email address in he https://haveibeenpwned.com Four breaches, only one makes any sense and you have to subscribe to find out more details. Looks like a con to me. In any case, if the breach only amounts to my email address (which is pretty widely circulated anyway) and the specific password for the compromised site (which has presumably reset the passwords anyway), I don't see a problem. |
#8
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20/07/2020 08:17, Richard wrote:
Stick the email address in he https://haveibeenpwned.com While that may help to see if your data is already compromised why would anyone set up an account with them to generate passwords? It seems against any sensible security to give personal details and then let a third party generate a password on their web site. -- mailto : news {at} admac {dot} myzen {dot} co {dot} uk |
#9
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20/07/2020 09:42, wrote:
Stick the email address in he https://haveibeenpwned.com Ah, that shows LinkedIn as an affected site for a data breach associated with the email address in question. I just realised that my LinkedIn account also used the old favourite email/password combo, so the recent activity could all be down to the LinkedIn breach. https://haveibeenpwned.com says that while the LinkedIn breach was in 2016, it was 4 years later that the data began appearing on the dark web market. Maybe the vitamin supplier transaction was not at fault (still could be, though). Cheers. Ant. Also check that after you get these warning emails that you don't use the link in the same email to go to the site to change your password. -- mailto : news {at} admac {dot} myzen {dot} co {dot} uk |
#10
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20/07/2020 09:58, Scott wrote:
On Mon, 20 Jul 2020 08:17:42 +0100, Richard wrote: On 20/07/2020 05:24, wrote: Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security. Two days ago I got an email from Spotify, reporting a login from Germany. I set up my Spotify account in 2012 and haven't used it since then, so I was curious. On checking, the login email address and password is the same old combo as for the vitamin co. Yesterday I got an email from Amazon, warning of a new, suspicious login. Sure enough, my Amazon account uses the old email address and password (all registered credit cards recently expired, so no possibility of rogue purchases). In the small hours of this morning, I got an email from Netflix, warning of a login in the USA. Same deal with email address and password. Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7. Thanks. Ant. Stick the email address in he https://haveibeenpwned.com Four breaches, only one makes any sense and you have to subscribe to find out more details. Looks like a con to me. It is not a con. It is not a "subscription". In any case, if the breach only amounts to my email address (which is pretty widely circulated anyway) and the specific password for the compromised site (which has presumably reset the passwords anyway), I don't see a problem. Good for you. |
#11
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20/07/2020 09:58, alan_m wrote:
On 20/07/2020 08:17, Richard wrote: Stick the email address in he https://haveibeenpwned.com While that may help to see if your data is already compromised why would anyone set up an account with them to generate passwords?Â* It seems against any sensible security to give personal details and then let a third party generate a password on their web site. You do not have to set up an account to generate passwords. The OP asked a question which *could* be answered by using the site. This is the report for one of my email addresses: Adobe logo Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced. Compromised data: Email addresses, Password hints, Passwords, Usernames Onliner Spambot logo Onliner Spambot (spam list): In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moÊžuÆŽq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump. Compromised data: Email addresses, Passwords River City Media Spam List logo River City Media Spam List (spam list): In January 2017, a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation. Once de-duplicated, there were 393 million unique email addresses within the exposed data. |
#12
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20 Jul 2020 09:04:01 GMT, Tim Streater
wrote: On 20 Jul 2020 at 09:51:07 BST, Scott wrote: On Mon, 20 Jul 2020 00:59:43 -0400, Paul wrote: wrote: Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security. Two days ago I got an email from Spotify, reporting a login from Germany. I set up my Spotify account in 2012 and haven't used it since then, so I was curious. On checking, the login email address and password is the same old combo as for the vitamin co. Yesterday I got an email from Amazon, warning of a new, suspicious login. Sure enough, my Amazon account uses the old email address and password (all registered credit cards recently expired, so no possibility of rogue purchases). In the small hours of this morning, I got an email from Netflix, warning of a login in the USA. Same deal with email address and password. Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7. Thanks. Ant. I think it's pretty safe to assume some aspect of this "small company" website is compromised. Small companies rent everything. They can't even rent a clue. I generate long, random, password sequences for each Internet account created. They're a pain to type in, but I keep a stack of pieces of paper with the new ones printed on it. Why would you need pieces of paper? Can you not use a program that saves passwords in an encrypted form. What happens if someone breaks into your house and steals the pieces of paper? Drat yes, I hope the scrote doesn't notice the book on the bookshelf with the word "Passwords" embossed on the spine in gold. I expect such a scrote would have a little "Lone Ranger" mask, wear a black-and white striped jersey, and carry a bag marked "Swag" over his shoulder. Thanks for our insightful advice. I'll stop locking my front door - obviously unnecessary as crime is fake news. |
#13
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 10:12:31 +0100, Richard
wrote: On 20/07/2020 09:58, Scott wrote: On Mon, 20 Jul 2020 08:17:42 +0100, Richard wrote: On 20/07/2020 05:24, wrote: Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security. Two days ago I got an email from Spotify, reporting a login from Germany. I set up my Spotify account in 2012 and haven't used it since then, so I was curious. On checking, the login email address and password is the same old combo as for the vitamin co. Yesterday I got an email from Amazon, warning of a new, suspicious login. Sure enough, my Amazon account uses the old email address and password (all registered credit cards recently expired, so no possibility of rogue purchases). In the small hours of this morning, I got an email from Netflix, warning of a login in the USA. Same deal with email address and password. Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7. Thanks. Ant. Stick the email address in he https://haveibeenpwned.com Four breaches, only one makes any sense and you have to subscribe to find out more details. Looks like a con to me. It is not a con. It is not a "subscription". Sorry, I read Step 3 ouot of context when it said 'Subscribe to notifications for any other breaches. Then just change that unique password'. It's a 30 day free trial then a subscription. In any case, if the breach only amounts to my email address (which is pretty widely circulated anyway) and the specific password for the compromised site (which has presumably reset the passwords anyway), I don't see a problem. Good for you. Good for you if you hand out money every time you see the word 'security'. |
#14
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
In message ,
writes Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7. I've have my own domain, so (like many others), almost every company I deal with gets its own email address (generally company@mydomain). From that I can track where spam(*) comes from. In many cases it is sent to the address that I've given to various small businesses, rarely the large ones, leading me to the conclusion (possibly wrongly) that some small businesses (or more likely their outsourced systems) have had some poor IT security. In only one case has a business been in touch to admit that they've been compromised, and that was by an activist group whose name I forget. (*) spam also cover phishing attempts, and those odd emails from the person telling me that they've hacked my (non-existent) webcam. Adrian -- To Reply : replace "diy" with "news" and reverse the domain If you are reading this from a web interface eg DIY Banter, DIY Forum or Google Groups, please be aware this is NOT a forum, and you are merely using a web portal to a USENET group. Many people block posters coming from web portals due to perceieved SPAM or inaneness. For a better method of access, please see: http://wiki.diyfaq.org.uk/index.php?title=Usenet |
#15
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 11:04:58 +0100, Pamela wrote:
On 08:21 20 Jul 2020, Brian Gaff (Sofa) said: They are always telling us that we should use a password manager of cours. However there is no 100 percent secure system if as has been mentioned servers with customer data can be just sold to any tom dick or Serge. Judging by the OP's habit of reusing the same password, I wonder if he also used it for his password manager allowing hackers to scoop up any passwords which are different. It's crazy to re-use a password for a site like Amazon where the financial loss could become substantial. Amazon uses my mac address as verification, when I use another computer I have to return a phone code. |
#16
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 12:00 20 Jul 2020, Smolley said:
On Mon, 20 Jul 2020 11:04:58 +0100, Pamela wrote: On 08:21 20 Jul 2020, Brian Gaff (Sofa) said: They are always telling us that we should use a password manager of cours. However there is no 100 percent secure system if as has been mentioned servers with customer data can be just sold to any tom dick or Serge. Judging by the OP's habit of reusing the same password, I wonder if he also used it for his password manager allowing hackers to scoop up any passwords which are different. It's crazy to re-use a password for a site like Amazon where the financial loss could become substantial. Amazon uses my mac address as verification, when I use another computer I have to return a phone code. MAC address or cookie? I use two factor authentication (using the Authy app) for Amazon, who provides an option for a particular computer to be remembered as safe and not require signing in subsequently. However after I run a file cleaner which removes stuff like cookies and site storage, I have to go through the whole Amazon login. I have found only Google might get sniffy about users logging in from different devices --- even ones attached to the same wifi. |
#17
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 12:16:43 +0100, Pamela
wrote: On 12:00 20 Jul 2020, Smolley said: On Mon, 20 Jul 2020 11:04:58 +0100, Pamela wrote: On 08:21 20 Jul 2020, Brian Gaff (Sofa) said: They are always telling us that we should use a password manager of cours. However there is no 100 percent secure system if as has been mentioned servers with customer data can be just sold to any tom dick or Serge. Judging by the OP's habit of reusing the same password, I wonder if he also used it for his password manager allowing hackers to scoop up any passwords which are different. It's crazy to re-use a password for a site like Amazon where the financial loss could become substantial. Amazon uses my mac address as verification, when I use another computer I have to return a phone code. MAC address or cookie? I use two factor authentication (using the Authy app) for Amazon, who provides an option for a particular computer to be remembered as safe and not require signing in subsequently. However after I run a file cleaner which removes stuff like cookies and site storage, I have to go through the whole Amazon login. CCleaner gives you the option of selecting the cookies you want to keep. |
#18
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
Pamela wrote:
On 08:21 20 Jul 2020, Brian Gaff (Sofa) said: They are always telling us that we should use a password manager of cours. However there is no 100 percent secure system if as has been mentioned servers with customer data can be just sold to any tom dick or Serge. Judging by the OP's habit of reusing the same password, I wonder if he also used it for his password manager allowing hackers to scoop up any passwords which are different. It's crazy to re-use a password for a site like Amazon where the financial loss could become substantial. Yes, I use a simple 'algorithm' to generate passwords for "don't care" web sites that require a password. This is mostly for places that I buy on-line but *don't* save any credit card details or club and forum sites. I really don't care that much if someone breaks into my account, all they could do is impersonate me on the forum (so what?) and see what I have bought from some supplier or other. Where I have credit card details or other similarly sensitive information I use much stronger passwords, though as far as possible I don't allow sites to save credit card details. -- Chris Green · |
#19
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
Pamela wrote:
On 12:00 20 Jul 2020, Smolley said: On Mon, 20 Jul 2020 11:04:58 +0100, Pamela wrote: On 08:21 20 Jul 2020, Brian Gaff (Sofa) said: They are always telling us that we should use a password manager of cours. However there is no 100 percent secure system if as has been mentioned servers with customer data can be just sold to any tom dick or Serge. Judging by the OP's habit of reusing the same password, I wonder if he also used it for his password manager allowing hackers to scoop up any passwords which are different. It's crazy to re-use a password for a site like Amazon where the financial loss could become substantial. Amazon uses my mac address as verification, when I use another computer I have to return a phone code. MAC address or cookie? I use two factor authentication (using the Authy app) for Amazon, who provides an option for a particular computer to be remembered as safe and not require signing in subsequently. So if someone nicks your computer they get access?! -- Chris Green · |
#20
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
Scott wrote:
It is not a con. It is not a "subscription". Sorry, I read Step 3 ouot of context when it said 'Subscribe to notifications for any other breaches. Then just change that unique password'. It's a 30 day free trial then a subscription. That's an ad for 1Password, which is a password manager. Have I Been Pwned is a separate thing and has a 'notify me' function which will mail you if your email or domain shows up in other breaches. It's free, and the link is at the top of the screen. Theo |
#21
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 09:51:07 +0100, Scott wrote:
I generate long, random, password sequences for each Internet account created. They're a pain to type in, ... Or use a "formula" to generate passwords unique to each site. Based say on part of the company name. Load of things you can do to make the password pretty secure, Upper/lowercase given character position(s), letter/number substitute, both either as an inposition substitution or an insert before or after the position. Pre/app-pend and short string (containing symbols, numbers, upper/lowercase). Even if you forget what a password is for a site you can work it out by applying your formula. The only slight gotcha is those sites that object to symbols in a passord. but I keep a stack of pieces of paper with the new ones printed on it. Why would you need pieces of paper? Can you not use a program that saves passwords in an encrypted form. Bits of paper work... One would also assume that the information is also obscurated and not a simple plain text "site password" list and also contains old, invalid, information or even completely bogus information. What happens if someone breaks into your house and steals the pieces of paper? Mine uses military security and allows you to view, cut and paste the passwords as required. Assuming the device with your passwords on hasn't also been nicked or even simply died. Lightning strike, power surge? Just as likely as a tea leaf taking the bit's of paper. You can't even have a go at trying to workout what any passwords are. -- Cheers Dave. |
#22
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 12:43:02 +0100 (BST), "Dave Liquorice"
wrote: On Mon, 20 Jul 2020 09:51:07 +0100, Scott wrote: I generate long, random, password sequences for each Internet account created. They're a pain to type in, ... Or use a "formula" to generate passwords unique to each site. Based say on part of the company name. Load of things you can do to make the password pretty secure, Upper/lowercase given character position(s), letter/number substitute, both either as an inposition substitution or an insert before or after the position. Pre/app-pend and short string (containing symbols, numbers, upper/lowercase). Even if you forget what a password is for a site you can work it out by applying your formula. The only slight gotcha is those sites that object to symbols in a passord. but I keep a stack of pieces of paper with the new ones printed on it. Why would you need pieces of paper? Can you not use a program that saves passwords in an encrypted form. Bits of paper work... One would also assume that the information is also obscurated and not a simple plain text "site password" list and also contains old, invalid, information or even completely bogus information. What happens if someone breaks into your house and steals the pieces of paper? Mine uses military security and allows you to view, cut and paste the passwords as required. Assuming the device with your passwords on hasn't also been nicked or even simply died. Lightning strike, power surge? Just as likely as a tea leaf taking the bit's of paper. You can't even have a go at trying to workout what any passwords are. Ever heard of backups? |
#23
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20 Jul 2020 12:35:40 +0100 (BST), Theo
wrote: Scott wrote: It is not a con. It is not a "subscription". Sorry, I read Step 3 ouot of context when it said 'Subscribe to notifications for any other breaches. Then just change that unique password'. It's a 30 day free trial then a subscription. out of context That's an ad for 1Password, which is a password manager. Have I Been Pwned is a separate thing and has a 'notify me' function which will mail you if your email or domain shows up in other breaches. It's free, and the link is at the top of the screen. Okay, it's an attempt to con then, not a con. It is quite clear they are trying to induce you into clicking 'Start using 1Password.com'. |
#24
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20/07/2020 05:59, Paul wrote:
wrote: Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security. Two days ago I got an email from Spotify, reporting a login from Germany. I set up my Spotify account in 2012 and haven't used it since then, so I was curious. On checking, the login email address and password is the same old combo as for the vitamin co. Yesterday I got an email from Amazon, warning of a new, suspicious login. Sure enough, my Amazon account uses the old email address and password (all registered credit cards recently expired, so no possibility of rogue purchases). In the small hours of this morning, I got an email from Netflix, warning of a login in the USA. Same deal with email address and password. Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7. Thanks. Ant. Personally I don't trust McCaffee as far as I can throw it but YMMV. Their main claim to fame seems to be large corporate discounts. I think it's pretty safe to assume some aspect of this "small company" website is compromised. Although a keylogger on your home PC cannot be ruled out. Malwarebytes is a pretty reliable zapper for such things. We also don't know the integrity of the password used. If it was Pa55w0rd or qwerty or in any dictionary then all bets are off. Small companies rent everything. They can't even rent a clue. I generate long, random, password sequences for each Internet account created. They're a pain to type in, but I keep a stack of pieces of paper with the new ones printed on it. Only one site had a security issue - the company went bankrupt, and we heard later the servers they had were sold without being sanitized. (All the account info left the building intact, destination unknown.) If you're using the same password for all of them, well, stop doing that :-) Or, uh... Oh. It already happened. It is never a good idea to use the same password login on multiple sites. Sites vary massively in their ability to keep things securely. At a minimum even on toy sites that insist you have a password include two random words and the year you first opened it in between. A random capitalisation (not the first letters) makes it a bit more secure and an unusual character also helps. Beware when they "upgrade" software I have had my choice of unusual password character declared illegal once. Noddy sites get fairly weak passwords. Banks get high entropy rule based passwords that even someone who has seen it written down will not be able to remember unless they know the generating rule. -- Regards, Martin Brown |
#25
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20/07/2020 10:35, Scott wrote:
On Mon, 20 Jul 2020 10:12:31 +0100, Richard wrote: On 20/07/2020 09:58, Scott wrote: On Mon, 20 Jul 2020 08:17:42 +0100, Richard wrote: On 20/07/2020 05:24, wrote: Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security. Two days ago I got an email from Spotify, reporting a login from Germany. I set up my Spotify account in 2012 and haven't used it since then, so I was curious. On checking, the login email address and password is the same old combo as for the vitamin co. Yesterday I got an email from Amazon, warning of a new, suspicious login. Sure enough, my Amazon account uses the old email address and password (all registered credit cards recently expired, so no possibility of rogue purchases). In the small hours of this morning, I got an email from Netflix, warning of a login in the USA. Same deal with email address and password. Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7. Thanks. Ant. Stick the email address in he https://haveibeenpwned.com Four breaches, only one makes any sense and you have to subscribe to find out more details. Looks like a con to me. It is not a con. It is not a "subscription". Sorry, I read Step 3 ouot of context when it said 'Subscribe to notifications for any other breaches. Then just change that unique password'. It's a 30 day free trial then a subscription. In any case, if the breach only amounts to my email address (which is pretty widely circulated anyway) and the specific password for the compromised site (which has presumably reset the passwords anyway), I don't see a problem. Good for you. Good for you if you hand out money every time you see the word 'security'. I don't, and I'm not paranoid. |
#26
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 12:55:24 +0100, Scott wrote:
Ever heard of backups? No much use without a working device to transfer the backup to for use. -- Cheers Dave. |
#27
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 14:07:09 +0100 (BST), "Dave Liquorice"
wrote: On Mon, 20 Jul 2020 12:55:24 +0100, Scott wrote: Assuming the device with your passwords on hasn't also been nicked or even simply died. Lightning strike, power surge? Just as likely as a tea leaf taking the bit's of paper. You can't even have a go at trying to workout what any passwords are. Ever heard of backups? No much use without a working device to transfer the backup to for use. Very true, whereas bits of paper with passwords would be enormously useful to anyone without a working computer. |
#28
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
In article ,
Scott wrote: On Mon, 20 Jul 2020 14:07:09 +0100 (BST), "Dave Liquorice" wrote: On Mon, 20 Jul 2020 12:55:24 +0100, Scott wrote: Assuming the device with your passwords on hasn't also been nicked or even simply died. Lightning strike, power surge? Just as likely as a tea leaf taking the bit's of paper. You can't even have a go at trying to workout what any passwords are. Ever heard of backups? No much use without a working device to transfer the backup to for use. Very true, whereas bits of paper with passwords would be enormously useful to anyone without a working computer. and, you can write down the time on a piece of paper. -- from KT24 in Surrey, England "I'd rather die of exhaustion than die of boredom" Thomas Carlyle |
#29
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20/07/2020 12:00, Smolley wrote:
On Mon, 20 Jul 2020 11:04:58 +0100, Pamela wrote: On 08:21 20 Jul 2020, Brian Gaff (Sofa) said: They are always telling us that we should use a password manager of cours. However there is no 100 percent secure system if as has been mentioned servers with customer data can be just sold to any tom dick or Serge. Judging by the OP's habit of reusing the same password, I wonder if he also used it for his password manager allowing hackers to scoop up any passwords which are different. It's crazy to re-use a password for a site like Amazon where the financial loss could become substantial. Amazon uses my mac address as verification, when I use another computer I have to return a phone code. Interesting, since Mac addresses are not promulgated beyond the local Network, and are easily spoofed. And cannot be obtained without the user downloading and installing some obvious software https://stackoverflow.com/questions/...with-a-browser -- "A point of view can be a dangerous luxury when substituted for insight and understanding". Marshall McLuhan |
#30
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 13:44:59 +0100, Richard
wrote: On 20/07/2020 10:35, Scott wrote: On Mon, 20 Jul 2020 10:12:31 +0100, Richard wrote: On 20/07/2020 09:58, Scott wrote: On Mon, 20 Jul 2020 08:17:42 +0100, Richard wrote: On 20/07/2020 05:24, wrote: Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security. Two days ago I got an email from Spotify, reporting a login from Germany. I set up my Spotify account in 2012 and haven't used it since then, so I was curious. On checking, the login email address and password is the same old combo as for the vitamin co. Yesterday I got an email from Amazon, warning of a new, suspicious login. Sure enough, my Amazon account uses the old email address and password (all registered credit cards recently expired, so no possibility of rogue purchases). In the small hours of this morning, I got an email from Netflix, warning of a login in the USA. Same deal with email address and password. Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7. Thanks. Ant. Stick the email address in he https://haveibeenpwned.com Four breaches, only one makes any sense and you have to subscribe to find out more details. Looks like a con to me. It is not a con. It is not a "subscription". Sorry, I read Step 3 ouot of context when it said 'Subscribe to notifications for any other breaches. Then just change that unique password'. It's a 30 day free trial then a subscription. In any case, if the breach only amounts to my email address (which is pretty widely circulated anyway) and the specific password for the compromised site (which has presumably reset the passwords anyway), I don't see a problem. Good for you. Good for you if you hand out money every time you see the word 'security'. I don't, and I'm not paranoid. Good for you. |
#31
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20/07/2020 05:24, wrote:
Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security. So as a matter of urgency you need to go and update passwords on *all* of the sites you are registered with, and make sure than the same credentials are never re-used. Since when one a site is compromised, automated testing tools will enable the crooks to check those credentials against 100s of thousands of other web sites. So its a safe bet that all or most of your accounts associated with those credentials are now compromised. [snip] Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? Lots of possibilities. If you go enter the relevant email address he https://haveibeenpwned.com/ it will tell you which public database of hacked credentials it came from and may give some indication of the source. You can also test individual passwords he https://haveibeenpwned.com/Passwords I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, Could be - it might be the site itself, or often its a weakness in a third party service that the company (and many others) use. The Ticketmaster hack being a good example: https://www.wired.co.uk/article/tick...-monzo-inbenta dishonesty of an employee at the company, Also possible - or a sub contracting company, data processor, or even individual. or is it more likely to be something at my end (e.g. keystroke logging malware)? Also possible but probably less likely - if that were the case you would expect any interaction with a site that uses those credentials to have triggered the unexpected logins. However, I would suggest a sweep with the malwarebytes.org scanner. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#32
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20/07/2020 08:21, Brian Gaff (Sofa) wrote:
They are always telling us that we should use a password manager of cours. However there is no 100 percent secure system if as has been mentioned servers with customer data can be just sold to any tom dick or Serge. Nothing is 100% secure, but there is plenty you can do to limit the damage when something goes wrong. I mean, another thing to look at is wifi password. Now if its too hard, nobody can remember it, if its too simply people can guess it, and of courrse many devices that use a cloud storage system actually store it, supposedly encrypted. A decent password ought not be "memorable". If you need it, go look at the written record of it (the plate on the back of the router if you like), or use the WPS button for creating new connections. The hackers know about exploiting apis these days as people use these off the shelf like a way to stop having to write new ones, but if they don't use them properly often a breach is created bigger than the brain of Marvin. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#33
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20/07/2020 12:00, Smolley wrote:
On Mon, 20 Jul 2020 11:04:58 +0100, Pamela wrote: On 08:21 20 Jul 2020, Brian Gaff (Sofa) said: They are always telling us that we should use a password manager of cours. However there is no 100 percent secure system if as has been mentioned servers with customer data can be just sold to any tom dick or Serge. Judging by the OP's habit of reusing the same password, I wonder if he also used it for his password manager allowing hackers to scoop up any passwords which are different. It's crazy to re-use a password for a site like Amazon where the financial loss could become substantial. Amazon uses my mac address as verification, when I use another computer I have to return a phone code. You IP address, various cookies and other "fingerprinting" they can do on your browsers... unlikely to be a mac address directly unless you have your PC plugged directly into their LAN! -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#34
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20/07/2020 10:04, Tim Streater wrote:
Drat yes, I hope the scrote doesn't notice the book on the bookshelf with the word "Passwords" embossed on the spine in gold. I expect such a scrote would have a little "Lone Ranger" mask, wear a black-and white striped jersey, and carry a bag marked "Swag" over his shoulder. He probably won't be able to get a stock of new masks now :-) -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#35
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 20/07/2020 10:28, Scott wrote:
On 20 Jul 2020 09:04:01 GMT, Tim Streater wrote: On 20 Jul 2020 at 09:51:07 BST, Scott wrote: On Mon, 20 Jul 2020 00:59:43 -0400, Paul wrote: I generate long, random, password sequences for each Internet account created. They're a pain to type in, but I keep a stack of pieces of paper with the new ones printed on it. Why would you need pieces of paper? Can you not use a program that saves passwords in an encrypted form. What happens if someone breaks into your house and steals the pieces of paper? Drat yes, I hope the scrote doesn't notice the book on the bookshelf with the word "Passwords" embossed on the spine in gold. I expect such a scrote would have a little "Lone Ranger" mask, wear a black-and white striped jersey, and carry a bag marked "Swag" over his shoulder. Thanks for our insightful advice. I'll stop locking my front door - obviously unnecessary as crime is fake news. I think you may have missed the point Tim was making. i.e. Just because you have a file of passwords recorded, it does not have to be obvious or even intelligible to to someone else if the details are obfuscated, or simply hidden in lots of other data. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#36
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 18:44:13 +0100, John Rumm
wrote: On 20/07/2020 12:00, Smolley wrote: On Mon, 20 Jul 2020 11:04:58 +0100, Pamela wrote: On 08:21 20 Jul 2020, Brian Gaff (Sofa) said: They are always telling us that we should use a password manager of cours. However there is no 100 percent secure system if as has been mentioned servers with customer data can be just sold to any tom dick or Serge. Judging by the OP's habit of reusing the same password, I wonder if he also used it for his password manager allowing hackers to scoop up any passwords which are different. It's crazy to re-use a password for a site like Amazon where the financial loss could become substantial. Amazon uses my mac address as verification, when I use another computer I have to return a phone code. You IP address, various cookies and other "fingerprinting" they can do on your browsers... unlikely to be a mac address directly unless you have your PC plugged directly into their LAN! Maybe Smolley has an Apple Mac and is referring to its address. |
#37
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 18:48:49 +0100, John Rumm
wrote: On 20/07/2020 10:28, Scott wrote: On 20 Jul 2020 09:04:01 GMT, Tim Streater wrote: On 20 Jul 2020 at 09:51:07 BST, Scott wrote: On Mon, 20 Jul 2020 00:59:43 -0400, Paul wrote: I generate long, random, password sequences for each Internet account created. They're a pain to type in, but I keep a stack of pieces of paper with the new ones printed on it. Why would you need pieces of paper? Can you not use a program that saves passwords in an encrypted form. What happens if someone breaks into your house and steals the pieces of paper? Drat yes, I hope the scrote doesn't notice the book on the bookshelf with the word "Passwords" embossed on the spine in gold. I expect such a scrote would have a little "Lone Ranger" mask, wear a black-and white striped jersey, and carry a bag marked "Swag" over his shoulder. Thanks for our insightful advice. I'll stop locking my front door - obviously unnecessary as crime is fake news. I think you may have missed the point Tim was making. i.e. Just because you have a file of passwords recorded, it does not have to be obvious or even intelligible to to someone else if the details are obfuscated, or simply hidden in lots of other data. Sorry, I must have been distracted by all the verbiage about scrotes, lone rangers and swag. I prefer to hold the passwords in an encrypted form that can be cut and pasted when needed than in a disguised form on bits of paper that needs to be painstakingly typed in each time. Everyone makes their own choices of course. |
#38
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On Sun, 19 Jul 2020 21:24:35 -0700, anonymousrapscallion wrote:
Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security. Those general details could span a number of health companies. The one I use seems to retain expired credit card details, and I have several times requested that they be removed. No luck so far, but they have a new website so they wikll probably just hide them. -- My posts are my copyright and if @diy_forums or Home Owners' Hub wish to copy them they can pay me £1 a message. Use the BIG mirror service in the UK: http://www.mirrorservice.org *lightning surge protection* - a w_tom conductor |
#39
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
On 12:25 20 Jul 2020, Chris Green said:
Pamela wrote: On 12:00 20 Jul 2020, Smolley said: On Mon, 20 Jul 2020 11:04:58 +0100, Pamela wrote: On 08:21 20 Jul 2020, Brian Gaff (Sofa) said: They are always telling us that we should use a password manager of cours. However there is no 100 percent secure system if as has been mentioned servers with customer data can be just sold to any tom dick or Serge. Judging by the OP's habit of reusing the same password, I wonder if he also used it for his password manager allowing hackers to scoop up any passwords which are different. It's crazy to re-use a password for a site like Amazon where the financial loss could become substantial. Amazon uses my mac address as verification, when I use another computer I have to return a phone code. MAC address or cookie? I use two factor authentication (using the Authy app) for Amazon, who provides an option for a particular computer to be remembered as safe and not require signing in subsequently. So if someone nicks your computer they get access?! Two factor authentication is in addition to your usual account name and password. The idea is that some Russian hacker can't access your account without also having physical access to the PC to generate required passkeys. Nowadays banks are doing this or something similar, such as sending a text. If someone nicks your computer with the authenticator app then you go to another computer and access the authenticator with your special password to remove the stolen device from authenticator account. I prefer this to getting texts with a passkey. |
#40
Posted to uk.d-i-y
|
|||
|
|||
O/T: internet security question (leaked details)
"Scott" wrote in message ... On Mon, 20 Jul 2020 18:48:49 +0100, John Rumm wrote: On 20/07/2020 10:28, Scott wrote: On 20 Jul 2020 09:04:01 GMT, Tim Streater wrote: On 20 Jul 2020 at 09:51:07 BST, Scott wrote: On Mon, 20 Jul 2020 00:59:43 -0400, Paul wrote: I generate long, random, password sequences for each Internet account created. They're a pain to type in, but I keep a stack of pieces of paper with the new ones printed on it. Why would you need pieces of paper? Can you not use a program that saves passwords in an encrypted form. What happens if someone breaks into your house and steals the pieces of paper? Drat yes, I hope the scrote doesn't notice the book on the bookshelf with the word "Passwords" embossed on the spine in gold. I expect such a scrote would have a little "Lone Ranger" mask, wear a black-and white striped jersey, and carry a bag marked "Swag" over his shoulder. Thanks for our insightful advice. I'll stop locking my front door - obviously unnecessary as crime is fake news. I think you may have missed the point Tim was making. i.e. Just because you have a file of passwords recorded, it does not have to be obvious or even intelligible to to someone else if the details are obfuscated, or simply hidden in lots of other data. Sorry, I must have been distracted by all the verbiage about scrotes, lone rangers and swag. I prefer to hold the passwords in an encrypted form that can be cut and pasted when needed I prefer a proper password manager that keeps the passwords and other routinely provided stuff like you address and the username etc in a fully encrypted database and automatically fills in the form you are looking at and which allows you to select from a list of sites that you log into routinely so you can go there just by clicking that link. And which automatically collects the stuff you fill in with a new site and offers to add it to the database, than in a disguised form on bits of paper that needs to be painstakingly typed in each time. Everyone makes their own choices of course. |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Personal details of 200 million US voters leaked in 'largest exposure of its kind' | Home Repair | |||
um im internet geld zu , internet surfen geld , top internetverdienstwie man im internet geld verdient , die 6 erfolgsfaktoren mit denen sie iminternet geld verdienen , wurzelimperium schnell geld , geld verdienen de ,online schnell geld verdie | Metalworking | |||
A NEW INTERNET IS COMING! - Web 2.0 Full Internet Upgrade - | Home Repair | |||
do business on the internet . want buy much popular and inexpensiveprice go do business on the internet . want buy much popular and inexpensiveprice go | Home Repair |