You won\’t believe how cheap a botnet is these days, then we play a game from your leaked Adobe passwords.

Plus we answer uber batch of your questions, and our answers all that much much more, on this week’s episode of TechSNAP!

Thanks to:

Show Notes:

Cost of stolen identities at all time low due to excessive supply

• There is so much supply of stolen identities that the going price for a US identity has fallen to a record low $25
• Foreign identities are worth only $40
• Credentials for a bank account with between $70,000 and $150,000 costs a mere $300
• \”Fullz,\” or personal identities, went for $40 per U.S. stolen ID and $60 for a stolen overseas ID in 2011 when Dell SecureWorks last studied pricing in the underground marketplace.
• Now those IDs are 33 to 37 percent cheaper.
• Pricing trends are interesting, says Raj Samani, CTO of McAfee. But they also can be misleading, he says, because prices are all over the map.
• “You can have varying prices depending on the sources you go to.\”
• McAfee in its June cybercrime study found a DDoS-for-hire service for $2 per hour, and another for $3 per hour, for instance, he says.
• Dell SecureWorks found DDoS services anywhere from $3- to $5 per hour, $90- to $100 per day, and $400 to $600 a month.
• The cost of getting a website hacked runs from $100 to $300, with more experienced black hat hackers charging more for their services. In an interesting twist, the researchers found that these attackers stipulated that they don\’t hack government or military websites.
• Doxing services—where a hacker steals as much information as they can about a victim or target via social media, social engineering, or Trojan infection—ranges from $25 to $100.
• Bots are cheap, too: 1,000 bots go for $20, and 15,000, for $250.

Adobe top passwords crossword

• For once, we can have a little fun with a major site being compromised
• The website is a crossword puzzle, made up of some of the top passwords that have been bruteforced or guessed from the ‘encrypted’ Adobe database
• The ‘clues’ are peoples password hints
• Because Adobe did not use a ‘salt’, all users who had the same password, had the same encrypted password, so by combining the password hints of all of the users with the same password, it gets much easier to guess common passwords
• It seems many people use names of people they know, parents and grandparents using children seems excessively prevalent
• Top 100 actual passwords

Feedback:

• Setting up a pfsense/FreeNAS box. FreeNAS within pfsense, or vice versa?

• Back that *** up

• How to reaching my home-server without port-forwarding

Submit your best of stories for the end of the year special

• Stories from 2013 that Went BIG or went BUST?

Round Up:

• Stories from 2013 that Went BIG or went BUST? : techsnap

• Windows 8.1 on 3711 floppy disks

• Kevin Mitnick: How to Troll the FBI
• Hacking sprees against government agencies a widespread problem List of Agencies includes US Army, DoE, and DHHS, vector was Cold Fusion (same as the Adobe hack)
• GitHub resets user passwords following rash of account hijack attacks
• [Video] Brendon Gregg @ LISA13 – Blazing Performance with Flame Graphs
• Without a disruptive technology, experts warn Super Computing will plateau
• My SaaS vendor told me this is a bullet proof vest
• Fun with .bashrc