<br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Lauren Weinstein</b> <br>Date: Fri, Apr 12, 2013 at 9:30 PM<br>Subject: [ NNSquad ] Huge attack on WordPress sites could spawn never-before-seen super botnet<br>
To: <a href="mailto:nnsquad@nnsquad.org">nnsquad@nnsquad.org</a><br><br>
Huge attack on WordPress sites could spawn never-before-seen super botnet<br>
<br>
<a href="http://j.mp/ZRZksL" target="_blank">http://j.mp/ZRZksL</a> (ars technica)<br>
<br>
"The unknown people behind the highly distributed attack are using more<br>
than 90,000 IP addresses to brute-force crack administrative<br>
credentials of vulnerable WordPress systems, researchers from at least<br>
three Web hosting services reported. At least one company warned that<br>
the attackers may be in the process of building a "botnet" of infected<br>
computers that's vastly stronger and more destructive than those<br>
available today. That's because the servers have bandwidth connections<br>
that that are typically tens, hundreds, or even thousands of times<br>
faster than botnets made of infected machines in homes and small<br>
businesses."<br>
<br>
- - -<br>
<br>
Up in the Net! It's a bug! It's a phish! It's SUPER-botnet!<br>
<br>
--Lauren--<br>
Lauren Weinstein (<a href="mailto:lauren@vortex.com">lauren@vortex.com</a>): <a href="http://www.vortex.com/lauren" target="_blank">http://www.vortex.com/lauren</a><br>
Co-Founder: People For Internet Responsibility: <a href="http://www.pfir.org/pfir-info" target="_blank">http://www.pfir.org/pfir-info</a><br>
Founder:<br>
- Network Neutrality Squad: <a href="http://www.nnsquad.org" target="_blank">http://www.nnsquad.org</a><br>
- PRIVACY Forum: <a href="http://www.vortex.com/privacy-info" target="_blank">http://www.vortex.com/privacy-info</a><br>
- Data Wisdom Explorers League: <a href="http://www.dwel.org" target="_blank">http://www.dwel.org</a><br>
- Global Coalition for Transparent Internet Performance: <a href="http://www.gctip.org" target="_blank">http://www.gctip.org</a><br>
Member: ACM Committee on Computers and Public Policy<br>
Lauren's Blog: <a href="http://lauren.vortex.com" target="_blank">http://lauren.vortex.com</a><br>
Google+: <a href="http://vortex.com/g+lauren" target="_blank">http://vortex.com/g+lauren</a> / Twitter: <a href="http://vortex.com/t-lauren" target="_blank">http://vortex.com/t-lauren</a><br><br>
</div><div class="gmail_quote"><br></div><div class="gmail_quote">The Google+ thread is at <a href="https://plus.google.com/114753028665775786510/posts/81U47ANqxDn">https://plus.google.com/114753028665775786510/posts/81U47ANqxDn</a></div>
<br><div>I'll be checking some wordpress sites more, but for the time being I changed the already good passwords using apg -s -a 1 -m 16 -n 4 -E "B8G6I1l0OQDS5Z2!(),.[]{|}"' and found wordpress doesn't like \. Then I added something one would think wordpress should do by default: <a href="https://wordpress.org/extend/plugins/limit-login-attempts/">https://wordpress.org/extend/plugins/limit-login-attempts/</a></div>
<div><br></div><div>Now I want a password manger that works on the Linux command line, and works on my android Nexus7. Any suggestions?</div><div><br></div><div><br></div><div>Chuck</div>