MoshkiaeBut you DO NOT KNOW how good hackers are, and why the federal government eventually hires many of these people. It's because they know code inside out and you don't. They know things about the internet and connectivity that most admins have no idea about.
 

Oh you're an admin now?
 
The reality is that in most cases hackers don't break in, they trick someone into letting them in. Which is much easier, because people are conditioned to click on stuff without regard to security issues and SW companies and legitimate web sites unfortunately play a major role in this conditioning. And often, once hackers are inside, security is more lax because the systems are designed to be protected from "external" threats, not "internal" ones. 
 
And most of the actual "hacking" break ins involves simply a lot of extremely tedious work to search for holes in existing things that are well understood, not magic spells based on some kind of secret knowledge. In the past, this meant hackers were talented misfits with emotional issues, and spy agencies, but now there is organized crime with a profit motive.
 
The trickiest part is probably doing something nefarious without being detected, but many places simply aren't looking for security breaches except for maybe at a few key points.
 
But the bottom line is ebay, Target and many other high profile breakins could have been prevented - or at least caught much earlier - with better implementation and enforcement of very basic security principles.

And almost a week later, I've finally received an e-mail from eBay... 

jamesg1213
...
 If a company tells you your password has been compromised and you don't change it, you have only yourself to blame.

Bull! You CANCEL the account immediately to prevent any re-checks and tracking. It is also likely that your own computer has a tracking cookie that is helping.
 
What makes you think that your piddly little computer, or mine for that matter, has better security than a large company with so many credit cards?
 
The best protection is for this company, and any others, to lose a million customers over night and then they will take their security more seriously, than they have previously. But us thinking that our OWN connection is safe, and will not be tracked ... c'mon ... as a hacker the first thing you do is track the connections! How else are you going to get "there"?
 
And NO, I'm not an admin, but live with one that makes 130K per year! And he is about security! Just being around him, even makes me paranoid to not fool around with Linked and Facebook and other gunk out there, which I have not gotten into as yet. While I do not hear from him, about a lot of these things, I know his systems at the places we have worked together, have never been compromised and one attack, ended up in a prosecution by the FBI.
 
His personal machine for playing around in the Facebook or Linked folks is a Mac, as far as I know.
 
Take your choice. Be smart!
 
Go ahead and change your password! Good luck!

This news has been out there, but why did I just receive an email from Ebay that I needed to change my password?  Seems like it would be too late, since precautionary measures are now being taken to circumvent the issue.  Very slow response time in my opinion.  I just made a purchase and had no idea at the time.  My account could have already been violated by the time I received word from Ebay.
 
-Erin

drewfx1
...
But the bottom line is ebay, Target and many other high profile breakins could have been prevented - or at least caught much earlier - with better implementation and enforcement of very basic security principles.
...

If not "basic" at least much better defined and employed. But I can't say I'm seeing the security systems get better, but these won't get any better until these large companies start punishing these hackers and other companies abusing your credit card without your knowledge. These names need to be made public so others will be less likely/wanting to lose customers that fast!

Pretty sure my ebay was compromised. I made a purchase the day before I heard the news.
Lately I've been getting lots of spam. (which is very unusual).
 
 

BoostSoftware
This news has been out there, but why did I just receive an email from Ebay that I needed to change my password?  Seems like it would be too late, since precautionary measures are now being taken to circumvent the issue.  Very slow response time in my opinion.  I just made a purchase and had no idea at the time.  My account could have already been violated by the time I received word from Ebay.
 
-Erin

 
Since you are in "software" (so it seems), I would at the very least look at the headers on the email?
 
Anyone can send an email and say it is from eBay ... heck, you can even learn to spoof from Wiki! It's the oldest trick in the book for cryin'out loud!
 

I've been regularly getting an email from apparently Ebay asking me to change my password.
 
I suppose I should get an Ebay account first, before changing anything huh?  

Moshkiae

drewfx1
...
But the bottom line is ebay, Target and many other high profile breakins could have been prevented - or at least caught much earlier - with better implementation and enforcement of very basic security principles.
...

If not "basic" at least much better defined and employed. But I can't say I'm seeing the security systems get better, but these won't get any better until these large companies start punishing these hackers and other companies abusing your credit card without your knowledge. These names need to be made public so others will be less likely/wanting to lose customers that fast!

Companies don't want you to know that they've been hacked and will generally only acknowledge it if they have to - i.e. because they not only got hacked but customer information got compromised in the process.
 
Security can get better if companies just put a priority on it. I would expect that over time there will be less and less holes in SW for hackers to get through, so the main way in will (continue to) be tricking users into letting them in.
 
But that problem is hard to solve when seemingly every web site (including this one) adds additional scripts to track users, browsers are set up to trust too much by default and make it difficult to surf with things are more restricted. And worst of all, users are constantly trained to click "OK" to install stuff to view content on legitimate web pages.

I'm not an admin, but live with one that makes 130K per year!

why is this supposed to impress me?
 
I'll not divulge my annual income so that you aren't embarrassed by this statement.
 
oh wait!  it's embarrassing anyway!