is it a safe space to say we should bring back assassinations cuz literally our us government is just incompetent asf

mass shootings happen every day, womens rights are being taken away, ppl are living off minimum wage, the housing costs are just dreadful, cop cities are being funded, a genocide is going on and thousands of palestinian kids are dead but yeah lets just ban tiktok!! that'll solve all our problems <33

Maiden Magic- The Original Horse Betting System - Maiden Horse Betting System- Maiden Magic!

https://www.reviewape.com/?p=9119 Maiden Magic- The Original Horse Betting System - Maiden Horse Betting System- Maiden Magic! - Product Name: Maiden Magic- The Original Horse Betting System – Maiden Horse Betting System- Maiden Magic! Click here to get Maiden Magic- The Original Horse Betting System – Maiden Horse Betting System- Maiden Magic! at discounted price while it’s still available… All orders are protected by SSL encryption – the highest industry standard for online security from trusted vendors. Maiden Magic- The Original Horse Betting System – Maiden Horse Betting System- Maiden Magic! is backed with a 60 Day No Questions Asked Money Back Guarantee. If within the first 60 days of receipt you are not satisfied with Wake Up Lean™, you can request a refund by sending an email to the address given inside the product and we will immediately refund your entire purchase price, with no questions asked. (function ($) { var $self = $('.adace-loader-5c30728aa9163'); var $wrapper = $self.closest('.adace-slot-wrapper'); "use strict"; var adace_load_5c30728aa9163 = function(){ var viewport = $(window).width(); var tabletStart = 601; var landscapeStart = 801; var tabletEnd = 961; var content = ''; var unpack = true; if(viewport=tabletStart && viewport=landscapeStart && viewport=tabletStart && viewport=tabletEnd){ if ($wrapper.hasClass('.adace-hide-on-desktop')){ $wrapper.remove(); } } if(unpack) { $self.replaceWith(decodeURIComponent(content)); } } if($wrapper.css('visibility') === 'visible' ) { adace_load_5c30728aa9163(); } else { //fire when visible. var refreshIntervalId = setInterval(function(){ if($wrapper.css('visibility') === 'visible' ) { adace_load_5c30728aa9163(); clearInterval(refreshIntervalId); } }, 999); } })(jQuery); Description: How many times have you nailed 2 races of the pick 3 only to lose the third one because it was an unpredictable maiden race? Or how many times have you aced 4 races in the Pick 6, only to lose the two that were maiden races? Frustrating huh? Nothing could be more disheartening. Well that all is about to change now! From the dawn of maiden racing, several myths have plagued the best of players and are still firm beliefs today. It has become common to see bettors shrug at the sight of these races and refuse to play them or even worse- take a blind stab in the dark! No one likes to be in such a vulnerable position, especially with money on the line! ” Wow! I never knew how easy it could be to spot maiden selections! I can’t tell you how many times I’ve walked away frustrated from the track, but with your system, the maidens no longer baffle me! Thanks guys, I owe you.” Mark  W-  Beaumont, Texas Let’s take a look at these myths and discredit them, so you never have to fall prey to what keeps average players from becoming pro handicappers.   Myth #1-  Maiden races are too hard to handicap because  the horses are just too unpredictable. Wrong! Maiden races are easy to pick because maidens have an addedincentive to win. They don’t want to remain maidens forever, so thetrainers pull out all the stops in preparing for a maiden race. This a major factor that most people don’t even consider, but knowing this puts you well above the curve!   Myth #2-    Maiden races are difficult because the horses  are too “green” to handicap.    Hogwash! Being green and unpredictable is what makes the maiden race so simple to handicap. When these horses are so new to the game, the amount of variables that would be considered in any other race are considerably lower in a maiden race. This makes your job as a handicapper much easier! You only need to know what to look for…   Myth #3- It is just too hard to get a handle on which horse has  the “class” in the race.  Horse hockey! It is easy to spot the class of the race and it is not always the horse that has finished in the money last out, either. A simple process points out the class with ease…   Myth #4- Some maiden races are filled with a host of first time starters. Impossible to choose with no past performances to look at. Bullwinkle! The works are the answer here, but we will show you which works to look for and exactly what to look for in a workout. We guarantee you you have not heard about this one before!   Myth #5- Some races are filled with nags that couldn’t outrun my grandmother with a full bladder. Can’t get a winner out of these. Wrong again. These races sometimes produce boxcar payoffs, and we will tell you how to maximize your chances and go to the payoff windows! So how can you cut through these myths and put to work a winning horse betting system that includes maiden selections? With a bit of magic, of course! The Maiden Magic horse betting system was designed to increase your win percentages and unlock the myths and heartaches behind maiden races. By implementing these simple techniques, maidens no longer have to be the thorn in your handicapping side! No longer are you forced to make a blind selection on a crucial maiden race, only to realize you are practically spitting in the wind! Maiden Magic takes you by the hand, shows you exactly what you need to know and will increase your win percentage in any maiden race you bet. Look, handicapping a maiden race is not rocket science, contrary to popular belief. Like any other race, maiden races have many of the same variables any other race has. Each horse has their own unique, tell-tale signs that can give you the leverage to unraveling one of the greatest mysteries in the horse racing sport. The key is knowing what to look for, when to implement it and how to capitalize on it. Through the Maiden Magic method, these key factors will leap out at you, grab you by the collar and say… “Now’s the Time to Make Your Move From Small Time Bettor to Professional Handicapper!” Maiden Magic is truly the original maiden horse betting system in that it covers the wide range of factors in determining a maiden winner, not through one system, but through a total of 5! As mentioned earlier, there are 5 major myths surrounding these races and with Maiden Magic, we cover all of them in great detail. Furthermore, we take these 5 situations and give you an exact blueprint on how to know which angle to use and when to use it! No other maiden betting system lays it all out there for you like Maiden Magic!  ” Honestly, I’ve never cared much for the maidens. I’ve always felt that understanding the complexities behind these races was beyond my grasp, at least until this system came along! The videos were a tremendous help and picking a winner is a cinch! “ Becky H-  Bastrop, Texas Besides having these 5 systems to choose from,  Maiden Magic lays out an over-simplified strategy to determining which system to use in the appropriate scenario. You’ll never look at maiden races the same again after Maiden Magic… 5 Maiden Horse Betting Systems All Rolled Into One.  An in-depth explaination of every system, how they work, how to spot them and how to know which one to use. From novice player to professional handicapper, this instant, downloadable PDF file holds nothing back. With right at 40 pages of content, Maiden Magic makes it simple for anyone to learn at any level. In-depth Video Tutorials.  At over 80 minutes of “take you by the hand and show you how” videos, these horse racing video tutorials are an excellent companion to the Maiden Magic guide. No stone is left unturned and you’ll have a front row seat to learn at your own pace . Access to our Maiden Magic Stopwatch software.  With this simple to use software we take the headaches out of handicapping so you can focus more on finding the contenders! We’ve also included a “How-To” video that makes using this tool all too simple! Instant Updates, Upgrades and Special Membership Offers to Maiden Magic.  Our system doesn’t stop at teaching alone. Be in the know by becoming a Maiden Magic Member, included for free just for buying Maiden Magic today! ” I’ve tried a lot of horse racing systems in my years playing the ponies, but this one over-delivers. Keep up the good work- my bankroll appreciates it! “ David N-  Hot Springs, Arkansas Waiting could be a very costly mistake…Not only because you will lose the opportunity to own Maiden Magic, but because you might check back and find that the price has went up… Honestly, we cannot guarantee the price won’t change at ANY time…Maiden Magic is a system that works, hands down. However, because racing odds determine everyone’s payouts, we cannot run the risk of over-exposing this system and creating an odds’ backlash. Massive payouts missed because the system has become a trend wouldn’t be fair to us or the buyers of this manual. I know you understand. A complete A-Z Handicapper’s Horse Racing Dictionary. With over 50 pages of horse racing jargon, betting terms and slang this is a must have reference book for the novice to mid-range handicapper looking to improve their knowledge of all things horse racing! As this sport grows, so will our dictionary and you’ll have access to instant updates as a Maiden Magic member. Yours absolutely free for your purchase of Maiden Magic. Disclaimer: Every effort has been made to accurately represent Maiden Magic and it’s potential. The testimonials and examples used are exceptional results, and don’t apply to the average purchaser and are not intended to represent or guarantee that anyone will achieve the same or similar results. Each individual’s success depends on his or her background, dedication, desire, motivation and adaptability. As with any business endeavor, there is an inherent risk of loss of capital and there is no guarantee that you will earn any money, especially if you were looking for a get-rich-quick scheme with a magical push-button. ClickBank is a registered trademark of Keynetics Inc., a Delaware corporation. Maiden Magic is not affiliated with Keynetics Inc. in any way, nor does Keynetics Inc. sponsor or approve any Maiden Magic product. Keynetics Inc. expresses no opinion as to the correctness of any of the statements made by Maiden Magic in the materials on this Web page or within the product itself or its bonuses. Terms of Use | Disclaimer | Privacy Policy | Contact Us | Legal | Affiliates Copyright 2009 All Rights Reserved Maiden Magic, the Original Maiden Horse Betting System. Click here to get Maiden Magic- The Original Horse Betting System – Maiden Horse Betting System- Maiden Magic! at discounted price while it’s still available… All orders are protected by SSL encryption – the highest industry standard for online security from trusted vendors. Maiden Magic- The Original Horse Betting System – Maiden Horse Betting System- Maiden Magic! is backed with a 60 Day No Questions Asked Money Back Guarantee. If within the first 60 days of receipt you are not satisfied with Wake Up Lean™, you can request a refund by sending an email to the address given inside the product and we will immediately refund your entire purchase price, with no questions asked. - ReviewApe - https://www.reviewape.com/?p=9119

[Udemy] Excel Beginner Crash Course – How to Solve Problems in Excel

Non-intimidating Microsoft Excel course for beginners. Learn Beginner Microsoft Excel 2010, Excel 2013, Excel 2016. Learn how to approach beginner Excel issues and use your findings to make decisions. How to use beginner math and stat functions with ease to help solve problems. Be able to take over someone else’s basic spreadsheet and be able to understand how it works in a matter of minutes. How to avoid getting lost in long formulas. Understand common error codes and what to do about them. Requirements The will to learn and practice beginner Excel topics! Have Windows or Mac computer. Some functions may have compatibility issues on iOS and Android. Know how to do basic computing tasks such as copying and pasting text, opening files, etc. Have Microsoft Excel installed (Excel 2007, Excel 2010, Excel 2013, or Excel 2016). I’m using Excel 2016. Description If you’ve ever broken into a cold sweat when opening Excel, then this course is for you. Join me as we talk about the basic formula creation process and take a look at popular Math and Stat functions. We won’t be exhausting every Excel tidbit but I’m willing to bet you’ll remember the content in this course. The overarching theme is mastery versus overload and the goal is to get busy people up and running in Excel as quick as possible. Gone are the days when you’re intimidated to to work in Excel. You don’t need to know all the crazy things Excel can do to be a top performer at you job. Even with web apps and the software as a service (SaaS) business model being prevalent as they are, Excel is still used in today’s businesses. Sometimes these expensive web based businesses don’t scale very well to a specific calculation or forecast. Being able to whip up something quickly can be the difference in the perception of job performance. A great example of this is something that happened at one of my jobs: I was tasked to show the stats of blocked and allowed emails that were processed by our email filtering system. This system had built-in reporting capabilities but it didn’t present the data very well. So I imported the data in Excel, separated it nicely, and added charts and graphs. After I setup the data sheet I added another sheet that predicted the amount of emails in each category that would be received within the next 60 days. Not only was this report a hit with my boss and other management, but I was able to communicate expertise that management didn’t even know I had. This report opened the opportunity to jump pay grades - all this from spending a little extra time in an Excel. The point is Excel is more than a simple office program that runs your home budget.  Knowing Excel can be beneficial in your professional career. And I’ll teach you the basics of Excel in this course. I designed this basic Excel course to be easily understood by absolute beginners. At the end of the course you will understand how to identify and navigate pieces of Excel, how the formula creation process works, how to use popular math and stat functions, and how to use the diagnostic functions to help solve those pesky errors. Doing well at your current job is dandy, but what about another line of work? This course will provide a foundation to students who will be taking classes or starting work where Excel use is required. Jobs that use Excel include but are not limited to: Financial Analyst Accountant Business Analyst and virtually any IT position That’s right. Excel is still popular today. Other less involved professions may include administrative assistants or simply someone who has inherited someone else’s spreadsheet and needs to be able to quickly jump in. I’ll provide materials to you to help you learn.   The method of teaching is a walkthrough in Excel. I’ll provide: a course workbook (Excel file), both student and instructor versions visual instruction on Udemy a course companion manual in PDF form and other materials to help you learn Enroll in Beginner’s Guide to Solving Problems in Microsoft Excel today! Thanks for reading and I can’t wait to serve you. Who is the target audience? Anyone who wants a beginner Excel curriculum that helps you get comfortable working with data in Excel to take their career to the next level. Students looking for a hands-on, non-intimidating beginner Excel course with examples, assignments, and other awesome materials. Excel beginners who aren’t familiar with common functions and formulas. Those who haven’t used Excel in a while and need a quick refresher. This beginner Excel course is probably NOT for you if you’re at an intermediate level. This beginner Excel course is definitely NOT for you if you’re looking for advanced Excel techniques such as scripting, macros, database connections, modeling, etc. source https://ttorial.com/excel-beginner-crash-course-solve-problems-excel

source https://ttorialcom.tumblr.com/post/179690519903

The Market for Stolen Account Credentials

Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Today’s post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment.

Not long ago in Internet time, your typical cybercriminal looking for access to a specific password-protected Web site would most likely visit an underground forum and ping one of several miscreants who routinely leased access to their “bot logs.”

These bot log sellers were essentially criminals who ran large botnets (collections of hacked PCs) powered by malware that can snarf any passwords stored in the victim’s Web browser or credentials submitted into a Web-based login form. For a few dollars in virtual currency, a ne’er-do-well could buy access to these logs, or else he and the botmaster would agree in advance upon a price for any specific account credentials sought by the buyer.

Back then, most of the stolen credentials that a botmaster might have in his possession typically went unused or unsold (aside from the occasional bank login that led to a juicy high-value account). Indeed, these plentiful commodities held by the botmaster for the most part were simply not a super profitable line of business and so went largely wasted, like bits of digital detritus left on the cutting room floor.

But oh, how times have changed! With dozens of sites in the underground now competing to purchase and resell credentials for a variety of online locations, it has never been easier for a botmaster to earn a handsome living based solely on the sale of stolen usernames and passwords alone.

If the old adage about a picture being worth a thousand words is true, the one directly below is priceless because it illustrates just how profitable the credential resale business has become.

This screen shot shows the earnings panel of a crook who sells stolen credentials for hundreds of Web sites to a dark web service that resells them. This botmaster only gets paid when someone buys one of his credentials. So far this year, customers of this service have purchased more than 35,000 credentials he’s sold to this service, earning him more than $288,000 in just a few months.

The image shown above is the wholesaler division of “Carder’s Paradise,” a bustling dark web service that sells credentials for hundreds of popular Web destinations. The screen shot above is an earnings panel akin to what you would see if you were a seller of stolen credentials to this service — hence the designation “Seller’s Paradise” in the upper left hand corner of the screen shot.

This screen shot was taken from the logged-in account belonging to one of the more successful vendors at Carder’s Paradise. We can see that in just the first seven months of 2017, this botmaster sold approximately 35,000 credential pairs via the Carder’s Paradise market, earning him more than $288,000. That’s an average of $8.19 cents for each credential sold through the service.

Bear in mind that this botmaster only makes money based on consignment: Regardless of how much he uploads to Seller’s Paradise, he doesn’t get paid for any of it unless a Seller’s Paradise customer chooses to buy what he’s selling.

Fortunately for this guy, almost 9,000 different customers of Seller’s Paradise chose to purchase one or more of his username and password pairs. It was not possible to tell from this seller’s account how many credential pairs total that he has contributed to this service which went unsold, but it’s a safe bet that it was far more than 35,000.

[A side note is in order here because there is some delicious irony in the backstory behind the screenshot above: The only reason a source of mine was able to share it with me was because this particular seller re-used the same email address and password across multiple unrelated cybercrime services].

Based on the prices advertised at Carder’s Paradise (again, Carder’s Paradise is the retail/customer side of Seller’s Paradise) we can see that the service on average pays its suppliers about half what it charges customers for each credential. The average price of a credential for more than 200 different e-commerce and banking sites sold through this service is approximately $15.

Part of the price list for credentials sold at this dark web ID theft site.

Indeed, fifteen bucks is exactly what it costs to buy stolen logins for airbnb.com, comcast.com, creditkarma.com, logmein.com and uber.com. A credential pair from AT&T Wireless — combined with access to the victim’s email inbox — sells for $30.

The most expensive credentials for sale via this service are those for the electronics store frys.com ($190). I’m not sure why these credentials are so much more expensive than the rest, but it may be because thieves have figured out a reliable and very profitable way to convert stolen frys.com customer credentials into cash.

Usernames and passwords to active accounts at military personnel-only credit union NavyFederal.com fetch $60 apiece, while credentials to various legal and data aggregation services from Thomson Reuters properties command a $50 price tag.

The full price list of credentials for sale by this dark web service is available in this PDF. For CSV format, see this link. Both lists are sorted alphabetically by Web site name.

This service doesn’t just sell credentials: It also peddles entire identities — indexed and priced according to the unwitting victim’s FICO score. An identity with a perfect credit score (850) can demand as much as $150.

Stolen identities with high credit scores fetch higher prices.

And of course this service also offers the ability to pull full credit reports on virtually any American — from all three major credit bureaus — for just $35 per bureau.

It costs $35 through this service to pull someone’s credit file from the three major credit bureaus.

Plenty of people began freaking out earlier this year after a breach at big-three credit bureau Equifax jeopardized the Social Security Numbers, dates of birth and other sensitive date on more than 145 million Americans. But as I have been trying to tell readers for many years, this data is broadly available for sale in the cybercrime underground on a significant portion of the American populace.

If the threat of identity theft has you spooked, place a freeze on your credit file and on the file of your spouse (you may even be able to do this for your kids). Credit monitoring is useful for letting you know when someone has stolen your identity, but these services can’t be counted on to stop an ID thief from opening new lines of credit in your name.

They are, however, useful for helping to clean up identity theft after-the-fact. This story is already too long to go into the pros and cons of credit monitoring vs. freezes, so I’ll instead point to a recent primer on the topic and urge readers to check it out.

Finally, it’s a super bad idea to re-use passwords across multiple sites. KrebsOnSecurity this year has written about multiple, competing services that sell or sold access to billions of usernames and passwords exposed in high profile data breaches at places like Linkedin, Dropbox and Myspace. Crooks pay for access to these stolen credential services because they know that a decent percentage of Internet users recycle the same password at multiple sites.

One alternative to creating and remembering strong, lengthy and complex passwords for every important site you deal with is to outsource this headache to a password manager.  If the online account in question allows 2-factor authentication (2FA), be sure to take advantage of that.

Two-factor authentication makes it much harder for password thieves (or their customers) to hack into your account just by stealing or buying your password: If you have 2FA enabled, they also would need to hack that second factor (usually your mobile device) before being able to access your account. For a list of sites that support 2FA, check out twofactorauth.org.

from Technology News https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/

The Market for Stolen Account Credentials

Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Today’s post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment.

Not long ago in Internet time, your typical cybercriminal looking for access to a specific password-protected Web site would most likely visit an underground forum and ping one of several miscreants who routinely leased access to their “bot logs.”

These bot log sellers were essentially criminals who ran large botnets (collections of hacked PCs) powered by malware that can snarf any passwords stored in the victim’s Web browser or credentials submitted into a Web-based login form. For a few dollars in virtual currency, a ne’er-do-well could buy access to these logs, or else he and the botmaster would agree in advance upon a price for any specific account credentials sought by the buyer.

Back then, most of the stolen credentials that a botmaster might have in his possession typically went unused or unsold (aside from the occasional bank login that led to a juicy high-value account). Indeed, these plentiful commodities held by the botmaster for the most part were simply not a super profitable line of business and so went largely wasted, like bits of digital detritus left on the cutting room floor.

But oh, how times have changed! With dozens of sites in the underground now competing to purchase and resell credentials for a variety of online locations, it has never been easier for a botmaster to earn a handsome living based solely on the sale of stolen usernames and passwords alone.

If the old adage about a picture being worth a thousand words is true, the one directly below is priceless because it illustrates just how profitable the credential resale business has become.

This screen shot shows the earnings panel of a crook who sells stolen credentials for hundreds of Web sites to a dark web service that resells them. This botmaster only gets paid when someone buys one of his credentials. So far this year, customers of this service have purchased more than 35,000 credentials he’s sold to this service, earning him more than $288,000 in just a few months.

The image shown above is the wholesaler division of “Carder’s Paradise,” a bustling dark web service that sells credentials for hundreds of popular Web destinations. The screen shot above is an earnings panel akin to what you would see if you were a seller of stolen credentials to this service — hence the designation “Seller’s Paradise” in the upper left hand corner of the screen shot.

This screen shot was taken from the logged-in account belonging to one of the more successful vendors at Carder’s Paradise. We can see that in just the first seven months of 2017, this botmaster sold approximately 35,000 credential pairs via the Carder’s Paradise market, earning him more than $288,000. That’s an average of $8.19 cents for each credential sold through the service.

Bear in mind that this botmaster only makes money based on consignment: Regardless of how much he uploads to Seller’s Paradise, he doesn’t get paid for any of it unless a Seller’s Paradise customer chooses to buy what he’s selling.

Fortunately for this guy, almost 9,000 different customers of Seller’s Paradise chose to purchase one or more of his username and password pairs. It was not possible to tell from this seller’s account how many credential pairs total that he has contributed to this service which went unsold, but it’s a safe bet that it was far more than 35,000.

[A side note is in order here because there is some delicious irony in the backstory behind the screenshot above: The only reason a source of mine was able to share it with me was because this particular seller re-used the same email address and password across multiple unrelated cybercrime services].

Based on the prices advertised at Carder’s Paradise (again, Carder’s Paradise is the retail/customer side of Seller’s Paradise) we can see that the service on average pays its suppliers about half what it charges customers for each credential. The average price of a credential for more than 200 different e-commerce and banking sites sold through this service is approximately $15.

Part of the price list for credentials sold at this dark web ID theft site.

Indeed, fifteen bucks is exactly what it costs to buy stolen logins for airbnb.com, comcast.com, creditkarma.com, logmein.com and uber.com. A credential pair from AT&T Wireless — combined with access to the victim’s email inbox — sells for $30.

The most expensive credentials for sale via this service are those for the electronics store frys.com ($190). I’m not sure why these credentials are so much more expensive than the rest, but it may be because thieves have figured out a reliable and very profitable way to convert stolen frys.com customer credentials into cash.

Usernames and passwords to active accounts at military personnel-only credit union NavyFederal.com fetch $60 apiece, while credentials to various legal and data aggregation services from Thomson Reuters properties command a $50 price tag.

The full price list of credentials for sale by this dark web service is available in this PDF. For CSV format, see this link. Both lists are sorted alphabetically by Web site name.

This service doesn’t just sell credentials: It also peddles entire identities — indexed and priced according to the unwitting victim’s FICO score. An identity with a perfect credit score (850) can demand as much as $150.

Stolen identities with high credit scores fetch higher prices.

And of course this service also offers the ability to pull full credit reports on virtually any American — from all three major credit bureaus — for just $35 per bureau.

It costs $35 through this service to pull someone’s credit file from the three major credit bureaus.

Plenty of people began freaking out earlier this year after a breach at big-three credit bureau Equifax jeopardized the Social Security Numbers, dates of birth and other sensitive date on more than 145 million Americans. But as I have been trying to tell readers for many years, this data is broadly available for sale in the cybercrime underground on a significant portion of the American populace.

If the threat of identity theft has you spooked, place a freeze on your credit file and on the file of your spouse (you may even be able to do this for your kids). Credit monitoring is useful for letting you know when someone has stolen your identity, but these services can’t be counted on to stop an ID thief from opening new lines of credit in your name.

They are, however, useful for helping to clean up identity theft after-the-fact. This story is already too long to go into the pros and cons of credit monitoring vs. freezes, so I’ll instead point to a recent primer on the topic and urge readers to check it out.

Finally, it’s a super bad idea to re-use passwords across multiple sites. KrebsOnSecurity this year has written about multiple, competing services that sell or sold access to billions of usernames and passwords exposed in high profile data breaches at places like Linkedin, Dropbox and Myspace. Crooks pay for access to these stolen credential services because they know that a decent percentage of Internet users recycle the same password at multiple sites.

One alternative to creating and remembering strong, lengthy and complex passwords for every important site you deal with is to outsource this headache to a password manager.  If the online account in question allows 2-factor authentication (2FA), be sure to take advantage of that.

Two-factor authentication makes it much harder for password thieves (or their customers) to hack into your account just by stealing or buying your password: If you have 2FA enabled, they also would need to hack that second factor (usually your mobile device) before being able to access your account. For a list of sites that support 2FA, check out twofactorauth.org.

from Amber Scott Technology News https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/

The Market for Stolen Account Credentials

Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Today’s post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment.

Not long ago in Internet time, your typical cybercriminal looking for access to a specific password-protected Web site would most likely visit an underground forum and ping one of several miscreants who routinely leased access to their “bot logs.”

These bot log sellers were essentially criminals who ran large botnets (collections of hacked PCs) powered by malware that can snarf any passwords stored in the victim’s Web browser or credentials submitted into a Web-based login form. For a few dollars in virtual currency, a ne’er-do-well could buy access to these logs, or else he and the botmaster would agree in advance upon a price for any specific account credentials sought by the buyer.

Back then, most of the stolen credentials that a botmaster might have in his possession typically went unused or unsold (aside from the occasional bank login that led to a juicy high-value account). Indeed, these plentiful commodities held by the botmaster for the most part were simply not a super profitable line of business and so went largely wasted, like bits of digital detritus left on the cutting room floor.

But oh, how times have changed! With dozens of sites in the underground now competing to purchase and resell credentials for a variety of online locations, it has never been easier for a botmaster to earn a handsome living based solely on the sale of stolen usernames and passwords alone.

If the old adage about a picture being worth a thousand words is true, the one directly below is priceless because it illustrates just how profitable the credential resale business has become.

This screen shot shows the earnings panel of a crook who sells stolen credentials for hundreds of Web sites to a dark web service that resells them. This botmaster only gets paid when someone buys one of his credentials. So far this year, customers of this service have purchased more than 35,000 credentials he’s sold to this service, earning him more than $288,000 in just a few months.

The image shown above is the wholesaler division of “Carder’s Paradise,” a bustling dark web service that sells credentials for hundreds of popular Web destinations. The screen shot above is an earnings panel akin to what you would see if you were a seller of stolen credentials to this service — hence the designation “Seller’s Paradise” in the upper left hand corner of the screen shot.

This screen shot was taken from the logged-in account belonging to one of the more successful vendors at Carder’s Paradise. We can see that in just the first seven months of 2017, this botmaster sold approximately 35,000 credential pairs via the Carder’s Paradise market, earning him more than $288,000. That’s an average of $8.19 cents for each credential sold through the service.

Bear in mind that this botmaster only makes money based on consignment: Regardless of how much he uploads to Seller’s Paradise, he doesn’t get paid for any of it unless a Seller’s Paradise customer chooses to buy what he’s selling.

Fortunately for this guy, almost 9,000 different customers of Seller’s Paradise chose to purchase one or more of his username and password pairs. It was not possible to tell from this seller’s account how many credential pairs total that he has contributed to this service which went unsold, but it’s a safe bet that it was far more than 35,000.

[A side note is in order here because there is some delicious irony in the backstory behind the screenshot above: The only reason a source of mine was able to share it with me was because this particular seller re-used the same email address and password across multiple unrelated cybercrime services].

Based on the prices advertised at Carder’s Paradise (again, Carder’s Paradise is the retail/customer side of Seller’s Paradise) we can see that the service on average pays its suppliers about half what it charges customers for each credential. The average price of a credential for more than 200 different e-commerce and banking sites sold through this service is approximately $15.

Part of the price list for credentials sold at this dark web ID theft site.

Indeed, fifteen bucks is exactly what it costs to buy stolen logins for airbnb.com, comcast.com, creditkarma.com, logmein.com and uber.com. A credential pair from AT&T Wireless — combined with access to the victim’s email inbox — sells for $30.

The most expensive credentials for sale via this service are those for the electronics store frys.com ($190). I’m not sure why these credentials are so much more expensive than the rest, but it may be because thieves have figured out a reliable and very profitable way to convert stolen frys.com customer credentials into cash.

Usernames and passwords to active accounts at military personnel-only credit union NavyFederal.com fetch $60 apiece, while credentials to various legal and data aggregation services from Thomson Reuters properties command a $50 price tag.

The full price list of credentials for sale by this dark web service is available in this PDF. For CSV format, see this link. Both lists are sorted alphabetically by Web site name.

This service doesn’t just sell credentials: It also peddles entire identities — indexed and priced according to the unwitting victim’s FICO score. An identity with a perfect credit score (850) can demand as much as $150.

Stolen identities with high credit scores fetch higher prices.

And of course this service also offers the ability to pull full credit reports on virtually any American — from all three major credit bureaus — for just $35 per bureau.

It costs $35 through this service to pull someone’s credit file from the three major credit bureaus.

Plenty of people began freaking out earlier this year after a breach at big-three credit bureau Equifax jeopardized the Social Security Numbers, dates of birth and other sensitive date on more than 145 million Americans. But as I have been trying to tell readers for many years, this data is broadly available for sale in the cybercrime underground on a significant portion of the American populace.

If the threat of identity theft has you spooked, place a freeze on your credit file and on the file of your spouse (you may even be able to do this for your kids). Credit monitoring is useful for letting you know when someone has stolen your identity, but these services can’t be counted on to stop an ID thief from opening new lines of credit in your name.

They are, however, useful for helping to clean up identity theft after-the-fact. This story is already too long to go into the pros and cons of credit monitoring vs. freezes, so I’ll instead point to a recent primer on the topic and urge readers to check it out.

Finally, it’s a super bad idea to re-use passwords across multiple sites. KrebsOnSecurity this year has written about multiple, competing services that sell or sold access to billions of usernames and passwords exposed in high profile data breaches at places like Linkedin, Dropbox and Myspace. Crooks pay for access to these stolen credential services because they know that a decent percentage of Internet users recycle the same password at multiple sites.

One alternative to creating and remembering strong, lengthy and complex passwords for every important site you deal with is to outsource this headache to a password manager.  If the online account in question allows 2-factor authentication (2FA), be sure to take advantage of that.

Two-factor authentication makes it much harder for password thieves (or their customers) to hack into your account just by stealing or buying your password: If you have 2FA enabled, they also would need to hack that second factor (usually your mobile device) before being able to access your account. For a list of sites that support 2FA, check out twofactorauth.org.

from https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/