Given that the name of the host where the passwords were posted ends in -chan, and that the url path contained the substring '/b/', shouldn't the real headline be "World reels in amazement as not all /b/-tards turn out to be completely full of shit"?

All the banks here provide a list of single use key-value pairs (won't ask the same pair more than once). So when you log in, you must provide a right value matching a given key. Never mind if a script kiddie got your HoTMaiL password..

How often does this exact thing happen, but the criminals don't advertise?

---

I am also confused as to the criminals motivation.

A "white-hat" would do the deed to draw attention to security problems, but not post the hashes and passwords.

If there was a profit motive, I imagine you would probably want to quietly exploit the information without anyone knowing.

I am guessing then that the motive is either bragging rights or revenge?

Only how do you enjoy either if you can't tell anyone?

Amount Password cumulative %

214 salasana 1.18 (salasana=password in Finnish)

176 123456 2.16

118 perkele 2.81 (Common 4-letter word)

85 12345 3.28

74 qwerty 3.69

The whole list telling the so far found passwords and the number of appearances is available at http://10.uraanikaivos.com/yleisyys.txt

Page is in Finnish, but the list is understandable. Currently 28% of the passwords have been decrypted.

voi Vittu!

</coat>

Very clever.

A while back a Finnish banner ad for the Dr. Who TV series read "Who the f**k?". This was from the national broadcasting company. Very amusing.

For some reason the threshold for using rude words in a foreign language is low.