Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”
Hackers get %90 of an MD5 password database using multiple analysis techniques including Markov chains, mask, combinator and hybrid attacks. These attacks combine dictionaries of previously-recovered passwords and passphrases with brute force and statistical analysis to expand the power of password cracking.
What are the most common and least common 4-digit PINs?
Using data from recent password database leaks, an analysis of PINs. (via Schneier
Choosing good passwords
- a straightforward real-world guide for the average user, by AusCERT
. Also includes links out to a fun and informative piece on The Top 500 Worst Passwords of All Time
, and more in-depth material aimed at the tech and security savvy, like this enjoyable conference talk: Security As If Your Life Depended On It (because it might!)
. So we can avoid becoming xkcd cartoons
A thread at Apple's Support site
has popped up with frustrated users describing nearly identical iTunes account disruptions: up to hundreds of dollars of charges are being racked up by fraudulent buyers, using iTunes gift card balances and even credit card information to fund the purchases. [more inside]
An anonymous hacking outfit called "Gnosis" has infiltrated Gawker Media
, hijacking the front page
and leaking the company's internal chat logs, source code, and content databases along with the usernames, email addresses, and passwords of over 1.3 million users
(including Gawker staff). The attack, which was motivated by what the group describes as the "outright arrogance"
with which the company's bloggers taunted anonymous imageboard 4chan (semi-previously)
, affects every site in the Gawker network, including Gizmodo, Kotaku, Lifehacker, Jezebel, Deadspin, Jalopnik, and io9. While most of the leaked passwords are encrypted, more than 200,000 of the simpler ones in the torrent file have been cracked, and the links between account names and email addresses are in plaintext for all to see. Since the integrity of Gawker's encryption methods remains in doubt
, it is recommended that anyone who has ever registered an account on any Gawker property change their passwords immediately, especially if the same log-in information is used for other services.
Write down your password.
Bruce Schneier, Author of Applied Cryptography and founder of Counterpane security is urging people to write down their passwords.
Does it bug anyone else
that if you have a MetaFilter account with cookies enabled, it automatically enters your password (which can be read in view source)???
Personally I think this is a very bad thing, as I've visited metafilter at the library a few times..