Psswd
Get flash to fully experience Pearltrees
The dump of 450,000 Yahoo passwords by a group calling itself "D33ds Company" has been analyzed by Anders Nilsson (apparently these passwords were stored in the clear ). Here's the topline: Total entries = 442773 Total unique entries = 342478 Top 10 passwords 123456 = 1666 (0.38%) password = 780 (0.18%) welcome = 436 (0.1%) ninja = 333 (0.08%) abc123 = 250 (0.06%) 123456789 = 222 (0.05%) 12345678 = 208 (0.05%) sunshine = 205 (0.05%) princess = 202 (0.05%) qwerty = 172 (0.04%) Top 10 base words password = 1373 (0.31%) welcome = 534 (0.12%) qwerty = 464 (0.1%) monkey = 430 (0.1%) jesus = 429 (0.1%) love = 421 (0.1%) money = 407 (0.09%) freedom = 385 (0.09%) ninja = 380 (0.09%) writer = 367 (0.08%) Password length (length ordered) 1 = 117 (0.03%) 2 = 70 (0.02%) 3 = 302 (0.07%) 4 = 2748 (0.62%) 5 = 5323 (1.2%) 6 = 79610 (17.98%) 7 = 65598 (14.82%) 8 = 119125 (26.9%) 9 = 65955 (14.9%) 10 = 54756 (12.37%) 11 = 21219 (4.79%) 12 = 21728 (4.91%) <p style="text-align:right;color:#A8A8A8"></p>
Crummy passwords from Yahoo users
Par Korben Dans un article publié sur son blog mercredi, la société TrustWave SpiderLabs explique comment elle a réussi à décoder les indices pour le mot de passe de Windows 7 et 8. Pour rappel, ces indices censés être secrets doivent permettre à un utilisateur de se souvenir de son mot de passe. Évidemment, maintenant ce script pour décoder ces indices a été intégré à Metasploit et peut être utilisé par tous... Maintenant revenons sur terre... ça ne me choque pas que ces indices soient peu, voire pas protégés. C'est pareil sur les téléphones ou les autres OS d'ailleurs.
Décoder les indices pour retrouver un mot de passe Windows ? La belle affaire…
Security breaches happen so often nowadays, you're probably sick of hearing about them and all the ways you should beef up your accounts . Even if you feel you've heard it all already, though, unfortunately, today's password-cracking tools are more advanced and cut through the clever password tricks many of us use. Here's what's changed and what you should do about it.
Your Clever Password Tricks Aren't Protecting You from Today's Hackers
Devin Coldewey , NBC News – 249 days The problem with even the most secure password in the world is that you have to remember it — and if you can remember it, that means that a hacker or a judge can convince you to turn it over. But researchers at Stanford, Northwestern University and SRI International, led by Hristo Bojinov, have created a system where you put in your password without even knowing it. It takes advantage of the fact that your brain records some things without your knowing you've recorded them. Even typing takes advantage of this — it would probably take you quite a while to recreate the layout of your keyboard exactly, but you can type quickly and without hesitation. Similarly, the researchers thought, you should be able to "know" a password without being able to write or recite it, by a process called "implicit learning."
The most secure password is one you don't have to remember - Future of Tech on NBCNews.com
La Banque de France devrait sans doute faire appel à de nouveaux experts en sécurité : son code d’accès ayant été percé par un internaute à l’insu de son plein gré. Ce code était 1 2 3 4 5 6. On aurait presque du mal à le croire, mais le code d’accès de la prestigieuse Banque de France était bête à en pleurer : il se résumait à 6 chiffres, et pas n’importes lesquels : 1 2 3 4 5 6, à la suite.
Le mot de passe de la Banque de France ? 1 2 3 4 5 6
Good Password = Good Idea
This time of year, with all the online shopping, shipping, and marketing to be done, you might find yourself signing up for many different web-based products and services (like VerticalResponse maybe?). While it’s tempting to rush through these signup processes to place your order faster or start using the product quicker, you want to use a strong password (or passwords) to keep your information secure. We bring this up because SplashData, a password management application provider, unveiled its “ 25 Worst Passwords of the Year ” for 2011, which was also featured by online news sages Mashable . SplashData compiled their list “from files containing millions of stolen passwords posted online by hackers” and stated that “ Hackers can easily break into many accounts just by repeatedly trying common passwords… “. So when they say “worst,” they basically mean the most common, and therefore the most easily stolen. Here’s the list:
Between LinkedIn , Zappos , Dreamhost , and other prominent sites recently hacked, you've likely been thinking about your online security lately. But what does it actually mean when one of these sites get hacked, and how can you protect yourself? Here's how your passwords are stored on the internet, and what it means for you when a web site you used is breached. There are a number of ways a site can store your password, and some are considerably more secure than others.
How Your Passwords Are Stored on the Internet (and When Your Password Strength Doesn't Matter)
Rainbow Hash Cracking
September 8, 2007 The multi-platform password cracker Ophcrack is incredibly fast. How fast?
Un keylogger utilisant un accéléromètre
Par Korben Des chercheurs en sécurité ont mis au point une nouvelle technique permettant à un logiciel (genre malware) d'enregistrer les touches tapées sur le clavier (même virtuel) d'un smartphone. En gros, la technique consiste à utiliser l'accéléromètre du téléphone. En fonction du type de téléphone, et du schéma d'accélération enregistré pour chaque touche, il est possible de déterminer quelle est cette touche. Chaque touche correspond à un pattern d'accélération Que ce soit sur Android ou iOS, n'importe quelle application pourrait faire cela sans se faire remarquer, avec un taux de précision de plus de 70% car l'accéléromètre ne requiert pas de droits particuliers contrairement à la webcam, au GPS ou au microphone.
The Usability of Passwords (by @baekdal) #tips
Security companies and IT people constantly tells us that we should use complex and difficult passwords. This is bad advice, because you can actually make usable, easy to remember and highly secure passwords. In fact, usable passwords are often far better than complex ones. So let's dive into the world of passwords, and look at what makes a password secure in practical terms. Update: Read the FAQ (updated January 2011)Par Korben Si par le plus grand des hasards, vous devez tester quelques hashs afin de trouver quel est le mot de passe qui y correspond, ce n'est pas forcement la peine de vous lancer dans un bruteforce de malade... Il y a beaucoup plus simple et plus rapide. Il suffit d'utiliser les nombreuses bases de données de hashs qui sont à notre disposition sur le net. Grâce au script python Find my hash , vous allez vous faire plaisir.