background preloader

Why passwords have never been weaker—and crackers have never been stronger

In late 2010, Sean Brooks received three e-mails over a span of 30 hours warning that his accounts on LinkedIn, Battle.net, and other popular websites were at risk. He was tempted to dismiss them as hoaxes—until he noticed they included specifics that weren't typical of mass-produced phishing scams. The e-mails said that his login credentials for various Gawker websites had been exposed by hackers who rooted the sites' servers, then bragged about it online; if Brooks used the same e-mail and password for other accounts, they would be compromised too. The warnings Brooks and millions of other people received that December weren't fabrications. "The danger of weak password habits is becoming increasingly well-recognized," said Brooks, who at the time blogged about the warnings as the Program Associate for the Center for Democracy and Technology. The ancient art of password cracking has advanced further in the past five years than it did in the previous several decades combined.

password analysis and cracking kit | projects | sprawl PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers. NOTE: The toolkit itself is not able to crack passwords, but instead designed to make operation of password crackers more efficient. Before we can begin using the toolkit we must establish a selection criteria of password lists. The most basic analysis that you can perform is simply obtaining most common length, character-set and other characteristics of passwords in the provided list. $ python statsgen.py rockyou.txt Below is the output from the above command: NOTE: You can reduce the number of outliers displayed by including the --hiderare flag which will not show any items with occurrence of less than 1%. ? For example, the very first mask, "? Using filters

Apple zombie malware ‘NetWeird’ rummages for browser and email passwords When we write Naked Security articles about Mac malware, we often end up creating a bit of a stir. Usually that's not on account of the malware itself, but on account of us writing about it in the first place. Here's how it goes down. We write the article. The artistic fanbuoys (Apple users who are in a band, for example) chime in even more fiercely, saying Mac malware is a figment of everyone else's unimaginative delusion. The geeky fanbuoys (the ones who know where bash is, and what it's for) come out firmly to remind us - utterly without any accuracy - that if it doesn't ask for the Admin password, it can't be malware. And then the long-suffering but battle-hardened Windows users pop up and say, "Back in 1991, we felt the same way. So, with a deep breath, here's some Mac malware news. There's been a touch of fuss in the media about it, which is the first reason we thought that we ought to tell you about it; the second reason is that it has an engagingly curious name: NetWeird.

Three Archaic Backdoor Trojan Programs That Still Serve Great Pranks : Learn-Networking.com There are several things that come to mind when talk of the 1990′s comes around. Nirvana, vodka, cheap rap, and well- global warming wasn’t the subject of every conversation. But what really outshines the rest is the world of computing. Today these programs won’t make it past a cheap firewall. Back Orifice / Back Orifice 2000 Back Orifice, or BO, is one of the more common backdoor programs- and one of the most lethal of the bunch. Pictured above is Back Orifice Version 2000. Companies such as Symantec have taken steps in guarding computers against the program, as they have deemed it as dangerous. Back Orifice 2000 is being developed for Windows 95, Windows 98, Windows NT, Windows 2000, and Windows XP. Where Can I Download Back Orifice 2000? Back Orifice 2000 may be downloaded at the following location: Removal of Back Orifice 2000 will require that you edit your registry settings. How To Remove Back Orifice 2000 1. NetBus / Netbus 2.0 Pro 1. 1.

BitLocker Drive Encryption Availability[edit] BitLocker is available in the Enterprise and Ultimate editions of Windows Vista and Windows 7. It is also available in the Pro and Enterprise editions of Windows 8.[4] Users of other versions of Windows that do not include BitLocker can use a third-party encryption program to satisfy the need for full disk encryption (see comparison of disk encryption software). In the RTM release of Windows Vista, only the operating system volume could be encrypted using the GUI; encrypting other volumes required using WMI-based scripts included in Windows Vista in the %Windir%\System32 folder.[5] An example of how to use the WMI interface is in the script manage-bde.wsf that can be used to set up and manage BitLocker from the command line. With Windows Vista Service Pack 1 and Windows Server 2008, volumes other than the operating system volume can be encrypted using the graphical Control Panel applet as well.[6] Overview[edit] Operation[edit] Security concerns[edit] See also[edit]

combinator_attack [hashcat wiki] Description Each word of a dictionary is appended to each word in a dictionary. Input If our dictionary contains the words: pass 12345 omg Test Output Hashcat creates the following password candidates: passpass pass12345 passomg passTest 12345pass 1234512345 12345omg 12345Test omgpass omg12345 omgomg omgTest Testpass Test12345 Testomg TestTest Combinator Attack Within oclhashcat-plus Using the Combinator Attack within oclhashcat-plus (not standalone version of Combinator Attack). The command for the Combinator Attack in oclhashcat-plus is -a 1 If you wish to add rules to either the left or right dictionary or both at once then you can use the -j or -k commands. -j, --rule-left=RULE Single rule applied to each word on the left dictionary -k, --rule-right=RULE Single rule applied to each word on the right dictionary Example. Dictionary 1 yellow green black blue Dictionary 2 car bike Commands -j $- -k $! The output would be… yellow-car! Supported by This attack is currently supported by:

Comment identifier un blogueur anonyme ? En exploitant YouTube Pour gérer les multiples violations du droit d'auteur auquel il doit faire face sur YouTube, Google a choisi d'adopter un système de présomption de culpabilité à l'égard des internautes. Il suffit que des tiers accusent un utilisateur de violer des droits pour que ses vidéos soient retirées de façon préventive, sans avoir attendu les arguments de la défense. C'est ainsi que de façon spectaculaire, la NASA s'est vue sanctionnée pour avoir diffusé ses propres images. Ce système est déjà fortement critiquable en soit, tant il est générateur d'abus et d'erreurs qui lèsent la liberté d'expression, mais il est en plus la source de manipulations visant à obtenir l'identité d'internautes anonymes. Une blogueuse canadienne qui souhaite écrire sur son blog sans révéler au monde entier son identité, girlwriteswhat, raconte ainsi qu'elle a été accusée par deux personnes d'avoir enfreint des droits d'auteur en publiant des vidéos sur YouTube. Or c'est là que le bât blesse.

Linux Book Pro Five digital trends that will transform the way you run your business Here are five fascinating trends that are about to turn the way we do business on its head. Technology enthusiast Kevin Kelly compared technology to a biological organism: a complex, evolving organism, that moves so fast it's often hard for us humans to keep up. There are plenty of fascinating movements in the digital space happening at any given moment. Today, we're looking a little closer at some of the trends in technology that will have an enormous effect on the way business works. 1. The term “the internet of things” has been floating around the world since 1999, when technologist Kevin Ashton suggested that soon computers would be capable of generating and collecting data without human supervision. Over 50 per cent of internet connections are things: there are about 15bn “things” on the web, with 50bn plus intermittent connections. Key technologies here include embedded sensors, and image recognition. There are plenty of other examples. 2.

Locking the bad guys out with asymmetric encryption Encryption, the transformation of data into a form that prevents anyone unauthorized from understanding that data, is a fundamental technology that enables online commerce, secure communication, and the protection of confidential information. Encryption algorithms are the mathematical formulae for performing these transformations. You provide an encryption algorithm with a key and the data you want to protect (the plaintext), and it produces an encrypted output (the ciphertext). To read the output, you need to feed the key and the ciphertext into a decryption algorithm (sometimes these are identical to encryption algorithms; other times they are closely related but different). Encryption algorithms are designed so that performing the decryption process is unfeasibly hard without knowing the key. The algorithms can be categorized in many different ways, but perhaps the most fundamental is the distinction between symmetric and asymmetric encryption. c = me (mod n) Decryption is similar:

You Are Not Anonymous, Nothing Is Secure We’ve had the opportunity to have a chat with a former member of the infamous TeaMp0ison collective who has been recently raided by authorities. Although he has asked us not to reveal his true identity because the case is sealed, he wants to get his message out to all the black hats who are still active on the hacking scene. “I got raided on June 26 by 16 FBI agents, 2 special agents and 2 helicopters at 6AM. On the same day, 30 other, including Cosmo and JoshTheGod were raided. They had search warrants for electronics pertaining to TeaMp0isoN, Anonymous, Guy Fawkes and a hacking forum,” he started his story. As it had turned out, his past caught up with him. He revealed, “They have been trying to turn me informant while they were searching my stuff, lying blatantly to my face. “They were monitoring me due to my ways of activism heroism. The blackhat learned the hard way what’s it like to be on the other side of the fence, but he also learned about the true powers of law enforcement.

Related: