VnutZ Domain
Copyright © 1996 - 2021 [Matthew Vea] - All Rights Reserved

2010-01-25
Featured Article

Analysis of User Password Complacency

[index] [1,359 page views]

Hackers don't always have to target the obvious bullseye in order to take over their mark. Usually an ancillary target provides all the access you need. Recently, a site known as rockyou.com was breached with a common SQL injection vector to reveal 32 million user passwords and email accounts stored in plaintext. The site provides plug-ins and applications to such social networking sites as MySpace and FaceBook where user logins between systems are often authenticated on a shared basis. Security researchers Imperva decided to take a look at the unmasked passwords to get a feel for the awful password practices [pdf] from the "common internet user." Without going into too much detail, users failed to even remotely use complex passwords and when not found immediately in a dictionary lookup would easily be compromised for short length or limited keyspace. The most commonly used passwords included:

  • variations of simple number sequences (12345, 654321, etc)
  • catch phrases or letter sequences (Password, princess, iloveyou, Qwerty, abc123)
  • names (Nicole, Daniel, Jessica, Michael, Ashley)


More site content that might interest you:

That's one way to find unwitting participants for your cause ...


Try your hand at fate and use the site's continuously updating statistical analysis of the MegaMillions and PowerBall lotteries to choose "smarter" number. Remember, you don't have to win the jackpot to win money from the lottery!


Tired of social media sites mining all your data? Try a private, auto-deleting message bulletin board.


coinbase