(Source: icanhascheezburger)
Facebook, Gmail, and Twitter pages defaced as mob mentality rules
Today everyone's
favorite (or least favorite, perhaps) cyberbandits, LulzSec, leaked
62,000 peoples' email addresses and passwords.
The listing, which can be found here in
text file form, has lots of different users and passwords. A few notes --
the passwords appear to be all 15 or less characters and don't include capital
letters (the last entry seems a fluke).
This could simply be a coincidence that speaks to peoples' password tendencies
these days, or it could be a sign that LulzSec used brute force attacks to
crack these passwords.
Using an SSD-driven rainbow tables approach, a 14-character
hashed password can be cracked in about 5 seconds; cracking 62,000 passwords
would take approximately three and a half days, at most (probably less if you
exclude capitals). Of course that's for Windows passwords, which use MD4
hashing. More secure sites likely use MD5 and SHA1, in addition to
salting, and a high iteration account -- of course there's plenty of sites that
are probably using MD4 with no salting or -- as the Sony hacks showed --
storing passwords as cleartext in web accessible databases.
Many users whose email addresses were hacked subsequently had their Twitter or
Facebook accounts illegitimately accessed and defaced [source].
It appears that the internet equivalent of a mob is behind these attacks
-- thousands of individuals have downloaded the file containing the passwords
and begun to try to access peoples' accounts.
The Next Web has been promoting a tool to find if you've been
hacked, stating, "We've promised we won't say who built it, but can
absolutely 100% assure it wasn't LulzSec and there's no email harvesting going
on."
That said, the widget -- originally hosted here --
is the work of an unknown developer, so entrusting it with your emails might
not be wise.
As always you can maintain safety online by:
- Using one-time use accounts for your various online registrations (to avoid one
account being compromised allowing others to be
compromised).
- Use passphrases with numbers, capital letters, and preferably ASCII symbols.
- Make sure your passwords are over 20 characters long.
- Don't reuse passwords.
- Don't share passwords with anyone.
While the above may seem difficult, it will allow you to remain safe from
cybercrime online, for the most part.
"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki
|
Most Popular ArticlesReport: Microsoft Eyes Return to "Dying" Windows 7 Path After Windows 8 Flop
May 13, 2013, 9:50 AM
Windows 8.1 Will Be Free; Microsoft Holds Onto Struggling ARM Variant
May 14, 2013, 2:57 PM
Bill Gates Gets Teary-Eyed While Discussing Steve Jobs, Shows Off Life-Saving Tech on 60 Minutes
May 13, 2013, 12:30 PM
Google Announces "Pure" Galaxy Nexus S4 for $649, Android Updates
May 15, 2013, 1:42 PM
Google's Eric Schmidt: "Don't Be Evil" was Stupid
May 14, 2013, 11:00 AM
|
