Top
Browse > Home / Archive by category 'Passwords'

Password Creation & Memorizing Tip (primes)

April 16, 2009

Since the DOD has made the password requirement impossible, I’ve been coming up with complex password methods that are easy to remember.

Here is one:

Passwords based on three digit primes on small areas of the keyboard.

135 – prime three digits

!#% – special characters of the prime

QET – cap letters under the prime (to left)

wrr – lower letters under the prime (right)

You choose a row of prime numbers. Then you base all the other digits on that prime.

Popularity: 4% [?]

Written by elamb.security · Filed Under Main Digg, Passwords 

Palin’s password was Popcorn?

October 9, 2008

I was wondering why conservative talk were accusing the Dems and/or liberals for hacking Palin’s account. Apparently, the guy who hacked into her account (gov.palin@yahoo.com) is the son of Rep. Mike Kernell, Tennessee state lawmaker. He simply used the “forgot my password” feature and then used publically available information to answer the security questions.

“Gov. Palin’s Alleged Hacker Indicted; Password Was ‘Popcorn’
A 20-year-old student at the University of Tennessee has been indicted for breaking into one of the email accounts of Gov. Sarah Palin and then posting screenshots of personal information obtained there to a public Web-site.

David Kernell, the son of a Democratic state lawmaker, was led into a Knoxville federal court wearing handcuffs and shackles on his ankles today and was released without posting bond, according to the Associated Press.”

Hope she’s changing all her passwords because more than likely they are all “Popcorn”.

http://voices.washingtonpost.com/cgi-bin/mt/mt-tb.cgi/25730

read more | digg story

Popularity: 10% [?]

Written by elamb · Filed Under I got hacked, Main Digg, Passwords, hacking 

Top 10 Most Common Passwords

October 9, 2008

Life these days has become largely dependent on passwords – whether we’re checking our emails, transferring funds or shopping online, passwords have their part to play.

Security Comedy by Digg user Garfoli:
Cthon98: hey, if you type in your pw, it will show as stars
Cthon98: ********* see!
AzureDiamond: hunter2
AzureDiamond: doesnt look like stars to me
Cthon98: AzureDiamond: *******
Cthon98: thats what I see
AzureDiamond: oh, really?
Cthon98: Absolutely
AzureDiamond: you can go hunter2 my hunter2-ing hunter2
AzureDiamond: haha, does that look funny to you?
Cthon98: lol, yes. See, when YOU type hunter2, it shows to us as *******
AzureDiamond: thats neat, I didnt know IRC did that
Cthon98: yep, no matter how many times you type hunter2, it will show to us as *******
AzureDiamond: awesome!
AzureDiamond: wait, how do you know my pw?
Cthon98: er, I just copy pasted YOUR ******’s and it appears to YOU as hunter2 cause its your pw
AzureDiamond: oh, ok.

**Popcorn!

read more | digg story

Popularity: 4% [?]

Written by elamb · Filed Under Main Digg, Other Stuff, Passwords 

UK planning to monitor and record every phone call, web page, and email sent by citizens

May 24, 2008

The Home Office will create a database to store the details of every phone call made, every email sent and every web page visited by British citizens in the previous year under plans currently under discussion, it has emerged.

The Government wants to create the system to fight terrorism and crime. The police and security services believe it will make it easier to access important data as communications become more complex.

Telecoms firms and internet service providers (ISPs) have already been approached by the Home Office, which would be given customer records if the plans were realized.

Only a matter of time before the same happens in the U.S. It might already be underway by the NSA. Who knows.

more at Telegraph.co.uk

Popularity: 7% [?]

Written by elamb.security · Filed Under Passwords, Privacy 

Code cracking is the new pot of gold

September 19, 2006

If you think the password protection on your MS Word file is keeping it safe from prying eyes, you’re wrong. The time it takes to crack password-protected Microsoft Office files has tumbled from a 25-day average to a matter of seconds, thanks to a decades-old code-cracking technique that until recently was not viable.

read more | digg story

Popularity: 5% [?]

Written by elamb · Filed Under Main Digg, Passwords 

Former Pentester of FBI, hacks the FBI

July 6, 2006

This case is not the same as the Department of Veteran Affairs loss of records or the Department of Agricultures security failures.  In this case, a contracting consultant conducted a penetration test with out getting formal approval.  He expoited the FBI's vulnerabilities to gain elevated privledges.

Joseph Thomas Colon, 28, is a former employee of BAE Systems.  His pentest allowed him to obtain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.  According to Colon, the FBI field office in Springfield, Ill., he was attached to gave him approval.

However, every professional pentester and/or ethical hackers knows that you have to get formal approval from an authority. 

Colon's lawyer said in a court filing that his client was hired to work on the FBI's “Trilogy” computer system but became frustrated over “bureaucratic” obstacles, such as obtaining written authorization from the FBI's Washington headquarters for “routine” matters such as adding a printer or moving a new computer onto the system. 

As a result, Mr. Colon will likely serve about 18 months in prison. :(

Pentesting and ethical hacking tools and techniques must be dealt with responsibly.  The bureacracies that might allow pentesting must be respected at all costs.  The first thing in Pentesting and ethical hacking that is taught is to ALWAYs, ALWAYS, ALWAYS get writen consent to procede from the owners of the system.

 

Popularity: 9% [?]

Written by elamb.security · Filed Under CEH, Computer Security, Passwords, hackers, security, security testing, vulnerabilities 

Password Hacking Programs: EBCD

May 24, 2006

One of my favorite Password hacking programs is the EBCD.  EBCD stands for Emergency Boot disk.  Since it operates on Linux, many people have a hard time using it.  Anytime, that I've had friends that have locked themselves out of their own system or some co-workers who forgot their login to the corporate laptop and I give them a copy of the EBCD they are at a loss on how to use it because to command line Linux.

So here is something I've been wanting to do for a while.  This is a simple walkthrough on how to use the EBCD.  I'm still working on it.  As with my in entire “hacked” series it is a work in progress.

The EBCD was created by Mikhail Kupchik.  Give him donation if you like his work.  One of these days I hope to have the coding skills necessary to bring to life tools as usefull as this.  These days I'm more into web applications and learning PHP.  Cools stuff.

Popularity: 8% [?]

Written by elamb.security · Filed Under Passwords, hacking, security 

Create A Password

May 17, 2006

Creating a Password is easy. Standard practice to create a password that is fairly difficult to crack consists of using at least 8 character with upper and lowercase letters, a number and a special character. So your password should look like this: M1k3@H0m3

This password says “Mike at Home”. It is a good idea to make the password something that is easy to remember. 53Xon+Be@ch

Here is another one that is hard to crack and easy to remember. It says “Sex on the Beach” (”the” is replaced with “+”)

@o15uX@55

If you are on AOL this one might be easy to remember as well.

+H1SismyBby

If you have to log on to a baby site, a password similar to this might help. It says “this is my baby”.

This is the general idea for generating good passwords. But if you have like 30-40 passwords and don't want them to all be the same here is another method that could help you.  READ more about how to create a password and MANUAL ENCRYPTION here.

Popularity: 5% [?]

Written by elamb.security · Filed Under Passwords, personal computer security, security 

She Cracked my Hotmail Password: a sad shoulder surfing story

May 16, 2006

Ever type in your password at work and notice that there is someone standing behind you watching your fingers very closely as if trying to decipher you password? This is known as “Shoulder Surfing.”

If you don't think it is possible to eyeball someone's keystrokes and know their password, think again.

In the '90s, I didn't know much about computers or computer security. I was a military cop well versed in physical security and air base ground defense and only used computers for screwing around. My passwords were as easy as possible so I could remember them.

I didn't fully appreciate the importance of having a strong password until my wife hacked my Hotmail account. No big deal right… WRONG. Like I said I was screwing around. I was big into flirting in chat rooms and on email. I was just having fun with what I thought were beautiful young ladies, but who (realistically) were probably neither beautiful or young or (shedding a tear) ladies.

I'd been spending so much time online with chatrooms and EverQuest (a.k.a EverCrack) that my wife started to get very jealous of the computer and suspected I was up to something. So she shoulder surfed me one night, got my password, and got into my account while I was at work.

To make a long story even longer, my wife went crazy. She called my job screaming, I had to respond to my own house, my weapon was taken away (this is like being neutered for a cop), and the beautiful young lady that I was chatting with…. It was a man (yeah, it was like a cyber Crying Game). Needless to say, I don't do much of ANY chatting these days. But I digress.

Tips to guard your hotmail account cracks, via shoulder surfers.

Popularity: 8% [?]

Written by elamb.security · Filed Under Computer Security, Computer Security/Home Computer Security, Computer Security/Home Computer Security/Home Computer , I got hacked, Passwords, personal computer security, security 

Strategies To Protect Yourself Against Identity Theft

September 15, 2005

Identity theft is a serious crime that is growing each year. If you're a victim of identity theft you may spend months, even years, trying to repair a ruined credit history. A seriously damaged credit report can compromise your chances of getting a new job, a bank loan, insurance or even rental housing. It's even possible to be arrested for a crime you didn't commit if someone else has used your identity to break the law.

Unfortunately, many of the methods that thieves use to steal identities are beyond your control to guard against. Although it's rare, even store clerks have been known to use their position to pass along information to identity thieves. There are some measures you can take, however, that will make it harder for a thief to steal your identity.

Protect Your Credit Card Number When Making Purchases

After you make a purchase and your credit or debit card has been swiped through a credit card terminal, check to make sure that the printed receipt hides all but the last 4 digits of your credit card account number (usually there will be Xs in place of the first 12 digits). Some terminals still print receipts that show all 16 digits of an account number, and may even include the expiration date as well. After your card is swiped, you're permitted by law to hide the first 12 digits of your account number on the copy of the receipt that the vendor keeps. Use any marking pen that will do the job.

When you go to a restaurant, it's especially important to make sure that the first 12 digits of your credit card number are hidden on your receipt. You might be in the habit of signing it and then leaving the restaurant's copy on the table after your meal. An identity thief can easily steal the signed receipt before the waitperson comes back around to pick it up from the table. Don't take any chances.

Do You Really Need To Give Your Social Security Number?

Another important way that you can guard against identity theft is to avoid giving out your social security number unless it's absolutely required. Although you need to share your social security number when you apply for credit or for a bank account, sometimes a store or an organization will want to use it as an ID number, simply to identify you within their system. This is a common practice even though the law says that social security numbers aren't to be used as ID numbers. In these situations, use your judgment. There's usually an alternative if you ask.

Destroy Documents That Contain Sensitive Personal Information

Buy a paper shredder and use it to destroy documents you're throwing away which contain personal information such as credit card numbers, social security numbers, phone numbers and dates of birth. This is important to do both at home and at work. Identity thieves aren't above going through someone's trash to find valuable personal information that can help them obtain credit in your name.

If The Worst Happens

If you do become a victim of identity theft, take the following steps immediately:

  • Contact your credit card companies, close your accounts and ask to have new cards issued to you.
  • Place a fraud alert on your file with any one of the three major credit bureaus. The other two will be notified automatically.
  • File a police report. You may need it to show to creditors as proof of the crime.
  • File a complaint with the FTC, which maintains a database of identity theft cases used by law enforcement agencies for their investigations.

Popularity: 8% [?]

Written by elamb.security · Filed Under I got hacked, I got hacked/Phishing, Identity Theft, Internet and Information Technology Security, Passwords, Privacy, security 

Next Page »

Bottom