Here is one:

Passwords based on three digit primes on small areas of the keyboard.

135 – prime three digits

!#% – special characters of the prime

QET – cap letters under the prime (to left)

wrr – lower letters under the prime (right)

You choose a row of prime numbers. Then you base all the other digits on that prime.

“Gov. Palin’s Alleged Hacker Indicted; Password Was ‘Popcorn’
A 20-year-old student at the University of Tennessee has been indicted for breaking into one of the email accounts of Gov. Sarah Palin and then posting screenshots of personal information obtained there to a public Web-site.

David Kernell, the son of a Democratic state lawmaker, was led into a Knoxville federal court wearing handcuffs and shackles on his ankles today and was released without posting bond, according to the Associated Press.”

Hope she’s changing all her passwords because more than likely they are all “Popcorn”.

http://voices.washingtonpost.com/cgi-bin/mt/mt-tb.cgi/25730

read more | digg story

Security Comedy by Digg user Garfoli:
Cthon98: hey, if you type in your pw, it will show as stars
Cthon98: ********* see!
AzureDiamond: hunter2
AzureDiamond: doesnt look like stars to me
Cthon98: AzureDiamond: *******
Cthon98: thats what I see
AzureDiamond: oh, really?
Cthon98: Absolutely
AzureDiamond: you can go hunter2 my hunter2-ing hunter2
AzureDiamond: haha, does that look funny to you?
Cthon98: lol, yes. See, when YOU type hunter2, it shows to us as *******
AzureDiamond: thats neat, I didnt know IRC did that
Cthon98: yep, no matter how many times you type hunter2, it will show to us as *******
AzureDiamond: awesome!
AzureDiamond: wait, how do you know my pw?
Cthon98: er, I just copy pasted YOUR ******’s and it appears to YOU as hunter2 cause its your pw
AzureDiamond: oh, ok.

**Popcorn!

read more | digg story

The Home Office will create a database to store the details of every phone call made, every email sent and every web page visited by British citizens in the previous year under plans currently under discussion, it has emerged.

The Government wants to create the system to fight terrorism and crime. The police and security services believe it will make it easier to access important data as communications become more complex.

Telecoms firms and internet service providers (ISPs) have already been approached by the Home Office, which would be given customer records if the plans were realized.

Only a matter of time before the same happens in the U.S. It might already be underway by the NSA. Who knows.

more at Telegraph.co.uk

read more | digg story

Joseph Thomas Colon, 28, is a former employee of BAE Systems.  His pentest allowed him to obtain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.  According to Colon, the FBI field office in Springfield, Ill., he was attached to gave him approval.

However, every professional pentester and/or ethical hackers knows that you have to get formal approval from an authority. 

Colon's lawyer said in a court filing that his client was hired to work on the FBI's “Trilogy” computer system but became frustrated over “bureaucratic” obstacles, such as obtaining written authorization from the FBI's Washington headquarters for “routine” matters such as adding a printer or moving a new computer onto the system. 

As a result, Mr. Colon will likely serve about 18 months in prison. …

Pentesting and ethical hacking tools and techniques must be dealt with responsibly.  The bureacracies that might allow pentesting must be respected at all costs.  The first thing in Pentesting and ethical hacking that is taught is to ALWAYs, ALWAYS, ALWAYS get writen consent to procede from the owners of the system.

So here is something I've been wanting to do for a while.  This is a simple walkthrough on how to use the EBCD.  I'm still working on it.  As with my in entire “hacked” series it is a work in progress.

The EBCD was created by Mikhail Kupchik.  Give him donation if you like his work.  One of these days I hope to have the coding skills necessary to bring to life tools as usefull as this.  These days I'm more into web applications and learning PHP.  Cools stuff.

This password says “Mike at Home”. It is a good idea to make the password something that is easy to remember. 53Xon+Be@ch

Here is another one that is hard to crack and easy to remember. It says “Sex on the Beach” (”the” is replaced with “+”)

@o15uX@55

If you are on AOL this one might be easy to remember as well.

+H1SismyBby

If you have to log on to a baby site, a password similar to this might help. It says “this is my baby”.

This is the general idea for generating good passwords. But if you have like 30-40 passwords and don't want them to all be the same here is another method that could help you.  READ more about how to create a password and MANUAL ENCRYPTION here.

If you don't think it is possible to eyeball someone's keystrokes and know their password, think again.

In the '90s, I didn't know much about computers or computer security. I was a military cop well versed in physical security and air base ground defense and only used computers for screwing around. My passwords were as easy as possible so I could remember them.

I didn't fully appreciate the importance of having a strong password until my wife hacked my Hotmail account. No big deal right… WRONG. Like I said I was screwing around. I was big into flirting in chat rooms and on email. I was just having fun with what I thought were beautiful young ladies, but who (realistically) were probably neither beautiful or young or (shedding a tear) ladies.

I'd been spending so much time online with chatrooms and EverQuest (a.k.a EverCrack) that my wife started to get very jealous of the computer and suspected I was up to something. So she shoulder surfed me one night, got my password, and got into my account while I was at work.

To make a long story even longer, my wife went crazy. She called my job screaming, I had to respond to my own house, my weapon was taken away (this is like being neutered for a cop), and the beautiful young lady that I was chatting with…. It was a man (yeah, it was like a cyber Crying Game). Needless to say, I don't do much of ANY chatting these days. But I digress.

Tips to guard your hotmail account cracks, via shoulder surfers.

Unfortunately, many of the methods that thieves use to steal identities are beyond your control to guard against. Although it's rare, even store clerks have been known to use their position to pass along information to identity thieves. There are some measures you can take, however, that will make it harder for a thief to steal your identity.

Protect Your Credit Card Number When Making Purchases

After you make a purchase and your credit or debit card has been swiped through a credit card terminal, check to make sure that the printed receipt hides all but the last 4 digits of your credit card account number (usually there will be Xs in place of the first 12 digits). Some terminals still print receipts that show all 16 digits of an account number, and may even include the expiration date as well. After your card is swiped, you're permitted by law to hide the first 12 digits of your account number on the copy of the receipt that the vendor keeps. Use any marking pen that will do the job.

When you go to a restaurant, it's especially important to make sure that the first 12 digits of your credit card number are hidden on your receipt. You might be in the habit of signing it and then leaving the restaurant's copy on the table after your meal. An identity thief can easily steal the signed receipt before the waitperson comes back around to pick it up from the table. Don't take any chances.

Do You Really Need To Give Your Social Security Number?

Another important way that you can guard against identity theft is to avoid giving out your social security number unless it's absolutely required. Although you need to share your social security number when you apply for credit or for a bank account, sometimes a store or an organization will want to use it as an ID number, simply to identify you within their system. This is a common practice even though the law says that social security numbers aren't to be used as ID numbers. In these situations, use your judgment. There's usually an alternative if you ask.

Destroy Documents That Contain Sensitive Personal Information

Buy a paper shredder and use it to destroy documents you're throwing away which contain personal information such as credit card numbers, social security numbers, phone numbers and dates of birth. This is important to do both at home and at work. Identity thieves aren't above going through someone's trash to find valuable personal information that can help them obtain credit in your name.

If The Worst Happens

If you do become a victim of identity theft, take the following steps immediately:

• Contact your credit card companies, close your accounts and ask to have new cards issued to you.
• Place a fraud alert on your file with any one of the three major credit bureaus. The other two will be notified automatically.
• File a police report. You may need it to show to creditors as proof of the crime.
• File a complaint with the FTC, which maintains a database of identity theft cases used by law enforcement agencies for their investigations.