Prueba
Páginas: 7 (1525 palabras)
Publicado: 27 de octubre de 2011
How I'd hack your passwords
An Internet security expert explains just how vulnerable your online accounts are. He also provides tips on making passwords more secure.
* 18
* You recommend this92%You don't recommend this8%
* Shared 3747 times
*
Related topics: banking, financial privacy, identity theft, online banking, credit cards
If you invited me to try and crack yourpassword -- you know, the one that you use over and over for like every Web page you visit -- how many guesses would it take before I got it?
Let's see . . . here is my top-10 list. I can obtain most of this information much easier than you think. Then I might just be able to get into your e-mail, computer or online banking. After all, if I get into one, I'll probably get into all of them.
What todo if your identity is stolen
* Your partner, child or pet's name, possibly followed by a 0 or 1 (because they're always making you use a number, aren't they?).
* The last four digits of your Social Security number.
* 123 or 1234 or 123456.
* "password."
* Your city, or college, football team name.
* Date of birth -- yours, your partner's or your child's.
* "god."
*"letmein."
* "money."
* "love."
Statistically speaking, that should probably cover about 20% of you. But don't worry: If I didn't get it yet, it will probably only take a few more minutes before I do.
3 tips to avoid credit card scams
View more MSN videosGo to Money Talks News
Hackers, and I'm not talking about the ethical kind, have developed a range of tools to get at yourpersonal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)
One of the simplest ways to gain access to your information is through the use of a brute-force attack. This is accomplished when a hacker uses a specially written piece of softwareto attempt to log into a site using your credentials. A few years ago, Insecure.org published a top-10 list of password crackers.
So, how would one use this process to actually breach your personal security? Simple. Follow my logic:
* You probably use the same password for lots of stuff, right?
* Some sites you access, such as your bank or work VPN, probably have pretty decent security,so I'm not going to attack them.
* However, other sites, such as an e-mail greeting-card site, an online forum you frequent or an e-commerce site you've shopped at, might not be as well-prepared. So those are the ones I'd work on.
* So, all we have to do now is unleash a password cracker such as THC Hydra on their server with instructions to try, say, 10,000 different user names andpasswords (or 100,000 -- whatever makes you happy) as fast as possible.
* Once we've got several login-plus-password pairings, we can then go back and test them on targeted sites.
* But wait: How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser's cache. (Read this post toremedy that problem.)
And how fast could this be done? Well, that depends on three main things: the length and complexity of your password, the speed of the hacker's computer and the speed of the hacker's Internet connection.
(Continued ...)
Assuming the hacker has a reasonably fast connection and PC, below is an estimate of the amount of time it would take to generate every possible combinationof passwords for a given number of characters. After generating the list, it's just a matter of time before the computer runs through all the possibilities -- or gets shut down trying.
|
Password length | All characters | Only lowercase characters |
3 characters | 0.86 second | 0.02 second |
4 characters | 1.36 minutes | 0.046 second |
5 characters | 2.15 hours | 11.9 seconds |
6...
An Internet security expert explains just how vulnerable your online accounts are. He also provides tips on making passwords more secure.
* 18
* You recommend this92%You don't recommend this8%
* Shared 3747 times
*
Related topics: banking, financial privacy, identity theft, online banking, credit cards
If you invited me to try and crack yourpassword -- you know, the one that you use over and over for like every Web page you visit -- how many guesses would it take before I got it?
Let's see . . . here is my top-10 list. I can obtain most of this information much easier than you think. Then I might just be able to get into your e-mail, computer or online banking. After all, if I get into one, I'll probably get into all of them.
What todo if your identity is stolen
* Your partner, child or pet's name, possibly followed by a 0 or 1 (because they're always making you use a number, aren't they?).
* The last four digits of your Social Security number.
* 123 or 1234 or 123456.
* "password."
* Your city, or college, football team name.
* Date of birth -- yours, your partner's or your child's.
* "god."
*"letmein."
* "money."
* "love."
Statistically speaking, that should probably cover about 20% of you. But don't worry: If I didn't get it yet, it will probably only take a few more minutes before I do.
3 tips to avoid credit card scams
View more MSN videosGo to Money Talks News
Hackers, and I'm not talking about the ethical kind, have developed a range of tools to get at yourpersonal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)
One of the simplest ways to gain access to your information is through the use of a brute-force attack. This is accomplished when a hacker uses a specially written piece of softwareto attempt to log into a site using your credentials. A few years ago, Insecure.org published a top-10 list of password crackers.
So, how would one use this process to actually breach your personal security? Simple. Follow my logic:
* You probably use the same password for lots of stuff, right?
* Some sites you access, such as your bank or work VPN, probably have pretty decent security,so I'm not going to attack them.
* However, other sites, such as an e-mail greeting-card site, an online forum you frequent or an e-commerce site you've shopped at, might not be as well-prepared. So those are the ones I'd work on.
* So, all we have to do now is unleash a password cracker such as THC Hydra on their server with instructions to try, say, 10,000 different user names andpasswords (or 100,000 -- whatever makes you happy) as fast as possible.
* Once we've got several login-plus-password pairings, we can then go back and test them on targeted sites.
* But wait: How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser's cache. (Read this post toremedy that problem.)
And how fast could this be done? Well, that depends on three main things: the length and complexity of your password, the speed of the hacker's computer and the speed of the hacker's Internet connection.
(Continued ...)
Assuming the hacker has a reasonably fast connection and PC, below is an estimate of the amount of time it would take to generate every possible combinationof passwords for a given number of characters. After generating the list, it's just a matter of time before the computer runs through all the possibilities -- or gets shut down trying.
|
Password length | All characters | Only lowercase characters |
3 characters | 0.86 second | 0.02 second |
4 characters | 1.36 minutes | 0.046 second |
5 characters | 2.15 hours | 11.9 seconds |
6...
Leer documento completo
Regístrate para leer el documento completo.