jboy Posted February 8, 2007 Report Share Posted February 8, 2007 http://news.yahoo.com/s/pcworld/20070207/tc_pcworld/128823 Study: Weak Passwords Really Do Help Hackers Todd R. Weiss, Computerworld Wed Feb 7, 4:00 PM ET Left online for 24 days to see how hackers would attack them, four Linux computers with weak passwords were hit by some 270,000 intrusion attempts-- about one attempt every 39 seconds, according to a study conducted by a researcher at the University of Maryland. Among the key findings: Weak passwords really do make hackers' jobs much easier. The study also found that improved selection of usernames and associated passwords can make a big difference in whether attackers get into someone's computer. Using software tools that help hackers guess usernames and passwords, the study logged the most common words hackers tried to use to log into the systems. Cukier and two graduate students found that most attacks were conducted by hackers using dictionary scripts, which run through lists of common usernames and passwords in attempts to break into a computer. Some 825 of the attacks were ultimately successful and the hackers were able to log into the systems. The study was conducted between Nov. 14 and Dec. 8 at the school. [excerpted from the link above; more details in the original article] Quote Link to comment Share on other sites More sharing options...
arctic Posted February 8, 2007 Report Share Posted February 8, 2007 Study: Weak Passwords Really Do Help Hackers Hmmm... not very surprising, isn't it? ;) Quote Link to comment Share on other sites More sharing options...
tyme Posted February 8, 2007 Report Share Posted February 8, 2007 This is from the "so-obvious-it's-painful" research department, apparently ;) - an interesting article, just the conclusion was a bit obvious. Quote Link to comment Share on other sites More sharing options...
Darkelve Posted February 8, 2007 Report Share Posted February 8, 2007 0,30% ? Now let's do the same with a Windows box B) Quote Link to comment Share on other sites More sharing options...
SilverSurfer60 Posted February 8, 2007 Report Share Posted February 8, 2007 Yes I read the article and was surprised where it was suggested the most common user name was 'root', how did they come by that I wonder? :o Quote Link to comment Share on other sites More sharing options...
RadioEar Posted February 9, 2007 Report Share Posted February 9, 2007 They accessed other peoples computers and got their passwords. ;) Quote Link to comment Share on other sites More sharing options...
tyme Posted February 9, 2007 Report Share Posted February 9, 2007 They accessed other peoples computers and got their passwords. ;)Did you read the article? They actually set up the four computers to be cracked, they didn't crack any themselves. Quote Link to comment Share on other sites More sharing options...
Qchem Posted February 9, 2007 Report Share Posted February 9, 2007 This is from the "so-obvious-it's-painful" research department, apparently ;) - an interesting article, just the conclusion was a bit obvious. True. Hopefully it'll help educate some users though. Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 9, 2007 Report Share Posted February 9, 2007 This is from the "so-obvious-it's-painful" research department, apparently ;) - an interesting article, just the conclusion was a bit obvious. LOL, true but the other point I have made before is for dictionary cracks it helps a lot if the username itself is not common if its an internet facing account.... If for instance you have ssh open (because you use it) then unless they find a valid username the password doesn't help.... Indeed what I found having a weak username is once they find a valid username they get all excited and regardless of the length and complexity of your password they keep going from more and more machines... if you don't do anytthing eventually you are inconvenienced by a DOS just from the pure weight of attacks. So anyway.... my procedure is only have one external facing account and make it a complex one and not used as a normal user. Then block all other users from outside your own net... When the crackers can't find a username they move on in my experience but once they find one your screwed anyway... even if you then remove that username they dumbly go on and on... Quote Link to comment Share on other sites More sharing options...
javaguy Posted February 9, 2007 Report Share Posted February 9, 2007 (edited) This reminds me of a news article I read some years ago about an 8-year, multimillion dollar study--taxpayer funded, of course--of the causes of cars getting hit by trains. The researchers concluded that cars get hit by trains for two reasons: 1. The driver didn't see the train, or 2. the driver saw the train but thought he could make it across the track in time. Apparently some people need a study to tell them this stuff. Up next: Sun to rise in East tomorrow. [edit: fixed incoherent sentence] Edited February 9, 2007 by javaguy Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 9, 2007 Report Share Posted February 9, 2007 This reminds me of a news article I read some years ago about an 8-year, multimillion dollar study--taxpayer funded, of course--of the causes of cars getting hit by trains. The researchers concluded that cars get hit by trains for two reasons:1. The driver didn't see the train, or 2. the driver saw the train but thought he could make it across the track in time. Apparently some people need a study to tell them this stuff. Up next: Sun to rise in East tomorrow. [edit: fixed incoherent sentence] Yep it really sounds like something striaght out of Dilbert.... I remember a while back BA made a big study about "air rage" ... somehow they didn't understand why people were still getting angry on flights after they cut back on alcohol? Apparently several hundred thousand dollars later they found out that heavy smokers on long haul flights get a bit uppety? I really wish I could get paid huge amounts for stating the bleeding obvious :D Quote Link to comment Share on other sites More sharing options...
RadioEar Posted February 9, 2007 Report Share Posted February 9, 2007 They accessed other peoples computers and got their passwords. ;)Did you read the article? They actually set up the four computers to be cracked, they didn't crack any themselves. It was a joke old budy. :P Quote Link to comment Share on other sites More sharing options...
tyme Posted February 9, 2007 Report Share Posted February 9, 2007 It was a joke old budy. :P Well, I musta missed it... :unsure: - went over my head, I suppose. Quote Link to comment Share on other sites More sharing options...
RadioEar Posted February 9, 2007 Report Share Posted February 9, 2007 Well, I musta missed it... :unsure: - went over my head, I suppose. See the ;) guy, tyme? Quote Link to comment Share on other sites More sharing options...
tyme Posted February 9, 2007 Report Share Posted February 9, 2007 I saw that, I just didn't get the joke, is all. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.