![]() In keeping with a poor security posture, RockYou didn’t enforce any password complexity, and so unsurprisingly most of the passwords were very basic. Attackers and security workers the world over have been using that word list ever since. The data hit the wider internet and the rest is history (including RockYou being fined $250,000 by the FTC – ouch). Far worse, all of their user’s 14 million passwords were stored in plain text format. In December 2009, the social game developer RockYou was breached via a simple SQL injection attack. Today, we’d like to share some of his insanity with you. A little too interested, sometimes… enter Neil Lines ( a man who took things just a little bit too far. For the uninitiated, password selection often follows a psychologically predictable format: familiar base words, upper case characters at the start and digits based on years at the end are all traits that we see often and get interested in. We humans are basic creatures creatures of habit and simplicity. An attacker’s ability to gain credentials is often a key factor to their success. It’s 2016 and passwords are still a fundamental tenet of a systems security posture. When you absolutely, positively, got to crack every hash in the room accept no substitutes. If you need a huge word list before you hit those mask attacks, we’ve got you covered. Bigger isn’t always better, but sometimes it is. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |