[ISN] Researcher Creates Clearinghouse Of 14 Million Hacked Passwords

From: InfoSec News <alerts_at_private>
Date: Fri, 27 Aug 2010 00:57:49 -0500 (CDT)
http://blogs.forbes.com/andygreenberg/2010/08/26/researcher-creates-clearinghouse-of-14-million-hacked-passwords/

By Andy Greenberg
The Firewall
Forbes.com
August 26, 2010

The "Wall of Sheep" has become a cherished tradition at the annual 
Defcon hacker conference in Las Vegas: Anyone foolish enough to use the 
local wireless network at the hotel will likely have his or her username 
and password stolen, and later see those vital digital details projected 
onto a screen for thousands of attendees to see.

Now Canadian researcher Ron Bowes has created a sort of Wall of Sheep 
for the entire Internet. By simply collecting all the publicly-spilled 
repositories of users' passwords from recent hacking incidents, he's 
created a clearinghouse for stolen passwords on his Web site - 
14,488,929 distinct passwords to be exact, collected from 32,943,045 
users.

Bowes didn't steal these passwords, and they're not associated with 
usernames, an extra piece of data that would make listing them far more 
dangerous. All but 250,000 or so became public after the breach of 
RockYou.com, a social networking applications site penetrated by 
cybercriminals using an SQL-injection. Another 180,000 were spilled when 
the bulletin board software site phpbb was hacked using a vulnerability 
in one of the site's plugins. 37,000 more were stolen from MySpace using 
phishing techniques.

Bowes, a consultant with Dash9 security and a developer for security 
scanning tool NMap, says he collected the passwords to help researchers 
figure out how users choose passwords and make the authentication 
process more secure. The site he’s assembled is a wiki, so anyone can 
update it with new breached password lists. "Since I created it, I've 
had exceptionally good feedback from researchers around the world.," 
Bowes wrote in his blog. " As far as I know, it’s the best collection of 
breached passwords anywhere."

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Thu Aug 26 2010 - 22:57:49 PDT

This archive was generated by hypermail 2.2.0 : Thu Aug 26 2010 - 23:05:36 PDT