http://blogs.forbes.com/andygreenberg/2010/08/26/researcher-creates-clearinghouse-of-14-million-hacked-passwords/ By Andy Greenberg The Firewall Forbes.com August 26, 2010 The "Wall of Sheep" has become a cherished tradition at the annual Defcon hacker conference in Las Vegas: Anyone foolish enough to use the local wireless network at the hotel will likely have his or her username and password stolen, and later see those vital digital details projected onto a screen for thousands of attendees to see. Now Canadian researcher Ron Bowes has created a sort of Wall of Sheep for the entire Internet. By simply collecting all the publicly-spilled repositories of users' passwords from recent hacking incidents, he's created a clearinghouse for stolen passwords on his Web site - 14,488,929 distinct passwords to be exact, collected from 32,943,045 users. Bowes didn't steal these passwords, and they're not associated with usernames, an extra piece of data that would make listing them far more dangerous. All but 250,000 or so became public after the breach of RockYou.com, a social networking applications site penetrated by cybercriminals using an SQL-injection. Another 180,000 were spilled when the bulletin board software site phpbb was hacked using a vulnerability in one of the site's plugins. 37,000 more were stolen from MySpace using phishing techniques. Bowes, a consultant with Dash9 security and a developer for security scanning tool NMap, says he collected the passwords to help researchers figure out how users choose passwords and make the authentication process more secure. The site he’s assembled is a wiki, so anyone can update it with new breached password lists. "Since I created it, I've had exceptionally good feedback from researchers around the world.," Bowes wrote in his blog. " As far as I know, it’s the best collection of breached passwords anywhere." [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Aug 26 2010 - 22:57:49 PDT
This archive was generated by hypermail 2.2.0 : Thu Aug 26 2010 - 23:05:36 PDT