[ISN] Anonymous hack showed password re-use becoming endemic

From: InfoSec News <alerts_at_private>
Date: Fri, 11 Feb 2011 03:50:19 -0600 (CST)
http://www.theregister.co.uk/2011/02/10/password_re_use_study/

By John Leyden
The Register
10th February 2011 

Computer scientists have discovered that password re-use is far more 
prevalent than previously thought after comparing a sample of matched 
passwords that spilled out at a result of the revenge attack by 
Anonymous against security researchers HBGary with the earlier Gawker 
password breach sample set.

Hackers affiliated with Anonymous used one of the stolen credentials, 
and some social engineering trickery, to gain root access a site 
established by HBGary, rootkit.com. The subsequent release of 81,000 
hashed passwords from rootkit.com’s SQL databases has allowed 
researchers to compare the databaset with the much larger sample of 
hashed passwords from the earlier Gawker tech blog breach. Both HBGary 
and rootkit.com were hit by hackers affiliated with Anonymous.

By comparing passwords associated with email addresses registered at 
both Gawker and rootkit.com, computer scientists at Cambridge have been 
able to find out whether these users picked the same passwords for both 
sites.

A total of 522 email addresses were registered at both HBGary and 
rootkit.com. Eliminating throwaway and dubious addresses whittled the 
sample down to 456 pairs.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Fri Feb 11 2011 - 01:50:19 PST

This archive was generated by hypermail 2.2.0 : Fri Feb 11 2011 - 02:01:21 PST