TrackSomebody.com

illmob.org

Nihilistic Password Questions

January 29th, 2016 by admin in Life

nihilistic

25 Most Popular Passwords of 2015

January 19th, 2016 by admin in cracking, Life

Every year, SplashData complies a list of the millions of stolen passwords made public throughout the last twelve months, then sorts them in order of popularity. This year the results, based on a total of over 2 million leaked passwords, are not the list of random alpha-numeric characters you might hope for. Rather, they’re a lesson in exactly how not to choose a password.
(more…)

Hashcat Now Open Source

December 4th, 2015 by admin in cracking

hashcat3

hashcat and oclHashcat have gone open source. Creator atom, posted on his forum earlier today, that he decided to finally open the source code to developers under the MIT license. He hopes to expand the tool to support new algorithms, native OSX support, and the ultimate reason to decide to go open source was the implementation of the bitsliced DES GPU kernels. Check out the code at: https://github.com/hashcat/

Linksys EA6100 Wireless Router Authentication Bypass

December 4th, 2015 by admin in Privilege Escalation

linksys
Multiple CGI scripts in the web-based administrative interface of the Linksys EA6100 – EA6300 Wireless Router allow unauthenticated access to the high-level administrative functions of the device. This vulnerability can be leveraged by an unauthenticated attacker to obtain the router’s administrative password and subsequently arbitrarily configure the device.
More info: https://www.korelogic.com/Resources/Advisories/KL-001-2015-006.txt

200,000 Comcast accounts leaked

November 24th, 2015 by admin in News

comcast

Reports have emerged that the e-mail, physical addresses, and passwords of up to 200,000 Comcast customers were listed for sale on a Dark Web site for up to $1,000. Someone else leaked the data for free. The cable giant insisted that it had not been hacked and that the most likely reasons for such data appearing on the site were customers either activating malware or falling victim to other social engineering attacks. Either way change your passwords as good practice.

Comcast password cloud courtesy of Stumbles He also has a nice sorted password list ::here::.

Kon-Boot 2.5 released with Windows 10 support

October 12th, 2015 by admin in Apple, Privilege Escalation, windows


Kon-Boot is an application which bypasses the authentication process of Windows and Mac based operating systems. This Kon-Boot version works with both 64-bit and 32-bit Microsoft Windows up to version 10 and Mac OSX Mavericks. Works from a Cd, floppy, or USB. Also supports UEFI based systems.

It also includes special feature which gives you a command prompt with system level privileges at the login screen. Easy to use and excellent for tech repairs, data recovery and security audits. They offer personal and professional licences and well worth the cost. Buy your copy today!

International Password Awareness Day

September 16th, 2015 by admin in Life

PasswordChalkBoard

Today is now International Password Awareness Day!! If you share passwords, don’t have unique passwords between services/sites, use words that can be found in a dictionary, or have passwords that are less than at least 10 characters (extra points for the longer and more complex) GO CHANGE YOUR PASSWORDS. There are so many pieces of software out there like keepass, lastpass, passwordsafe that will allow you to store your passwords. Not being able to remember your passwords is not a good enough excuse anymore.

DONT DO STUFF LIKE THIS

We can fix this problem if we hold each other to higher standards!

Android 5.x Lockscreen Long Password Bypass

September 16th, 2015 by admin in Android, Privilege Escalation

If you’ve got an Android 5 smartphone with anything but the very latest version of Lollipop on it, it’s best to use a PIN or pattern to secure your lock-screen.

“By manipulating a sufficiently large string in the password field when the camera app is active, an attacker is able to destabilize the lockscreen, causing it to crash to the home screen,” University of Texas researchers said. They published their findings at http://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass/

Below is a demonstration of the attack:

The top 100 passwords on Ashley Madison

September 16th, 2015 by admin in cracking, Life

Accounts exposed in the hack of Ashley Madison, had passwords that were just as weak as the rest of the internet, according to research group, CynoSure Prime, that cracked the encryption on 11.7 million of them. The top three: 123456, 12345, and password.

Here are the top 100 most common passwords found:

(more…)

Lastpass breached

June 16th, 2015 by admin in cracking, Password Info


Lastpass team discovered suspicious activity on their network 6/12. In all, the unknown attackers obtained hashed user passwords, cryptographic salts, password reminders, and e-mail addresses. Although they harden your authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, you should change your password and add some multifactor authentication to be on the safe side.

Despite the rigor of the LastPass hashing regimen, the job of cracking a single hash belonging to a specific, targeted individual would be considerably less difficult and potentially within the ability of determined attackers, especially if the underlying password is weak. Passwords are “hashed” by taking the plain text password and running it against a theoretically one-way mathematical algorithm that turns the user’s password into a string of gibberish numbers and letters that is supposed to be challenging to reverse. The weakness of this approach is that hashes by themselves are static, meaning that the password “123456,” for example, will always compute to the same password hash.

If you are using an easily guessed dictionary based password as described by Errata Security you should change your password. Although on a NVIDIA GTX Titan X, which is currently the fastest GPU for password cracking, an attacker would only be able to make fewer than 10,000 guesses per second for a single password hash using the password algorithm:
PBKDF2(HMAC-SHA256, sha256(PBKDF2(HMAC-SHA256, password, salt, rounds)), salt, 100000)

rounds = user_rounds || 5000 // the iteration count is user-defined. default is 5k
encryption_key = PBKDF2(HMAC-SHA256, password, salt, rounds) // this unlocks your vault
auth_key = sha256(encryption_key) // this is what is sent to the server for authentication
server_hash = PBKDF2(HMAC-SHA256, auth_key, salt, 100000) // what’s stored in the auth db

Next Article »