“Elcomsoft Distributed Password Recovery 3.40 now supports four major password manager apps including 1Password, KeePass, LastPass and Dashlane. The tool allows experts attacking a single master password and gaining access to the content of the encrypted vault, exposing any passwords, authentication credentials and other sensitive information (identity documents, credit card data etc.)”

The debate is on going about the legitimacy of the article many saying ElmcomSoft is spreading FUD and cheesy marketing. Open source project, Hashcat, has supported cracking of all the those password managers listed except Dashlane for a while now. The length of time to crack said password managers, if you are using a long enough password or passphrase, would make cracking not feasible. Especially a program such KeePass, the key transformation iteration count would greatly effect the speed of brute force attack.

In the comments of their article one of the developers of 1Password had this to say:

It would still take a number of months/days/years to crack most password managers, the use of password managers can increase overall security by relieving users from having to memorize a number of passwords. So keep on using yours as long as you have a good password/passphrase, keep your computer updated, and dont click shit, you shouldn’t be too worried anytime soon.

The same hacker who was selling the data of more than 164 million LinkedIn users last week now claims to have 360 million emails and passwords of MySpace users, which would be one of the largest leaks of passwords ever.
The passwords were originally hashed with the SHA1 algorithm, which is known to be weak and easy to crack, and they were not salted. “Salting” makes decrypting passwords exponentially harder when dealing with large numbers of passwords such as these.
Below are the top 55 passwords that LeakedSource cracked so far.

Rank	Password	Frequency
1	homelesspa	855,478
2	password1	585,503
3	abc123	569,825
4	123456	487,945
5	myspace1	276,915
6	123456a	244,641
7	123456789	191,016
8	a123456	165,132
9	123abc	159,700
10	(POSSIBLY INVALID)	158,462
11	qwerty1	141,110
12	passer2009	130,740
13	fuckyou1	125,302
14	iloveyou1	123,668
15	princess1	114,107
16	12345a	111,818
17	monkey1	106,424
18	football1	101,149
19	babygirl1	90,685
20	love123	88,756
21	a12345	85,874
22	iloveyou	85,001
23	jordan23	81,028
24	hello1	80,218
25	jesus1	78,075
26	bitch1	78,015
27	password	77,913
28	iloveyou2	76,970
29	michael1	75,878
30	soccer1	74,926
31	blink182	73,145
32	29rsavoy	71,551
33	123qwe	70,476
34	angel1	70,271
35	myspace	69,019
36	fuckyou2	68,995
37	jessica1	67,644
38	number1	65,976
39	baseball1	65,400
40	asshole1	63,078
41	1234567890	62,855
42	ashley1	62,611
43	anthony1	62,295
44	money1	61,639
45	asdasd5	60,810
46	123456789a	60,441
47	superman1	59,565
48	sunshine1	57,522
49	nicole1	56,039
50	password2	55,754
51	charlie1	54,432
52	shadow1	54,398
53	jordan1	54,004
54	1234567	51,131
55	50cent	50,719

Reports have emerged that the e-mail, physical addresses, and passwords of up to 200,000 Comcast customers were listed for sale on a Dark Web site for up to $1,000. Someone else leaked the data for free. The cable giant insisted that it had not been hacked and that the most likely reasons for such data appearing on the site were customers either activating malware or falling victim to other social engineering attacks. Either way change your passwords as good practice.

Comcast password cloud courtesy of Stumbles He also has a nice sorted password list ::here::.

Adult Friend Finder, the no-strings sex solicitation service that’s familiar to anyone who’s ever visited a porn site, was apparently just the victim of an enormous data breach, exposing millions of people who clicked banner ads hoping to get laid.

The person behind the leak, who goes by ROR[RG], claims he hacked Adult Friend Finder because they owed a friend of his money:

ADULTFRIENDFINDER.COM > this is for owing my guy $247,938.28 BITCH!!!!!!!!!!!

You have been ROOTED ;D

Cuz Itz Pay yo DUEZ or we COMIN 4 U!!!!!!

shout outz to Hell for the bandwidth:

Word to the wise, don’t use your work email address for kinky sex sites. .gov accounts anyone?

UPDATE: now you can check if your email was in the dump

Researchers have struck back at the operators of the CryptoLocker ransom trojan that has held hundreds of thousands of hard drives hostage, the researchers managed to recover the private encryption keys that CryptoLocker uses to lock victims’ personal computer files until they pay a $300 ransom. Thanks to the security experts, an online portal has been created where victims can get the key for free.

To use the free service, victims must upload one of the files encrypted by CryptoLocker along with the e-mail address where they want the secret key delivered. They will then email you a master decryption key along with a download link to their recovery program that can be used together with the master decryption key to repair all encrypted files on your system.

https://www.decryptcryptolocker.com/

A hacker conference that’s all about passwords, PIN codes, and digital authentication. Coming August 5 & 6 https://passwordscon.org/

A bug was found that allows you to bypass the lockscreen on the latest version of Ubuntu. Seems all you need to do is hold down the Enter key until the screen freezes and the lock screen crashes. After that the computer is fully unlocked. It has been patched so make sure you upgrade.

A massive vulnerability has been found in OpenSSL, the open-source software package broadly used to encrypt Web communications. The flaw allows attackers to steal the information that is normally protected by SSL/TLS encryption, which is used to protect Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs).
Essentially, that means a lot of Internet users are affected. And potentially, passwords, private communications and even credit card information could be available to hackers courtesy of this newly-discovered bug.
A few people have been checking major websites to check if they’re vulnerable

As you may already know Adobe was breached weeks back. This Breach affected roughly 152989508 users. Adobe encrypted the passwords with 3DES in ECB mode, the passwords in this leak are were all encrypted with the same key. Without that key, we cannot crack a single password. Since the key used to encrypt the passwords isn’t known (yet), researchers have been using a guessing technique of the user’s password hint. That’s right, Whilst Adobe encrypted their passwords (even though done poorly), password hints had absolutely no security whatsoever. Matching this information with what we know about the ciphertext thanks to ECB mode, we are able to determine a number of passwords with a reasonable degree of certainty. This list below was compiled by Jeremi Gosney. (more…)

Good article on how your complex password gets cracked
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/