illmob.org

Stupid Joke

February 1st, 2010 by Dev Team in Uncategorized

During a recent password audit, it was found that a blonde was using the following password:

“MickeyMinniePlutoHueyLouieDeweyDonaldGoofy”

When asked why such a big password, she said (wait for it)….

… that it had to be at least 8 characters long.

Change iPhone’s Root Password After Jailbreaking It

November 8th, 2009 by Dev Team in Uncategorized

If you’re one of the many who are jailbreaking your iPhone to get options such as tethering, make sure you change the root access password once you do.
In addition to your possibly getting Rick-Rolled

Your jailbroken phone could possibly be held for ransom

If you’ve never changed the default device password, now’s the time. Here’s how:

The app to use on the iPhone is called MobileTerminal and it’s available for free in the Cydia store.

Once you have MobileTerminal installed, launch it and you should see a prompt saying this or similar:

iPhoneName: ~ Mobile$

  • At that prompt, type: passwd
  • You’ll be prompted for the ‘old’ (current) password for the mobile user.  Enter this as the old password: alpine
  • You’ll then be prompted to enter the new password – so just type in your desired new password.  Use good password principles if possible (long and stong).  You will not see characters appearing on the screen as you type – that’s normal, not a concern.
  • You’ll then be prompted to re-enter the new password.  Do that.
  • You should then be returned to the Mobile$ prompt that you started on when opening the MobileTerminal app.  There’s no success message to say the password was changed – but if you’re returned to the prompt and do not get an error, the change was successful.  And you’re done with change for the mobile account.
  • The second primary admin account for the iPhone is called root – so now you need to change that as well.
  • Type this to switch to the root user: login root
  • You’ll be prompted for the root user’s current password.  Enter this: alpine
  • Type this to start the password change routine again: passwd
  • Enter the old password for root (it is ‘alpine’, same as for the mobile user) and enter your desired new password twice, just as you did for the mobile account

How To hide Passwords

October 22nd, 2009 by Dev Team in Life, Uncategorized

http://www.thelstalk.com/how-to-hide-your-password/

Most Common Hotmail Password Revealed!

October 6th, 2009 by Dev Team in Uncategorized

Follow-up to yesterdays post. A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.

Forty-two percent of the passwords used lowercase letters from “a to z”; only 6 percent mixed alpha-numeric and other characters.
(more…)

Hotmail accounts stolen and leaked

October 5th, 2009 by Dev Team in Uncategorized

Thousands of Windows Live Hotmail passwords have been leaked online, Microsoft has confirmed. The news was first reported by Neowin.
According to Microsoft, it “learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site” at some point over the weekend. Neowin.com originally reported that the credentials were posted to a developer forum on Pastebin.com on October 1. A google cache of pastebin was still available for hours after it was taken down.

GPU Password Recovery For Rar Archives

September 6th, 2009 by Dev Team in Uncategorized

The latest video card generation that is manufactured by ATI and Nvidia can be used to speed up password recovery attempts tremendously. Toolkits like Nvidia’s CUDA offer drivers and development examples to aid developer’s in the integration of gpu accelerated password recovery programs. One of the programs that is making use of the gpu to recover passwords is Rar GPU Password Recovery. The supported video cards at this point in time are ATI HD RV7×0s cards that include ATI Radeon 4870, 4890 and 4770 or Nvidia cards supported CUDA including GTX 260, 8600 GTS or 8600 GT. It is also recommended to have the latest Catalyst or Geforce drivers installed.

The developer provides some plain numbers to show the effectiveness of using the GPU to recover a rar password with four characters:

* ~168 passwords per second on single core of Q6600 @ 2.4Ghz
* ~325 passwords per second on 8600 GT
* ~3120 passwords per second on ATI HD4850
* ~2075 passwords per second on GTX260/192SP

The performance of the listed ATI card is almost 20 times that of a password recovery where only the cpu is used. The password recovery software is a command line utility and the developer is offering extensive information on the possible parameters that can be used to recover the password. The suggested length of the password should not exceed six characters although it is theoretically possible to start a password recovery for a password with up to 17 chars.
http://www.golubev.com/rargpu.htm

Win98 Hax

August 11th, 2009 by Dev Team in Life, Uncategorized

WordPress Remote Admin Password Reset Vulnerability

August 11th, 2009 by Dev Team in News, Uncategorized

A new post appeared on the WordPress discussion list today revealing more details about the process. Everyone is apparently able to reset a WordPress password if the email address of the WordPress user is known. All that needs to be done is to point the web browser at http://www.domain.com/wp-login.php?action=lostpassword to reset the password. The email address of the account holder has to be supplied in the form. WordPress usually will send a confirmation email first asking the email account owner if the password should be reset. The vulnerability manipulates the query to skip this step.

It is not possible to exploit this vulnerability further which means attackers cannot get access to the user account. It can however be theoretically be used to reset the password regularly to lock the user or admin out of the WordPress blog.

A temporary fix for the remote admin password reset vulnerability was posted. WordPress administrators need to change one line of code in the wp-login.php file of the WordPress installation to protect their blog from the attack. There is no official release fixing this problem, apply this changeset to your wp-login.php.

change line 190 in wp-login.php to

if ( empty( $key ) )

With

    if ( empty( $key ) || is_array( $key ) )

It is advised to apply the temporary fix as soon as possible to WordPress installations.

ChromePasswordDecryptor

July 23rd, 2009 by Dev Team in Uncategorized

Google Chrome browser is the latest entry into the ongoing web browser’s war which is mainly ruled by IE and Firefox. The word Google behind the Chrome has given it lot of hype and popularity than any other browser got in such a short duration. However some of the features such as searching from the same address bar, thumbnails of top sites, private browsing etc makes it stand apart from other browsers in the market.

Like other browsers Chrome also has built-in login password manager functionality which keeps track of the login secrets of all visited websites. Whenever user logins to any website, he/she will be prompted to save the credentials for later use and if user chooses so, then the username & passwords will be stored in internal login database. So next time onwards whenever user visits that website, he/she will be automatically logged in using these stored credentials which saves hassle of entering the credentails every time.

ChromePasswordDecryptor is standalone application which does not require any installation and can be directly executed after copying to local system.

* Launch the ChromePasswordDecryptor on the system.
* By default it will automatically display the default chrome profile path for current user. However you can change the path using the ‘browse’ button besides it.
* Then you can click on ‘Show’ button to decrypt and display all the stored login secrets from Chrome.
* Next you can click on ‘Export’ button to save all the secrets to standard HTML file.
Download chromepassworddecryptor

SAM and Syskey

July 12th, 2009 by Dev Team in Uncategorized

Many people wonder how their password is obtained from the SAM in Windows. Push The Red Button has an excellent in-depth article on how your password is encrypted and decrypted into a LanMan hash and a NT hash and stored in the SAM.

« Previous ArticleNext Article »