illmob.org

Breaking all the Password Managers?

August 13th, 2017 by admin in cracking, Life, News, Password Info

“Elcomsoft Distributed Password Recovery 3.40 now supports four major password manager apps including 1Password, KeePass, LastPass and Dashlane. The tool allows experts attacking a single master password and gaining access to the content of the encrypted vault, exposing any passwords, authentication credentials and other sensitive information (identity documents, credit card data etc.)”

The debate is on going about the legitimacy of the article many saying ElmcomSoft is spreading FUD and cheesy marketing. Open source project, Hashcat, has supported cracking of all the those password managers listed except Dashlane for a while now. The length of time to crack said password managers, if you are using a long enough password or passphrase, would make cracking not feasible. Especially a program such KeePass, the key transformation iteration count would greatly effect the speed of brute force attack.

In the comments of their article one of the developers of 1Password had this to say:

It would still take a number of months/days/years to crack most password managers, the use of password managers can increase overall security by relieving users from having to memorize a number of passwords. So keep on using yours as long as you have a good password/passphrase, keep your computer updated, and dont click shit, you shouldn’t be too worried anytime soon.

427 Milllion Stolen MySpace Passwords Selling For $2,800

May 27th, 2016 by admin in Life, News, Password Info

myspacehack
The same hacker who was selling the data of more than 164 million LinkedIn users last week now claims to have 360 million emails and passwords of MySpace users, which would be one of the largest leaks of passwords ever.
The passwords were originally hashed with the SHA1 algorithm, which is known to be weak and easy to crack, and they were not salted. “Salting” makes decrypting passwords exponentially harder when dealing with large numbers of passwords such as these.
Below are the top 55 passwords that LeakedSource cracked so far.

Rank Password Frequency
1 homelesspa 855,478
2 password1 585,503
3 abc123 569,825
4 123456 487,945
5 myspace1 276,915
6 123456a 244,641
7 123456789 191,016
8 a123456 165,132
9 123abc 159,700
10 (POSSIBLY INVALID) 158,462
11 qwerty1 141,110
12 passer2009 130,740
13 fuckyou1 125,302
14 iloveyou1 123,668
15 princess1 114,107
16 12345a 111,818
17 monkey1 106,424
18 football1 101,149
19 babygirl1 90,685
20 love123 88,756
21 a12345 85,874
22 iloveyou 85,001
23 jordan23 81,028
24 hello1 80,218
25 jesus1 78,075
26 bitch1 78,015
27 password 77,913
28 iloveyou2 76,970
29 michael1 75,878
30 soccer1 74,926
31 blink182 73,145
32 29rsavoy 71,551
33 123qwe 70,476
34 angel1 70,271
35 myspace 69,019
36 fuckyou2 68,995
37 jessica1 67,644
38 number1 65,976
39 baseball1 65,400
40 asshole1 63,078
41 1234567890 62,855
42 ashley1 62,611
43 anthony1 62,295
44 money1 61,639
45 asdasd5 60,810
46 123456789a 60,441
47 superman1 59,565
48 sunshine1 57,522
49 nicole1 56,039
50 password2 55,754
51 charlie1 54,432
52 shadow1 54,398
53 jordan1 54,004
54 1234567 51,131
55 50cent 50,719

200,000 Comcast accounts leaked

November 24th, 2015 by admin in News

comcast

Reports have emerged that the e-mail, physical addresses, and passwords of up to 200,000 Comcast customers were listed for sale on a Dark Web site for up to $1,000. Someone else leaked the data for free. The cable giant insisted that it had not been hacked and that the most likely reasons for such data appearing on the site were customers either activating malware or falling victim to other social engineering attacks. Either way change your passwords as good practice.

Comcast password cloud courtesy of Stumbles He also has a nice sorted password list ::here::.

AdultFriendFinder.com hacked

May 22nd, 2015 by admin in Life, News

Adult Friend Finder, the no-strings sex solicitation service that’s familiar to anyone who’s ever visited a porn site, was apparently just the victim of an enormous data breach, exposing millions of people who clicked banner ads hoping to get laid.

The person behind the leak, who goes by ROR[RG], claims he hacked Adult Friend Finder because they owed a friend of his money:

ADULTFRIENDFINDER.COM > this is for owing my guy $247,938.28 BITCH!!!!!!!!!!!

You have been ROOTED ;D

Cuz Itz Pay yo DUEZ or we COMIN 4 U!!!!!!

shout outz to Hell for the bandwidth:

Word to the wise, don’t use your work email address for kinky sex sites. .gov accounts anyone?

UPDATE: now you can check if your email was in the dump
aff

Unlock systems infected by CryptoLocker.

August 6th, 2014 by admin in cracking, News


Researchers have struck back at the operators of the CryptoLocker ransom trojan that has held hundreds of thousands of hard drives hostage, the researchers managed to recover the private encryption keys that CryptoLocker uses to lock victims’ personal computer files until they pay a $300 ransom. Thanks to the security experts, an online portal has been created where victims can get the key for free.

To use the free service, victims must upload one of the files encrypted by CryptoLocker along with the e-mail address where they want the secret key delivered. They will then email you a master decryption key along with a download link to their recovery program that can be used together with the master decryption key to repair all encrypted files on your system.

https://www.decryptcryptolocker.com/

PasswordsCon14

July 22nd, 2014 by admin in News

A hacker conference that’s all about passwords, PIN codes, and digital authentication. Coming August 5 & 6 https://passwordscon.org/

Ubuntu 14.04 Lockscreen Bypass

April 27th, 2014 by admin in Linux, News

A bug was found that allows you to bypass the lockscreen on the latest version of Ubuntu. Seems all you need to do is hold down the Enter key until the screen freezes and the lock screen crashes. After that the computer is fully unlocked. It has been patched so make sure you upgrade.

Heart Bleed SSL Bug

April 8th, 2014 by admin in Browsers, cracking, News


A massive vulnerability has been found in OpenSSL, the open-source software package broadly used to encrypt Web communications. The flaw allows attackers to steal the information that is normally protected by SSL/TLS encryption, which is used to protect Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs).
Essentially, that means a lot of Internet users are affected. And potentially, passwords, private communications and even credit card information could be available to hackers courtesy of this newly-discovered bug.
A few people have been checking major websites to check if they’re vulnerable

Top 100 Adobe Passwords

November 24th, 2013 by admin in cracking, News, Privilege Escalation


As you may already know Adobe was breached weeks back. This Breach affected roughly 152989508 users. Adobe encrypted the passwords with 3DES in ECB mode, the passwords in this leak are were all encrypted with the same key. Without that key, we cannot crack a single password. Since the key used to encrypt the passwords isn’t known (yet), researchers have been using a guessing technique of the user’s password hint. That’s right, Whilst Adobe encrypted their passwords (even though done poorly), password hints had absolutely no security whatsoever. Matching this information with what we know about the ciphertext thanks to ECB mode, we are able to determine a number of passwords with a reasonable degree of certainty. This list below was compiled by Jeremi Gosney. (more…)

How crackers get your password

May 30th, 2013 by admin in cracking, News

Good article on how your complex password gets cracked
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

Next Article »