Posts

Showing posts from December, 2009

The RockYou 32 Million Password List Top 100

But first, a quick responses to one of the previous comments, (since it really did merit a front-page post). Tfcx posted: The initial vulnerability was posted 29th November on a hacking forum called darkc0de here: http://forum.darkc0de.com/index.php?action=vthread&forum=11&topic=13082 Thanks, as that really helps narrow down the timeframe, (and reading that post and related posts was interesting if a bit depressing). The hack itself appears pretty straightforward once you see it, (like most things once the solution is presented to you it's easy, but finding it in the first place is hard). I'm still interested in the hacker Igigi, and have been tossing about all sorts of theories; but I'll refrain from posting them here since they are all pure WAGs right now. Now on to the main topic: Per Thorsheim wrote: I would like to see a comparison of Twitters 370 banned passwords against the top 370 or so passwords stolen from rockyou (http://www.techcrunch.com/2009/12/27/twi

RockYou Hacked: 32 Million, (yes that's Million), Passwords Stolen

As the title implies, the popular Facebook and MySpace game/widget maker RockYou was hacked, with the hack becoming public last week Tuesday, December 15th. What's worse is that RockYou stored all of their passwords in the clear, (no hashing), so 32 million plaintext passwords were stolen. I've been doing some digging into this so I can add something to the conversation, but for a great general overview I highly recommend reading TechCrunch's writeup . First of all, if you have ever used the following social networking applications, you probably should change your password ... like right now. Slideshow Uploadphoto Photofx Glittertext Funnotes Countdown Superhug Myspace layouts Stickers Superwall Pieces of flair Speedracing Likeness Hugme Birthday cards Yup, that's why we're talking about 32 million user accounts, (though in all fairness, many of those user accounts are almost certainly duplicates created by the same person). One day after the attack became public, t

Google Wave Invite

I've been playing around with Google Wave , and received a couple of extra invites to the free beta. If you are interested, let me know and I'll send one your way. My short review: It looks like one of those tools where it takes a lot of work to gain any benefit from it. That being said, if you are collaborating with a lot of people on several different projects it has real potential.