Your Technology Partner
888-364-5999

All posts tagged Security

You are here: Home / Blog / All posts tagged Security
03
Nov

The Worst Passwords of 2012

Categories: Business, Information Technology, Security
Tags: ,
Comments: No

 


Security software developer Splashdata has composed a list of the world’s 25 worst passwords for 2012. While there are not a whole lot of surprises here, number 25 is interesting. The presence of the “1″ after “password” either indicates that people are getting more security conscious or that sites that require passwords to require a number are on the increase – my money is on the latter.

It is worth noting that “trustno1″ has dropped three positions – clearly testament to the lessening impact of the X Files on popular culture. As for those of you that chose “iloveyou”, let’s just say that you and I probably wouldn’t get along.

1. password (Unchanged)
2. 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)

Interestingly, if you combined the top 5 worst passwords of 2012, you would end up with one that is actually pretty good. The chances of someone guessing “password12345612345678abc123qwerty” have got to be in the quadrillions to one.
[Source]

 

(Via The Uber-Review)

11
Mar

Do not use these passwords

Categories: Email, Featured, Information Technology, Security
Tags: ,
Comments: No

SplashData compiled their list “from files containing millions of stolen passwords posted online by hackers” and stated that “Hackers can easily break into many accounts just by repeatedly trying common passwords…“.

So when they say “worst,” they basically mean the most common, and therefore the most easily stolen.

Here’s the list:

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

Some helpful dos and don’ts for creating stronger, more secure passwords:

  • Do: make your passwords at least eight characters
  • Do: use a variety of letters (capital and lowercase), numbers, or special characters (#, $, *, etc…) when possible.
  • Don’t: use the same username/password combination on multiple sites.
23
Jul

Millions of Home Routers Vulnerable to DNS Rebinding Attack

Categories: Information Technology, Misc
Tags:
Comments: 1

Airport ExtremeArs Technica reports that a presentation due to be shown by Craig Heffner at the Black Hat security conference at the end of the month will show how millions of home routers are vulnerable to hacker attack. The attack would let Internet traffic to get redirected and intercepted as well as giving access to home networks. Some of the routers that are vulnerable are from Netgear, Belkin, and Linksys. Models affected include routers used for Verizon’s FIOS and DSL services; popular third-party firmwares like DD-WRT and OpenWRT were found to be vulnerable as well.

A list of the tested routers is available here. Ones that say YES in the last column were successfully hacked. Approximately half of the routers were able to withstand the attack.

Heffner works at security consultancy Seismic and will have a proof-of-concept along with the presentation. He wishes to get this issue out into the open so router manufacturers will take greater notice and release new firmware. The attack employs an old method that has been in use for 15 years, DNS rebinding, which lets the attack get around browser limits on scripts and HTML. DNS is the system that maps english website addresses into IP addresses. DNS allows one name be mapped to multiple IP addresses, DNS rebinding takes advantage of this ability to include the malicious site into the list of sites to load for the site name.

How this comes in handy for hacking routers:

With DNS rebinding, the attacker can make the browser think that any computer he chooses has the same origin as his own malicious page—he just has to create a DNS entry pointing to that computer that matches the DNS name for his malicious site. So, by creating DNS entries for computers in the victim’s LAN, the attacker can trick the victim’s web browser into accessing machines on the victim’s own network. Most computers on a home LAN won’t be running a web server, so on the face of it, this might not seem especially useful. However, one kind of machine typically does run a web server: the router.

If access to the router’s administrative interface can be gained, the attacker can reconfigure it. An example would be routing all DNS lookups through a malicious server which would allow traffic to be monitored and intercepted. Gaining access to the router can be simple as many home routers still have their default password and original firmware isn’t updated. Another possibility is that security flaws could allow the hacker to bypass the password entirely.

Browsers add another layer of protection against this attack as they do attempt to block this type of attack. However, the variation created by Heffner bypasses browser protections. The bypasses aren’t new either, they have been known for a long time. His attack isn’t really all-new but rather a combination of previous knowledge.

The best way to protect against this attack is to change the password on the home router and change the default IP address along with keeping firmware up to date.

Newsletter Signup

Support:
800-400-2383

Get Help

Remote Session:
Sales:
888-364-5999
Recent Posts
We enable clients to succeed, increase productivity, and drive new business by leveraging technology to its greatest potential. As Information Technology consultants we focus on advising clients how best to use information technology to meet their business objectives and needs. In addition to providing advice and consulting, MTC, Inc. will implement, deploy, and administer IT systems on your behalf using up to date, developer recommended and industry best practices.
Tags
backup Cloud CMS Computers Consulting Email email marketing exchange Facebook Google Docs Hardware Hosting How To Information Technology Intranet iphone Managed Services Management marketing Microsoft Microsoft Office musings Networking Office 2010 outlook Outlook 2010 Outsourcing passwords POS Project Review RMNX Security seo server Share Sharepoint Small Business Social Media Strategy Tools & Techniques twitter web Windows Wordpress
 
Top Posts & Pages
Twitter Updates
Testimonials
Insurance Company
Jill Bures
Marvin Technology helped us with our network and maintains all of our computers in the office.  They provide excellent service.
Law Office
MTC has come to our rescue several times when we really needed them.  They quickly solve our computer problems and keep our office running smoothly.