Passwords security - | - Md5 hash database

Most Common Passwords

Published by Evil Bee Wednesday, 25 February 2009 14:16

From the moment people started using passwords, it didn’t take long to realize how many people picked the very same passwords over and over. Even the way people misspell words is consistent. In fact, people are so predictable that most hackers make use of lists of common passwords just like these. To give you some insight into how predictable humans are, the following is a list of the most common passwords. If you see your password on this list, please change it immediately. Keep in mind that every password listed here has been used by at least hundreds if not thousands of other people.

Table below is based on our hash database search statistics...

Passwords

Published by Evil Bee Wednesday, 22 October 2008 10:22

Web services takes many steps to keep hackers out of your personal files and information; however, poor password management decreases effectiveness and increases information security risk. Creating strong passwords and changing them often are two simple steps you can take to better protect your personal information.

Here are some other guidelines to help you:

The Human Factors of Password Security

Published by Evil Bee Wednesday, 22 October 2008 10:04

Security experts frequently recommend that users choose different passwords for each web service they belong to and that users change their password with regular intervals.

Good advice in theory, but in practice these experts have forgotten to consider the human factors of password security. Most security breaches happen because of various human weaknesses (e.g., users who give their password in response to email from a person claming to be a system administrator who needs the password to investigate a possible intruder!).

Some thoughts on usage of the MD5 Hash for password storage

Published by Evil Bee Wednesday, 13 August 2008 09:21

The Wikipedia entry for MD5 http://en.wikipedia.org/wiki/MD5 details the vulnerabilites and suggests that several websites now offer online databases to reverse MD5 hashes into text that will generate the same hash.

The examples of MD5 hashes from Wikipedia generate the following collision passwords when entered into http://www.bisix.tk/

Website security strategies

Published by Evil Bee Saturday, 26 July 2008 17:18

The following strategies should be considered by anybody who is responsible for a website which contains potentially sensitive data or who is concerned about vandalism and hacking. These strategies apply equally well to Joomla and non-Joomla sites.

Storing passwords in MySQL

Published by Evil Bee Saturday, 05 July 2008 02:09

Securing plain text passwords in MySQL is NEVER a good idea. As a DBA you should take great care in protecting the users' information. Fortunately MySQL provides you with several options to protect passwords.

After a quick scan of the manual, you may be tempted to store the password by applying the password function to it which is NOT a good idea. MySQL itself advises against using PASSWORD to manage application passwords.

Instead of using PASSWORD(), we can use SHA1 or MD5. Unfortunately exploits for both of these encryption functions have been quite common these days. Still, SHA1 or MD5 keep your password more protected than storing them as plain text.

The art of storing passwords

Published by Evil Bee Friday, 04 July 2008 22:55

Almost every website nowadays needs to maintain a list of users and passwords. Many multi-user applications require a way to authenticate users, and passwords seem like a natural.

You don’t necessarily have to provide your own username/password authentication solution, but if you want to understand the logic behind storing passwords and understand how to correctly implement a password management scheme, this article is for you.

This article assumes a web application – slightly different rules apply to a distributed multi-user application.

How to create strong password

Published by Evil Bee Monday, 30 June 2008 03:09

Passwords are the primary method CMS use to verify a users identity. This is why password security is enormously important for protection and the single most important thing a user can do to protect his account against a password cracking attack is create a strong password.

When creating a password, it is a good idea to follow these guidelines:

Storing passwords in a database

Published by Evil Bee Sunday, 29 June 2008 14:28

Often times we, as developers are required to create authentication systems. When developing an authentication system it is always best to make it as secure as possible. One of the problems that arise when creating an authentication system is storing the username and password of our users. One way to store the username and password would be to simply make a column in a table called usernames and a column called password and store each user’s login credentials in plain text.

Forgotten your password? Google can find it for you

Published by Evil Bee Sunday, 27 January 2008 14:32

There's a certain amount of crowing associated with hacking the blog of a security team - which might be why a hacker, apparently Russian, broke into the blog of the Cambridge University security team at the Light Blue Touchpaper blog.

He did it via some weaknesses in their Wordpress installation, upgrading himself from a plain "can post" user to an admnistrator of the blog using a zero-day (that is, previously unnoted) vulnerability, via SQL injection.

Remote file inclusion vulnerabilities

Published by Evil Bee Thursday, 27 July 2006 13:46

A recent rash of reports to the bugtraq mailing list provides a nice confirmation of an article on this page two weeks ago. Google recently released a code search tool that is being used to find security holes in open source projects and the first target appears to be remote file inclusion (RFI) vulnerabilities in PHP programs. There has been a steady stream of vulnerability reports on security mailing lists as well as an increase in attempts to exploit them.

Security Myths and Passwords

Published by Evil Bee Wednesday, 19 April 2006 00:00

In the practice of security we have accumulated a number of “rules of thumb” that many people accept without careful consideration. Some of these get included in policies, and thus may get propagated to environments they were not meant to address. It is also the case that as technology changes, the underlying (and unstated) assumptions underlying these bits of conventional wisdom also change. The result is a stale policy that may no longer be effective...or possibly even dangerous.

Policies requiring regular password changes (e.g., monthly) are an example of exactly this form of infosec folk wisdom.

From a high-level perspective, let me observe that one problem with any widespread change policy is that it fails to take into account the various threats and other defenses that may be in place. Policies should always be based on a sound understanding of risks, vulnerabilities, and defenses. “Best practice” is intended as a default policy for those who don’t have the necessary data or training to do a reasonable risk assessment.

SQL injection attacks

Published by Evil Bee Friday, 24 March 2006 13:42

One of the more devastating attacks on a web application is also one of the most common: SQL injection. This technique allows an attacker to gain access to the database that underlies many web sites and read and potentially modify data that is not meant to be available to users of that site. This article provides an overview of how SQL injection works and what can be done to avoid it.

articles

whoisonline