[lug] Attacks Intensifying
Matt Thompson
thompsma at colorado.edu
Thu Oct 28 12:27:09 MDT 2004
On Thu, 2004-10-28 at 11:05, Bill Thoen wrote:
> On Thu, 28 Oct 2004, Matt Thompson wrote:
>
> > Well, the older root specific version was like this:
> >
> > http://www.k-otik.com/exploits/08202004.brutessh2.c.php
>
> Intersting... Looks like they aren't even looking at mixed-case ones, and
> few (if any) over 8 characters.
>
> Do people really use passwords for root that are as simple
> as these? Even the "clever" ones are sort of stupid. (e.g. q1w2e3, a
> keyboard pattern, and ib6ub9, a sounds-like-real-words etc.) Maybe P.T.
> Barnum was right when he said, "You won't go broke underestimating the
> intelligence of the public."
>
> > So, you could take that as a baseline. By now I'm sure some kiddie has
> > expanded the dictionary. I'm guessing there isn't a john-like
> > number/capital type search since I've only ever gotten around 2000 or so
> > attempts a day at its peak. A john-type attack should generate a lot
> > more.
>
> What's a john-like attack?
Well, I just mean how john (the ripper) uses some of those mangling
rules to its wordlist. Things like pluralizing, ing-ing, appending
digits, shift left/right on keyboard, etc.
In fact, john once cracked one of my passwords pretty easily. It was at
that point I decided it was time to make my passwords more complex. Of
course, these 10-15 near-linenoise passwords are so fun to remember.
Matt
--
Learning just means you were wrong and they were right. - Aram
Matt Thompson -- http://ucsub.colorado.edu/~thompsma/
440 UCB, Boulder, CO 80309-0440
JILA A510, 303-492-4662
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20041028/12472bcd/attachment.pgp>
More information about the LUG
mailing list