Friday, June 24, 2011

Password haystacks

I was listening to a Security Now podcast the other day and security researcher Steve Gibson came up with a really interesting method for creating strong passwords that are easy to memorize. He calls his method 'Password haystacks'. The way it works is you start with a strong password and then pad it with easy to remember characters. (Like a needle in a haystack)

So let's start with a decent password: wa9PUCra

By applying the haystack method it becomes something like this:

======wa9PUCra======

or

......wa9PUCra......

or

A11111wa9PUCra11111A

The additional length dramatically increases the time it would take to crack the password using a brute force attack. Obviously twenty random characters would be more secure but most people can't remember a twenty character password. This method strikes a nice balance which gives a big increase in security without affecting the ability to remember the password.

You can read more about it on Steve Gibson's site.

Tuesday, June 7, 2011

Two busy bots


This morning 203.191.32.49 and 60.31.110.203 were pounding away on one of my FTP servers. They were attempting a brute force break-in but with three log in attempts per minute it would take them a hundred years to get in. 60.31.110.203 is from Inner Mongolia, China and 203.191.32.49 is from Bangladesh.

Thursday, June 2, 2011

Sony hacked again.... this is just sad.

Geek.com is reporting that Sony has been hacked yet again by a group called LulzSec. This time the target was www.sonypictures.com. The hack was carried out using a simple SQL injection attack and unbelievably the passwords were stored in plain text. Sony should unplug all of their internet connections worldwide. If I ever have someone's resume come across my desk and Sony is listed as a former employer that resume is going right in the round file.

Should SQL injection attacks really even be illegal? Think about it... what is a SQL injection attack? You enter a URL into a browser and the remote server returns data. What exactly is the crime? Seems to me everything is working as designed. Maybe Sony should be prosecuted for building a website that leaks personal information on demand.

IP addresses attacking my servers this week


Here are the IP addresses of zombie bots attacking my ssh server this week. Above is a map of their locations. 167.206.13.198 has been particularly persistent. I have seen that IP just about every day. ARIN reports it belongs to Cablevision. I might just have to send an e-mail to their abuse address.

124.42.18.90
167.206.13.198
173.203.106.62
189.11.251.181
195.218.167.78
200.30.78.233
207.182.139.251
210.66.168.73
218.61.200.173
222.124.197.179
62.216.30.140
64.194.202.66
74.208.105.110
88.191.51.40
95.56.230.195