Comments on: Twitter, DNS, the “Iranian cyber army” and panic – an analysis http://atenlabs.com/blog/twitter-dns-the-iranian-cyber-army-and-panic-an-analysis/ San Diego's Premier IT Security Consultancy Tue, 24 Jan 2012 19:29:52 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Dealing with liars, slander and libel. « Aten Labs http://atenlabs.com/blog/twitter-dns-the-iranian-cyber-army-and-panic-an-analysis/comment-page-1/#comment-170 Dealing with liars, slander and libel. « Aten Labs Wed, 10 Feb 2010 02:23:07 +0000 http://atenlabs.com/blog/?p=85#comment-170 [...] not even sure what their endgame is – capturing traffic is not an end, its a means. When REAL attackers, REAL blackhats capture credentials they do it by the thousands. By the TENS of [...] [...] not even sure what their endgame is – capturing traffic is not an end, its a means. When REAL attackers, REAL blackhats capture credentials they do it by the thousands. By the TENS of [...]

]]> By: Dan http://atenlabs.com/blog/twitter-dns-the-iranian-cyber-army-and-panic-an-analysis/comment-page-1/#comment-140 Dan Fri, 18 Dec 2009 09:05:32 +0000 http://atenlabs.com/blog/?p=85#comment-140 Good point Nrek - Having one password for everything is generally bad security practice. Its good to change passwords regularly - at defcon this year there was a student from a college who gave a talk about password cracking. Some of the statistics he cited were abysmal. A very popular (phpbb, i think it was) forum got hacked. hundreds of thousands of people had their passwords compromised. They sent out a mailer telling people to change their passwords. It later got hacked AGAIN. This student was able to obtain the published password hashes for both breeches - he ran john the ripper (a pw cracking app) against both. Over 75% of the users DID NOT change their passwords after they were compromised. Heres the presentation: http://tinyurl.com/ydzm9vk (its a little slow, but check it out) Good point Nrek – Having one password for everything is generally bad security practice.

Its good to change passwords regularly – at defcon this year there was a student from a college who gave a talk about password cracking. Some of the statistics he cited were abysmal.

A very popular (phpbb, i think it was) forum got hacked. hundreds of thousands of people had their passwords compromised. They sent out a mailer telling people to change their passwords. It later got hacked AGAIN.

This student was able to obtain the published password hashes for both breeches – he ran john the ripper (a pw cracking app) against both.

Over 75% of the users DID NOT change their passwords after they were compromised.

Heres the presentation: http://tinyurl.com/ydzm9vk (its a little slow, but check it out)

]]> By: nrek http://atenlabs.com/blog/twitter-dns-the-iranian-cyber-army-and-panic-an-analysis/comment-page-1/#comment-139 nrek Fri, 18 Dec 2009 09:00:38 +0000 http://atenlabs.com/blog/?p=85#comment-139 I'd much rather use this opportunity as a gentle reminder that people should routinely change their passwords, and since security is on your mind - hell; why not do it? Just my thoughts. I’d much rather use this opportunity as a gentle reminder that people should routinely change their passwords, and since security is on your mind – hell; why not do it?

Just my thoughts.

]]>