|
|
|
Password analysis for Windows Live Hotmail users |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : There s again news that user account database is available in the Internet. Now it is about Windows Live Mail users. The origin says that more than 10000 passwords of Hotmail user accounts are in public access. I could not miss it, and brief googling leads me to the true origin. Now pastebin.com server operates unstably but google cache works perfectly So, firstly, the list of published and sorted without repetitions accounts includes only accounts that start from letters a and b . It means that the full list of users is much bigger than the published list. If we assume that there are about 4000-5000 accounts for every English alphabet letter it s easy to calculate that the full list of compromised accounts could reach 150000. Secondly, only 9238 of 10028 published accounts are legitimate. If we also consider Hotmail restriction policy that requires password length to be no less than 6 characters, only 8250 accounts are legitimate. Here are the results for used charset for the whole password list This is the similar diagram, considering Hotmail password policy As you can see, the graphics are almost identical. Comparing with similar data on corporate users 1 and user passwords from VKontakte social service 2 , the diagram is the following And this is a diagram by password lengths Assuming that the most part of Hotmail users are foreign Internet users, we can see the difference in how Russian and foreign users choose passwords. Our nationals prefer numerals but foreign users prefer English alphabet characters in lower case. On the other hand, Russian users choose longer passwords. Here s TOP50 of the most widespread passwords for Hotmail user accounts 1. 123456 2. 123456789 3. alejandra 4. 111111 5. alejandro 6. tequiero 7. 12345678 8. 1234567 9. alberto 10. daniel 11. 000000 12. ESTRELLA 13. beatriz 14. roberto 15. sebastian 16. andrea 17. iloveyou 18. bonita 19. felicidad 20. 555555 21. amigos 22. brujita 23. america 24. arturo 25. Princesa 26. 666666 27. BETITO 28. mariposa 29. 777777 30. ricardo 31. asdfgh 32. rosita 33. piscis 34. caballo 35. cristina 36. gatito 37. 112233 38. angelica 39. junior 40. 123123 41. barbara 42. libertad 43. adriana 44. angelito 45. carolina 46. 654321 47. felipe 48. ximena 49. paloma 50. Esperanza If we analyze the list of the most widespread passwords in Hotmail accounts, we can see that very often user name is used as a password. However, numeral combinations 123456, 1234567, 12345678 and 123456789 are in TOP10, as in used passwords statistics in Russian companies. They are considered as leaders among the most favorite passwords for users all over the world
Les mots clés de la revue de presse pour cet article : password windows hotmail
Les videos sur SecuObs pour les mots clés : password windows
Les mots clés pour les articles publiés sur SecuObs : windows
Les éléments de la revue Twitter pour les mots clé : password windows
Les derniers articles du site " Positive Technologies Research Lab" :
- RFI over SQL Injection Cross-Site Scripting
- Magic Quotes
- Methods of Quick Exploitation of Blind SQL Injection
- Juniper JUNOS Remote Kernel Crash Flaw
- WASC Threat Classification v2.0 is Out
- Over 32 million accounts have been compromised the result of an attack on the RockYou.com site
- HTTP Parameter Fragmentation HPF is one of the methods to bypass security filters in web applications
- non blind SQL Injection
- Password analysis for Windows Live Hotmail users
- Another fine method to exploit SQL Injection and bypass WAF
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
