Skip navigation

Tag Archives: Hacking

10 Million Passwords Released

Mark Burnett recently released a cache of 10 million real passwords. For those who do a lot of password cracking and hashing, this is very welcome news. The file is a compilation of various data dumps from website compromises over the course of several years, but the value of a cache of actual passwords, rather than generated wordlists, is very encouraging for this who would seek to break hashes. It is statistically a near certainty that, in a large enough group, you are much more likely to find two people who share the same birthday, than you are you find someone with a specific birthday.  If this principle holds true for password usage as well, this dump could be priceless for security researchers.

Magnet Link: Here

Disclaimer: BY DOWNLOADING THIS AUTHENTICATION DATA YOU AGREE NOT TO USE IT IN ANY MANNER WHICH IS UNLAWFUL, ILLEGAL, FRAUDULENT OR HARMFUL, OR IN CONNECTION WITH ANY UNLAWFUL, ILLEGAL, FRAUDULENT OR HARMFUL PURPOSE OR ACTIVITY INCLUDING BUT NOT LIMITED TO FRAUD, IDENTITY THEFT, OR UNAUTHORIZED COMPUTER SYSTEM ACCESS. THIS DATA IS ONLY MADE AVAILABLE FOR ACADEMIC AND RESEARCH PURPOSES.

White House to Hold Cyber Security Summit

 

In keeping with its focus on cyber security, The White House (which just approved a $1 billion increase in cyber funding for 2016) is hosting a first Summit on Cybersecurity and Consumer Protection this Friday at Stanford University.

Attendees include a veritable ‘who’s who’ of the tech industry, Wall Street, and various other industries, with the CEOs of Bank of America Corp., U.S. Bancorp, American Express, Kaiser Permanente, Visa Inc., MasterCard Inc., and PayPal, as well as Tim Cook from Apple and representatives from Facebook, Google, Intel, and various other companies.

Among the items on the agenda are:

  • Public-Private Collaboration on Cybersecurity
  • Improving Cybersecurity Practices at Consumer-Oriented Businesses and Organizations
  • Promoting More Secure Payment Technologies
  • Cybersecurity Information Sharing
  • International Law Enforcement Cooperation on Cybersecurity
  • Improving Authentication: Moving Beyond the Password

The White House has also stated that in order to strengthen America’s cyber security posture, its priorities are:

  1. Protecting the country’s critical infrastructure — our most important information systems — from cyber threats.
  2. Improving our ability to identify and report cyber incidents so that we can respond in a timely manner.
  3. Engaging with international partners to promote internet freedom and build support for an open, interoperable, secure, and reliable cyberspace.
  4. Securing federal networks by setting clear security targets and holding agencies accountable for meeting those targets.
  5. Shaping a cyber-savvy workforce and moving beyond passwords in partnership with the private sector.

 

 

It will be interesting to see how this shapes the future of America’s cyber policy and how the rest of the world reacts. If ApplePay becomes the de-facto e-payment standard, what does that mean for Android users? </s>

Cyber Weapons Can Be Reused By Adversaries

According the recently-leaked NSA documents, following the 2010 Stuxnet attack against Iranian nuclear facilities and the Wiper attacks against Iranian oil refinaries, Iran was able to reverse engineer and repurpose the malware for its own purposes, which it then used against Saudi Arabian oil company Aramco in 2012 with the Shamoon attack suite.

Just as the U.S. showed its hand at the end of World War 2 by dropping two atomic bombs on Japan (and thus starting the Cold War), America has again been first out of the gate with a new type of weapon, which is subsequently copied. The problem is that today’s “nukes” are nowhere near as difficult to create and the supplies are readily available. Imagine how the Cuban Missile Crisis would have played out if there were drastically more nuclear-armed powers in play. It will be interesting to see how the development of cyber weapons and their subsequent reuse will alter the course of future warfare and provide non-state actors with serious cyber firepower.

Facebook Creates Cyber Threat Feed

Today, Facebook announced its new cyber security threat feed ThreatExchange. By integrating various threat-monitoring feeds and through the use of its Facebook Graph system, it will allow users and companies to trace the connections between cyber incidents and its own records. A number of companies are onboard and will be contributing to and utilizing the data. By embracing the philosophy of data-sharing, the goal is to strengthen the web collectively through efficient dissemination of cyber threat intelligence. The beta now has an open signup both for users and contributors.

The First Line of Defense

The first line of the defense in a network is the people who use it. As someone who secures data, it is easy to blame breaches on user error, but in many cases, it is a matter of ignorance rather than stupidity. It is our responsibility to educate and inform our users of the negative opportunities their actions can create and the potential consequences of a breach. The video in the link is a talk from Defcon 19 by Jayson E. Street entitled Steal Everything, Kill Everyone, Cause Total Financial Ruin and Jayson goes into depth describing many breaches that he has done as part of penetration testing. The one weak link in every incident was the human element; they all fell victim to his social engineering and didn’t think to question him. Teach your users to question everything and report suspicious activity. Breed a security culture and your first line of defense will be strong.