How the Bible and YouTube are fueling the next frontier of password cracking

Crackers tap new sources to uncover “givemelibertyorgivemedeath” and other phrases. Aurich Lawson Early last year, password security researcher Kevin Young was hitting a brick wall. Over the previous few weeks, he made steady progress decoding cryptographically protected password data leaked from the then-recent hack of intelligence firm Stratfor. But with about 60 percent of the more ...

Ruh-roh: Adobe breach is just the beginning, researcher says

  SUMMARY:Other as-yet-unnamed companies have also been compromised, security whiz Alex Holden tells The ThreatPost blog. The Adobe source code breach disclosed last week was scary. Perhaps scarier still is that the perpetrators have hit other as-yet unnamed companies. There have been similar intrusions to other companies which are now being notified, security expert Alex Holden told the ...

Adobe source code and customer data stolen in sustained network hack

Theft could give hackers a new way to exploit widely used Acrobat, ColdFusion apps. Wikipedia Adobe said it suffered a sustained compromise of its corporate network, allowing hackers to illegally access source code for several of its widely used software applications as well as password data and other sensitive information belonging to almost three million ...

Adobe source code breach; it’s bad, real bad

  SUMMARY:If the perpetrators are truly evil-doers, their theft of Adobe source code could mean bad things for the company and its customers, security experts said. The theft of source code for Adobe Acrobat, Cold Fusion and other products poses a wide-spread threat given the installed base of these products, particularly the Acrobat reader, security ...

“thereisnofatebutwhat­wemake”—Turbo-charged cracking comes to long passwords

Cracking really long passwords just got a whole lot faster and easier. Dan Goodin For the first time, the freely available password cracker ocl-Hashcat-plus is able to tackle passcodes with as many as 55 characters. It’s an improvement that comes as more and more people are relying on long passcodes and phrases to protect their ...

How easy is it to hack JavaScript in a browser?

Breaking down the possibilities of breaking in. Stack Exchange This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites. Jesus Rodriguez asks: My question has to do with JavaScript security. Imagine an auth system where you’re using ...

Facebook security glitch affected 6 million users, shared email and phone data

  photo: Thinkstock SUMMARY:A glitch in Facebook’s system allowed the email addresess or phone numbers of about 6 million Facebook users to have been shared, the company announced in a blog post Friday afternoon. Facebook published a blog post on Friday afternoon explaining a security glitch that caused the email addresses or phone numbers of about ...

More than 360,000 Apache websites imperiled by critical Plesk vulnerability

Publicly available attack code exploits remote-code bug in Plesk admin panel. Hundreds of thousands of websites could be endangered by publicly available attack code exploiting a critical vulnerability in the Plesk control panel. This particular vulnerability gives hackers control of the server it runs on according to security researchers. The code-execution vulnerability affects default versions 8.6, ...

Critical Ruby on Rails bug exploited in wild, hacked servers join botnet

Attackers’ success shows many servers still aren’t patched. Is yours? xxdigipxx Attackers are exploiting an extremely critical vulnerability in the Ruby on Rails framework to commandeer servers and make them part of a malicious network of hacked machines, a security researcher said. Ars first warned of the threat in early January, shortly after Rails maintainers issued ...

Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”

For Ars, three crackers have at 16,000+ hashed passcodes—with 90 percent success. This was posted originally on Arstechnica. Thanks to the XKCD comic, every password cracking word list in the world probably has correcthorsebatterystaple in it already. Aurich Lawson In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password ...