-- sample posting (we will post this to blogger next week)
Welcome to Hockey Smile's Hacker Manual! In the weeks
to come, I am going to provide advice on how to be a good hacker! :-) Check
back regularly for new postings. This manual is for a project for an Internet
Security course so FBI and CIA, please don't come get me! :-) Any questions,
please contact hockeysmile@hotmail.com.
I'm going to begin by talking about security strategies
people use to stop people like me!
1. Securing your computer network
2. Inoculating your computer against viruses
3. maintaining physical security
4. Preparing for disaster
5. Ongoing Monitoring and Maintenance
I'm going to talk about passwords...
Imagine five passwords such as:
These are actually not very good because:
- they are easy to guess
- crackers can use dictionary software to figure out
- they include my name
- they do not mix numbers, letters and symbols
A better password would be:
This is easy to remember for me because it signifies:
My friend Gertrude weighs 500 pounds from eating too much pizza
Now I will share with you some Common Password Cracking
Techniques
1. Password Manipulation
2. "Shoulder Surfing"
3. Guessing
4. Software (e.g. Dictionary, Mutation Filter, Brute
Force Password Cracker)
where do you get good software? Check out these sites for a start.
Here’s some statistics to consider…
Consider that at one of the largest technology companies,
where policy required that passwords exceed 8 characters, mix cases, and
include numbers or symbols...
L0phtCrack obtained 18% of the passwords in 10 minutes
90% of the passwords were recovered within 48 hours on a
Pentium II/300
The Administrator and most Domain Admin passwords were
cracked
Xieve™
Passware developed Xieve™ optimization that boosts
dramatically Brute-Force attack speed by skipping password checks of nonsense
combinations of characters. With 95% recovery rate for English words password
search speed is over 75,000,000 passwords per minute.
That’s it for today’s hacker lesson, see you next week hacker comrades.