Brainfoldb4u's Blog

Just another WordPress.com weblog

Archive for January 1st, 2010

List of 370 twitter banned passwords

Posted by brainfoldb4u on January 1, 2010

Twitter has recently made it so that when you sign up for an account you can’t use one of those very obvious passwords. Below list is a set of words that tweeter coded as insecure and tweeter wont allow any users to use them during account sign up. To view the list, right click to see the source code of the registration page.

To make you choose secure password, Firefox has an add-on that generates secure password.

For more detailed report click here

Here is a list of these passwords (Thanks to The Wundercounter for publishing the list):

  • 111111
  • 11111111
  • 112233
  • 121212
  • 123123
  • 123456
  • 1234567
  • 12345678
  • 131313
  • 232323
  • 654321
  • 666666
  • 696969
  • 777777
  • 7777777
  • 8675309
  • 987654
  • aaaaaa
  • abc123
  • abc123
  • abcdef
  • abgrtyu
  • access
  • access14
  • action
  • albert
  • alexis
  • amanda
  • amateur
  • andrea
  • andrew
  • angela
  • angels
  • animal
  • anthony
  • apollo
  • apples
  • arsenal
  • arthur
  • asdfgh
  • ashley
  • august
  • austin
  • badboy
  • bailey
  • banana
  • barney
  • baseball
  • batman
  • beaver
  • beavis
  • bigdaddy
  • bigdog
  • birdie
  • bitches
  • biteme
  • blazer
  • blonde
  • blondes
  • bond007
  • bonnie
  • booboo
  • booger
  • boomer
  • boston
  • brandon
  • brandy
  • braves
  • brazil
  • bronco
  • broncos
  • bulldog
  • buster
  • butter
  • butthead
  • calvin
  • camaro
  • cameron
  • canada
  • captain
  • carlos
  • carter
  • casper
  • charles
  • charlie
  • cheese
  • chelsea
  • chester
  • chicago
  • chicken
  • cocacola
  • coffee
  • college
  • compaq
  • computer
  • cookie
  • cooper
  • corvette
  • cowboy
  • cowboys
  • crystal
  • dakota
  • dallas
  • daniel
  • danielle
  • debbie
  • dennis
  • diablo
  • diamond
  • doctor
  • doggie
  • dolphin
  • dolphins
  • donald
  • dragon
  • dreams
  • driver
  • eagle1
  • eagles
  • edward
  • einstein
  • erotic
  • extreme
  • falcon
  • fender
  • ferrari
  • firebird
  • fishing
  • florida
  • flower
  • flyers
  • football
  • forever
  • freddy
  • freedom
  • gandalf
  • gateway
  • gators
  • gemini
  • george
  • giants
  • ginger
  • golden
  • golfer
  • gordon
  • gregory
  • guitar
  • gunner
  • hammer
  • hannah
  • hardcore
  • harley
  • heather
  • helpme
  • hockey
  • hooters
  • horney
  • hotdog
  • hunter
  • hunting
  • iceman
  • iloveyou
  • internet
  • iwantu
  • jackie
  • jackson
  • jaguar
  • jasmine
  • jasper
  • jennifer
  • jeremy
  • jessica
  • johnny
  • johnson
  • jordan
  • joseph
  • joshua
  • junior
  • justin
  • killer
  • knight
  • ladies
  • lakers
  • lauren
  • leather
  • legend
  • letmein
  • little
  • london
  • lovers
  • maddog
  • madison
  • maggie
  • magnum
  • marine
  • marlboro
  • martin
  • marvin
  • master
  • matrix
  • matthew
  • maverick
  • maxwell
  • melissa
  • member
  • mercedes
  • merlin
  • michael
  • michelle
  • mickey
  • midnight
  • miller
  • mistress
  • monica
  • monkey
  • monster
  • morgan
  • mother
  • mountain
  • muffin
  • murphy
  • mustang
  • naked
  • nascar
  • nathan
  • naughty
  • ncc1701
  • newyork
  • nicholas
  • nicole
  • nipple
  • nipples
  • oliver
  • orange
  • packers
  • panther
  • panties
  • parker
  • password
  • password1
  • password12
  • password123
  • patrick
  • peaches
  • peanut
  • pepper
  • phantom
  • phoenix
  • player
  • please
  • pookie
  • porsche
  • prince
  • princess
  • private
  • purple
  • pussies
  • qazwsx
  • qwerty
  • qwertyui
  • rabbit
  • rachel
  • racing
  • raiders
  • rainbow
  • ranger
  • rangers
  • rebecca
  • redskins
  • redsox
  • redwings
  • richard
  • robert
  • rocket
  • rosebud
  • runner
  • rush2112
  • russia
  • samantha
  • sammy
  • samson
  • sandra
  • saturn
  • scooby
  • scooter
  • scorpio
  • scorpion
  • secret
  • sexsex
  • shadow
  • shannon
  • shaved
  • sierra
  • silver
  • skippy
  • slayer
  • smokey
  • snoopy
  • soccer
  • sophie
  • spanky
  • sparky
  • spider
  • squirt
  • srinivas
  • startrek
  • starwars
  • steelers
  • steven
  • sticky
  • stupid
  • success
  • summer
  • sunshine
  • superman
  • surfer
  • swimming
  • sydney
  • taylor
  • tennis
  • teresa
  • tester
  • testing
  • theman
  • thomas
  • thunder
  • thx1138
  • tiffany
  • tigers
  • tigger
  • tomcat
  • topgun
  • toyota
  • travis
  • trouble
  • trustno1
  • tucker
  • turtle
  • twitter
  • united
  • vagina
  • victor
  • victoria
  • viking
  • voodoo
  • voyager
  • walter
  • warrior
  • welcome
  • whatever
  • william
  • willie
  • wilson
  • winner
  • winston
  • winter
  • wizard
  • xavier
  • xxxxxx
  • xxxxxxxx
  • yamaha
  • yankee
  • yankees
  • yellow
  • zxcvbn
  • zxcvbnm
  • zzzzzz

Posted in Information Security, Passwords | Tagged: | Leave a Comment »

Top data breaches of 2009

Posted by brainfoldb4u on January 1, 2010

Office of Inadequate security has revealed their latest list of top 10 breaches with reports suggesting the reason behind the decline in data breach report in comparison to last year. .

2009, had  breaches ranged from small, regional breaches involving local businesses to national breaches involving credit and debit cards. There are also some mega-breaches with huge of people victimized. One such breach that victimized 130 million people in  2009 was

Heartland Payment Systems:

No  of Records or People Entity Date of Incident or Report Type of Incident 130,000,000                  
Heartland Payment Systems 2009-01-20 Hack, Malware

Visa and MasterCard were the first one to notice the suspicious activity and raised their warning for Heartland, N.J.-based payment system company. Turns out that Heartland was the target of one of the biggest cyber-fraud schemes ever, one allegedly carried out by a former Secret Service informant and Russian hackers. Also targeted were Hannaford Brothers, 7-Eleven and two unnamed national retailers. Almost three-dozen separate lawsuits on behalf of consumers, investors, banks and credit unions have been filed against Heartland.

  • For a complete list of breach report from Office of inadequate security, click here.
  • To know more about the reasons for decline in 2009 breach report, click  here
  • For detailed overview of top 10 damaging data breaches 2009 click here

Posted in Hacking, Information Security, Privacy | Tagged: | Leave a Comment »

Phishing

Posted by brainfoldb4u on January 1, 2010

Phishing:

One of the hot topic of 2009 Information Security industry is phishing. According to a Truster’s  recently released report with the sample of 3 million users over the period of 3 months time, it is identified that 45% of the time, users were spoofed into a fake  log on page.  The report also claimed that  most of the discovered phishing sites are live and also has the capability to bypass anti-spam and anti-phishing protection if any present on the victims browser.  Banking along with online shopping cart users are the most targeted and affected among the phishing victims.Below graph from Phishtank shows phishing sites by country of host for Nov 2009.


In phishing attack, hackers create an almost identical looking replica of a chosen banking or online shopping web site , then attempt to trick users to show personal information and log in credentials like user name, password, PIN number. Trapped user will fill the form thinking it as the legitimate website , exposing wide window of opportunity to hackers to misuse  victims sensitive information.

Hackers uses various phishing techniques to victimize users to make them access their fake web page, one such method is by sending email that pretend to be from your debit or credit card company asking you to update your personal information. Being a look-alike of a legitimate website, recipient will click on the link in the email, they are directed to the fake website and where they are tricked to expose their information.

To stay protected, below are some of the steps a user can take:

  • Check for digital signature, unless the email is digitally signed, email cannot be trusted to pass on the sensitive information.
  • Be aware of such fake emails, remember it is highly unlikely that your bank will ask your sensitive information by email.
  • When there is a need to fill in your log in details in a webpage look for https in your URL box. Also look for lock symbol on the lower right hand corner of the web browser. Double clicking the lock will enable your access to digital certificate. If you don’t see both https and secure lock do not give your information. Alternatively contact your bank by telephone.
  • Instead of clicking the link from your email message, try typing the URL into your web browser .
  • Mozilla’s current version 3.5 has good anti phishing functionality and using Mozilla Firefox may provide more advantage over phishing sites.
  • Make sure to update your web browser of choice with updated security patches.
  • Check your bank account regularly once making transaction, if you note any suspicious activities, report your bank immediately
  • Always report “phishing” or “spoofed” e-mails to the following groups:
  1. forward the email to reportphishing@antiphishing.org
  2. forward the email to the Federal Trade Commission atspam@uce.gov
  3. forward the email to the “abuse” email address at the company that is being spoofed (e.g. “spoof@ebay.com”)
  4. when forwarding spoofed messages, always include the entire original email with its original header information intact
  5. notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/

Phishing statistics for the month Dec 2009.

Phishing statistics below are from 1st December 2009 records from phishing. While visiting the below mentioned websites make sure to verify the above mentioned tips and minimize the risk of getting victimized.

Popular Targets

Top 10 Identified Targets Valid Phishes
1 PayPal 10,361
2 Internal Revenue Service 870
3 Tibia 784
4 eBay, Inc. 458
5 Facebook 439
6 Bank of America Corporation 270
7 JPMorgan Chase and Co. 202
8 HSBC Group 201
9 Google 146
10 HSBC 121

Phishing URLs

In November, 278 phishes (5% of valid phishes that month) used an IP address (i.e. http://12.34.56.78) and 4,980 (or 95%) used a domain name (i.e. http://example.com).

Top 10 Domains (valid phishes)
1 atspace.com (237)
2 submissionradio.com.au (67)
3 oksamyt-inter.com.ua (60)
4 85studio.pl (50)
5 sisek.net.ua (49)
6 virtualbattlespace2.com (44)
7 wilsden.com.au (40)
8 110mb.com (39)
9 aidastreasures.com (37)
10 dezigner.ru (34)


Posted in Browser Security, Hacking, Information Security | Tagged: | Leave a Comment »