Dailydave mailing list archives
Re: phpbb.com hacked...
From: Robert Graham <robert_david_graham () yahoo com>
Date: Fri, 6 Feb 2009 15:12:23 -0800 (PST)
I ran the passwords through an analysis program to gather statistics on them. I posted a summary of the results here: http://www.darkreading.com/blog/archives/2009/02/phpbb_password.html 35% of passwords are 6-characters. Here is the top 20 list: Here is the top 20 passwords from the phpbb dataset: 3.03% "123456" 2.13% "password" 1.45% "phpbb" 0.91% "qwerty" 0.82% "12345" 0.59% "12345678" 0.58% "letmein" 0.53% "1234" 0.50% "test" 0.43% "123" 0.36% "trustno1" 0.33% "dragon" 0.31% "abc123" 0.31% "123456789" 0.31% "111111" 0.30% "hello" 0.30% "monkey" 0.28% "master" 0.22% "killer" 0.22% "123123" Why are "dragon", "master", and "killer" so popular? Since the phpbb dataset includes e-mail addresses, I'm thinking of e-mailing the people and ask them why they chose that particular password. Likewise, while I know that "trustno1" was a password used in the X-Files, I forget where "letmein" and "monkey" come from (I know they were used in movies/tv, I just forget which ones). --- On Wed, 2/4/09, Dave Aitel <dave.aitel () gmail com> wrote:
From: Dave Aitel <dave.aitel () gmail com> Subject: [Dailydave] phpbb.com hacked... To: "dailydave" <dailydave () lists immunitysec com> Date: Wednesday, February 4, 2009, 4:14 PM An interesting post on how a real site got hacked. You rarely see this level of detail. http://hackedphpbb.blogspot.com/ -dave (kudos to Ryan Naraine for pointing this link out!) _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- phpbb.com hacked... Dave Aitel (Feb 04)
- Re: phpbb.com hacked... Robert Graham (Feb 06)
- Re: phpbb.com hacked... Jeremie Le Hen (Feb 27)
- Re: phpbb.com hacked... Ary Kokos (Feb 27)
- Re: phpbb.com hacked... Martin Zember (Feb 27)
- Re: phpbb.com hacked... Ary Kokos (Feb 27)
- <Possible follow-ups>
- Re: phpbb.com hacked... Robert Graham (Feb 07)
- Re: phpbb.com hacked... Juha-Matti Laurio (Feb 27)
- Re: phpbb.com hacked... Fyodor (Feb 27)