Re: Password trading problem

[John S.Whitford <jswhitford () acm org>]

On Tue, 3 Aug 2004 15:50:19 -0400 , you wrote:

> Hi
> I've got a client who has an adult themed, password protected, web site and
> I'm in charge of doing a security review of it.  This was brought about by
> the admin noticing a huge amount of logins from a single account across many
> different IP addresses.  I imagine that this is the result of password
> trading online and as part of my security audit I would like to develop a
> list of these sites which offer message forums for password 'testing', adult
> 'testing', web 'testing' etc...meaning password cracking, and scan for my
> clients site within their lists to make sure no passwords/accounts have been
> cracked and being shared.  Does anyone have any ideas?  Thanks.

Just make sure that the ID can't be logged in multiple times and it will police
itself. But, that should already be in place for ppv sites.

jsw

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------