Password Cracking – Part 1 – Passwords

This is the beginning of the Password Cracking course within the Tech Tips (previously known as the Hacker Institute). A preview. Enjoy!

What are Passwords?

A password, also known as a PIN, passcode or secret code, in its simplest form, is just a secret word or phrase used for authentication, to determine whether you are who you say you are. Nowadays when you hear the word password, you automatically assume they are talking about a website or something related to computers and other electronic devices, but computers haven’t always been around, passwords have.

Where did Passwords originate?

Passwords have been around since before you or I can remember. In ancient times, as recorded in literature, they were used by sentries to challenge people who wished to enter their territory. If the approaching people knew the “watchword”, then they were allowed to pass. If not, then they were shot in the throat with a couple arrows, left to die, and then brought in for food. Actually, I don’t know about the last part.

After some research I have yet to figure out where passwords originally originated from, but I would assume it’s safe to say they have been around since cave men time. Keeping cavemen out of the caves they don’t belong in.

How are Passwords used?

Passwords are a big part of our daily life. We have passwords to protect our email, voicemail, phones, ATM cards, lockers, online banking, wireless networks, encrypted data and I can go on forever! Well maybe not forever, but you get the point.

As you can see, we need to keep them secure because if they fall into the wrong hands bad things will happen. Let’s take a look at some possible outcomes that could happen if such a thing happened.

 
• Your bank account could be emptied to fund a large purchase of socks for Judith’s sock fetish.
• Your sensitive email could be read by the stalker next door.
• You could be visited by the FBI after your wireless network was used to surf child porn.
• Your gym locker could be emptied, except for your pubic lice shampoo that was left out for everyone to see.
• Your love for your friend’s grandmother could be exposed after your Facebook messages were read and made public.

As you can see, none of the above situations are delightful to experience. This is why it is extremely important to know how to secure and create strong passwords. After reading the above, you are probably sweating profusely,trembling in your chair and thinking to yourself, “Oh no! I don’t know how to secure and create strong passwords!?” but don’t worry!

TA DA DA TA! I, David, will show you how, my young apprentice.

  Log into the rohanhande.blogspot.com  to receive access to the full Password Cracking course.

At hacking contest, Google Chrome falls to third zero-day attack

B y RohanLast updated about 2 hours ago

"These kinds of things are finicky." Within seconds of this machine visiting a booby-trapped website, it was commandeered by a remote-code attack that exploited a fully patched version of Chrome.

Google's Chrome browser on Friday fell to a zero-day attack that pierced its vaunted security sandbox, the third such attack in as many days at a contest designed to test its resistance to real-world threats.
A teenage hacker who identified himself only as PinkiePie said he spent the past week and half working on the attack. It combined three previously unknown vulnerabilities to gain full system access to a Dell Inspiron laptop that ran a fully patched version of Chrome on top of the most up-to-date version of Windows 7. He spent the past three days holed up in hotel rooms and conference areas refining attack so it would break out of the sandbox, which was designed to prevent code-execution attacks like his, even when security bugs are identified.
"These kinds of things are finicky" PinkiePie told reporters as he finished a blueberry yogurt just minutes after making his booby-trapped website display a picture of a pink pony wielding a medieval axe. He said he "got lucky" because he found a way to break out of Google's sandbox relatively early and then spent the rest of the time identifying vulnerabilities that allowed him to remotely funnel code through the system.
PinkiePie said all three of the vulnerabilities resided in code that's native to Chrome. A Chrome security researcher, who asked not to be named because he wasn't authorized to speak to reporters, said his colleagues in Mountain View, California, were already analyzing the exploit and vulnerability details to confirm that account. If it pans out, the hack will qualify for a $60,000 prize, the top reward for the Pwnium contest Google is sponsoring at the CanSecWest conference in Vancouver.
Google is offering prizes of $60,000, $40,000 and $20,000 under the competition in an attempt to learn new strategies for fortifying Chrome against attacks that expose sensitive user data or take control of user machines. PinkiePie is only the second contestant to enter the contest. Both have demonstrated attacks that allowed them to take control of Chrome users' machines when they do nothing more than browse to an attack site.
On Wednesday, a Russian researcher named Sergey Glaznov bundled two vulnerabilities into his own remote code-execution attack. Less than 24 hours later, Google shipped an update fixing the holes. At the separate Pwn2Own contest a few feet away, a team of researchers successfully exploited Chrome on Wednesday, but it's now almost certain that attack relied on Adobe Flash to break out of the safety perimeter.
The five vulnerabilities exposed during the third and final day of the contest are miniscule compared to the overall number of bugs Chrome's security team fixes each year. A member of the team said the value of Pwnium isn't in the number of bugs that come to light, but rather in the insights that come from watching how a reliable exploit is able to slip through carefully crafted defenses.