Website Warnings

Website Warnings
We received an email today from a lady who runs a website that helps to look for and locate missing children. She has been using Google Alerts to get the information out about the children they are trying to locate. Unfortunately someone has compromised one of the links and it was passing infections to those who have visited the page. The lady was really disappointed and angry that someone would do something so awful to such a good cause. Unfortunately this is happening more often than you realize. Websites that are trying to improve our world, trying to help those who can't help themselves, business websites and social networking sites have all fallen victim to these bad players. As I mentioned in my diary yesterday we had a customers website that was Gumblar'd. We disabled the website and changed the FTP and Admin password on the account. It was really a good thing that we did. I checked my logs this morning and sure enough - the perp that compromised the account must have discovered that his little BOT had died and was attempting to login last night to revive it. Fortunately they were unable too and now we have firewalled them so that they can't get to any of our servers again. So this is just a word of warning. You can't be sure that you will not visit a website that has some malware imbedded so make sure you protect yourself. Make sure that you use a good anti-virus, make sure that you use a firewall, make sure that you use good, strong passwords and change them often. There are several sites on the Internet that will tell you how strong you passwords are. A couple that I have used are: www.microsoft.com/protect/yourself/password/checker.mspx www.securitystats.com/tools/password.php We all need to do our part to minimize the damage done by the bad guys and try to help to teach our friends, relatives and neighbors to protect themselves as well. To all of you that do, thanks a bunch. You help to make our Internet a safer place for all. Deb Hale Long Lines, LLC	Deborah 279 Posts ISC Handler Aug 1st 2009
Thread locked Subscribe	Aug 1st 2009 1 decade ago
The password test over at securitystats.com makes me a bit confused. If you check the password "abc" the test says mid-strenght. "12345678" get half of the strenght the "abc" got. "abc" = 36^3 = 46.656 possible combinations "12345678" = 36^8 = 2.821.109.907.456 (!) possible combinations (special characters excepted) So where's my error in reasoning?	Anonymous
Quote	Aug 2nd 2009 1 decade ago
Password strength is usually taken to be the entropy: L * (Log N / Log 2) where L is the length and N the number of symbols. "abc" => 3 * (Log 52 / Log 2) = 17.1 (assuming alpha symbols only) "12345678" = 8 * (Log 10 / Log 2) = 26.6 (assuming numeric symbols only) I guess the site is using its own scoring mechanism.	Damien 1 Posts
Quote	Aug 2nd 2009 1 decade ago
To which of course - Both of those websites are NOT https and therefor not secure. Now, go change your passwords again ;)	Jason 7 Posts
Quote	Aug 3rd 2009 1 decade ago
According to Microsoft - Ye%s4e - is a weak password. Thanks, Microsoft. Using your formula. "Ye%s4e" => 6 * ( Log (26+26+10+28) / Log 2 ) = 39.0(assuming 26 upper alpha, 26 lower aplha, 10 digits, and ~!@#$%^&*()-=+_\][{}/<>?'";: as allowed symbols).	Jasey 93 Posts
Quote	Aug 3rd 2009 1 decade ago
Two interesting links: Both think this is very strong: Absalon06 Both think this is weak: c196e35a5fd79622f878c3edca77ff5b And more surprising both think Microsoft.com is strong as a password. Does anybody know about a place to make a valid test of password strength?	Sten 4 Posts
Quote	Aug 8th 2009 1 decade ago
You can also try this site to test your password: passwordmeter.com According to this site, Absalon06 and Hex string is just strong	Guy 512 Posts ISC Handler
Quote	Aug 8th 2009 1 decade ago
Thanks, this is better but far from good: Absalon06 --> 60% Absalon06-- --> 82% Absalon06---- --> 0% (very weak) ae345ge3r5789654 is very weak! ae345ge3r57896 is strong! It seems that evaluating password strength is a challenge.	Sten 4 Posts
Quote	Aug 10th 2009 1 decade ago