Gizmodo: passwords

Remainders - Things We Didn't Post

Wilson Rothman — Tue, 13 Oct 2009 23:00:00 EDT

If Robots Killed People, Soldiers Wouldn't Have To...Sweden Disappears from the Internet For a Day...Over 95% of People Screw Up Username and Password...Founder of Jedi Religion "Intimidated" By Shopkeepers

Oh ED, you're a lifesaver! A general who lead an infantry division in Iraq recently said that of the 155 men killed in combat, 122 could have lived if autonomous robots were doing the shooting instead. (Strangely, the other 33 would have died whether robots were around or not.) Replacing infantrymen with robots is a no brainer if you want to save your own boys, but Smokey from The Big Lebowski would probably say if nothing did the killing, even more lives would be spared. [Wired]

Am I reading this right? Slashdot says the entire domain .se—a million souls, I mean sites—up and vanished from the internet. Some didn't deliver successful replies for more than a day. Maybe I need to call Tim Berners-Lee for interpretation, but I don't get why more people aren't freaked out that an entire country up and disappeared, even if it was just for a moment. [Slashdot]

[Edit: This has been one of the most traumatic moments in my life. J.D.]

Someone did a comprehensive study of 836 people to see how people managed to keep username/password logins straight in their head. The test noted that only 4.4% of people showed no "deviations" from the ideal password rules, deviations including jotting down the password, reusing it time and again, using a deliberately short password or—and here's probably where most people failed-having no mix of characters and symbols. Having "best practices" that insanely rigid probably upped the failure rate substantially, but I think the important thing here—as Ars points out—is that the username/password system is a joke to begin with. [Ars Technica]

The 23-year-old guy who founded the International Church of Jediism obviously needs to watch Star Wars a few more times. The other day, he wore his hood into a supermarket and got yelled at something fierce. His very Jedi response? To run to the press and cry like a little bitch:

They said: 'Take it off', and I said: 'No, its part of my religion. It's part of my religious right.' I gave them a Jedi church business card.

No lightsabers, no waving of the hand in the air, not even "Lightning bolt! Lightning bolt! Lightning bolt!" Just a business card? He continues:

They weren't listening to me and were rude. They had three people around me. It was intimidating.

"Intimidating"? For a Jedi? Just remember, intimidation leads to anger. Anger leads to hate. Hate leads to suffering. Don't look now, but I think someone's headed for the Dark Side. [Guardian UK]

The Most Popular Password Is 123456 (Just Like Spaceballs)

Mark Wilson — Thu, 08 Oct 2009 16:20:00 EDT

I don't know whether to laugh or cry. With the list of 10,000 email passwords that's been making the rounds following Hotmail/Gmail/etc phishing, Bogdan Calin of Acunetix analyzed the data for real-world trends. The results are shamefully funny.

"123456" was the most popular password, appearing 64 times. Yes, that's but one digit away from this famous Spaceballs clip:

Other trends? The next top 20 most popular passwords were Spanish names, just under half the population used all lower case letters, and only six percent of the population used an alphanumeric combination.

Also, about 20% of the passwords were only six characters long...though the longest password was the awesome "lafaroleratropezoooooooooooooo". [The Inquirer]

Hacking Road Signs Is Frightningly Easy and Funny (and Illegal)

Mark Wilson — Thu, 22 Jan 2009 10:50:00 EST

You should never hack a road sign as part of a prank. But what if you know that there really are Zombies ahead? What then??

Apparently, while most road sign control pads are placed in a lock box, that box is rarely actually locked. And while most road signs are under password protection, that password is most generally just the default code "DOTS"—or you can easily reset the password by holding "shift" and "control" while typing "DIPY" (so that it just defaults to "DOTS" again).

Of course, it makes sense that road signs aren't all that protected. Most of us would hope that you wouldn't be such a jackass as to take swap useful information for some joke about ninjas and/or pirates. [iHacked via Geekologie]

Suspected Sarah Palin E-Mail Hacker is the Son of a State Representative

Sean Fallon — Mon, 22 Sep 2008 12:07:13 EDT

Last week it was revealed that the Palin email "hack" was little more than a lucky guess and that a trail of evidence existed that would likely lead the authorities to an arrest. Apparently, this evidence has lead the FBI to the home of a 20-year-old student at the University of Tennessee named David Kernell. To make matters worse, David is the son of Democratic Tennessee state representative Mike Kernell. The apartment was thoroughly searched, but no criminal charges have been filed just yet. I suppose it goes without saying, but if Kernell is found guilty, this simple hack may bring both his life and his father's political career to a screeching halt. [CNET]

Palin Email "Hack" Was Hardly a Hack at All

John Mahoney — Thu, 18 Sep 2008 19:00:00 EDT

The screamingly obvious trail of evidence left behind by the person who broke into Sarah Palin's Yahoo mail yesterday should have been the tip-off—this was not an elite job. According to postings on the troll-hive forum 4chan dug up by Threat Level, all the perp did was guess her password-resest security question correctly after a few seconds of Googling.

The question was: Where did you meet your spouse? A fact that is readily available in the now flooded stream of Palin info on the web—they met in high school, and that's all it took to start the shitstorm. The 4chan post also further illustrates that the whole thing was done by someone well over their head:

yes I was behind a proxy, only one, if this shit ever got to the FBI I was fucked, I panicked, i still wanted the stuff out there but I didn’t know how to rapidshit all that stuff, so I posted the pass on /b/, and then promptly deleted everything, and unplugged my internet and just sat there in a comatose state

Read the complete post over at Wired, and pick up an excellent primer to making sure your email and other online accounts are as secure as possible with this great guide by our friends at Lifehacker. [Threat Level, Lifehacker]

Study: 88% of IT Pros Would Steal Passwords or Data if Fired

John Mahoney — Tue, 02 Sep 2008 09:00:00 EDT

If you needed another reason to keep your sysadmins happy: Out of 300 IT pros polled by security company Cyber Ark, 88% said they would steal sensitive data or futz with master login passwords if they happened to be fired. Granted, this is a study publicized by a company that offers services to protect networks against internal rogue operators, but the more data like this that comes out, the nicer our brave IT managers are likely to be treated. Or, the more ridiculous security barriers will be put in place to keep the good ones from easily doing their jobs—one or the other. So perhaps we should have our own informal comment survey—IT dudes: Would you go 21st century postal on your employers if you were let go? [Ars Technica, Image: shearforce]

San Francisco's Disgruntled IT Worker Shared the Secret Password With Mayor Newsom

Matt Hickey — Tue, 22 Jul 2008 23:30:00 EDT

After having seen The Dark Knight three times over the last weekend I can't help but think this would be a great scene for the next film (which had better not be called Caped Crusader): A city municipal worker in the IT department changed some very important passwords and refused to give them up, even after jailed. Strangely, from his cell, he divulged the code to just one man, the city mayor, in a secret meeting that even the DA and police didn't know about. The IT tech, Terry Childs, wasn't up to any nefarious deeds, or so he says, he just didn't want his co-workers to mess up his huge system, and can anyone who's ever worked in IT blame him? [SFGate]

What Would Chicks Do for a Klondike Bar? Give Up Their Password

matt buchanan — Wed, 16 Apr 2008 14:20:00 EDT

I thought that the whole chicks would do anything for chocolate stereotype was just, you know, a stereotype, but vaguely scientific market research proves it's true! Infosecurity Europe went around posing as marketers, offering people chocolate bars in exchange for their computer passwords, and 45 percent of the women gave it up like prom night. Only 10 percent of the dudes went for it. Of course, it's totally possible the women were actually more conniving in their desire for the chocolate, and they all just lied about their password, while only 10 percent of the guys were able to devise such a clever ruse. I mean, that's what I would've done. [McSolutions via The Raw Feed]

DIY Alphanumeric Password Generator. Verdict: Pretty 4UC387G Useful

Kit Eaton — Fri, 04 Apr 2008 09:04:20 EDT

How secure are your passwords? Probably not very. The guys over at Popsci have a neat partial solution to that problem: a DIY alphanumeric random password generator. Made with an Olimex AVR development board and some custom software, the gizmo produces 16-character passcodes on its LCD at the press of a button. No dictionary words, no girlfriends' names. Just nice, secure random letters and special characters. All it takes is $43 worth of stuff, and some soldering. The only problem: in the published version, passcode saving isn't enabled, so you'll have to write those secure beasties down somewhere. If you make one, give it a post-1988 case won't you? [PopSci]

Vista Launch Party Security

Noah Robischon — Mon, 29 Jan 2007 22:07:01 EST

Just after Bill Gates and Steve Ballmer finished the official launch announcement, I went to check out a few of the PCs on display that were running Windows Vista. So I strolled over to this laptop and was wondering how to log on when I noticed the handy piece of tape at the bottom of the keyboard with all the users and passwords. No matter how good the operating system gets, some users will never change. –Noah Robischon