Password Cracking Anyone? Here Are 10 Tools To Help You!

Password Cracking Anyone? Here Are 10 Tools To Help You!

20140629-102016-37216072.jpg

Thursday, April 24, 2014: While a great deal of time and effort is invested in designing and developing a software, it only takes a few seconds to bring it down on its knees via hacking. You might choose one of the most secure passwords (according to you, that is) for your online activities, but the fact is cracking the same is no big deal. With the right tools at hand, cracking a password can be a walk in the park. However, in all purposes, do remember the deed takes considerable risk. Do it at your own risk!

1.Brutus

Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free. It is available for Windows 9x, NT and 2000, there is no UNIX version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page.

2.Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

3.RainbowCrack

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables. RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers.

4.SolarWinds

Transform the complexity of IT security and compliance management with SolarWinds Log & Event Manager (LEM) — powerful, easy-to-use Security Information & Event Management (SIEM) in an affordable, all-in-one virtual appliance.

5.L0phtCrack

L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. Yet it is still the easiest to use password auditing and recovery software available. Software runs On Windows XP and higher. Operates on networks with Windows NT, 2000, XP, Server 2003 R1/R2, Server 2008 R1/R2, on 32- and 64-bit environments, as well as most BSD and Linux variants with an SSH daemon.

6.Medusa

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.

7.Ophcrack

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

8.THC-Hydra

A very fast network logon cracker which support many different services.

9.John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

10.Aircrack

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimisations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Saurabh Singh, EFYTIMES News Network

How to create strong passwords

How to create strong passwords June 4, 2014 By: Marta López

20140608-140501-50701206.jpg

Quite honestly, you can never be told enough about strengthening your passwords and their security! Of course, that is my opinion.

We have often said that having strong passwords can save you a lot of headaches when it comes to protecting your digital life.

Today we are going to offer you a few tips on how to make a password that will make things a bit more difficult for those malicious individuals who want to take control of your email or social network accounts or any other online services you use.

How to create strong passwords
Use numbersInclude letters as wellCombine upper and lower caseAdd symbols such as: @, #, ? or %Where possible, it should be a minimum of eight characters long. The longer it is, the more difficult it will be to guessNever use a sequence of numbers or letters: 123456, 987654, abc123Don’t use a sequence of adjacent keyboard letters either: qwer123; asd987Ideally, your passwords shouldn’t be something directly related to you. Don’t use your name or date of birth

Things you shouldn’t do with your password
Use the same password for different services, social networks, online banking, etc. If you always use the same one, if someone gets hold of it, they will have access to your entire digital world.Write it down somewhere: mobile phone, address book, etc. Neither should you leave it next to your computer!Leave it stored in browser histories. Even though it’s more hassle, it’s better to enter your password manually whenever you visit a site.

What you should do with your passwords
* There are many tools available on the Internet to check their strength.

* Change them from time to time.

* Use a password manager like the one in Panda Global Protection 2014. This way, you will only have to remember one password and, as you don’t have to memorize all of them, you can set different, more complex passwords for each service.

Changing Your Password Won’t Rid You Of Heartbleed; Awareness Will!

20140412-180738.jpg

Good news is the open-source SSL encryption software the bug affects has already been updated with a new, secure version.
Friday, April 11, 2014: Even as the highly toxic Heartbleed bug leaves countless databases all over the globe open and exposed, you might be considering changing your password as the one clear choice for saving all that is left of the online you. However, take note, simply changing your password won’t do you any good. Shocked? Panicked? Well, don’t be! There’s a way out, it’s called keeping your eyes and ears opened!

The Heartbleed bug has left quite a few of your favourite websites (including Google, Flickr and Steam) running for cover, however, the bug in question is a tough cookie to crack: simply changing the password is not enough to get rid of the same. What makes it so lethal and hard to remove is the fact that Heartbleed isn’t your everyday database leak or a list of plaintext logins but a flaw in one of the web’s most prevalent security protocols. While updating your password might be ideal in all probability, until the time affected websites patch their servers to block the exploit, password changes won’t just be enough.

Good news is the open-source SSL encryption software the bug affects has already been updated with a new, secure version. Websites only need to upgrade hereon to the latest version of Open-SSL to protect their users. Companies like Google have already done the same, while others are following suite. Users must be aware of which websites were vulnerable and check them to see if they’re patched, safe and sound. It must be noted that GitHub and Mashable have compiled lists of popular websites, services and social networks, much to the relief of the users, noting if they were affected and in some cases, even if they’ve been patched.

The newly discovered Heartbleed Bug affects some older versions of common internet encryption software. Upon infection, the Bug could lets hackers get hold of both a website’s secure content as well as the encryption keys that protect that content. An attacker could both obtain your private and supposed secure information from a given website in the aftermath as also impersonate the same. The Bug has been in the wild for almost two years now, claim researchers. Therefore, the probability that some of the online data is already at risk cannot be negated. Although an updated software has been built to counter the Bug, many believe the scale of it could leave significant amount of data open to theft for a long time to come before full recovery.

Saurabh Singh, EFYTIMES News Network

The Heartbleed Hit List

The Heartbleed Hit List: The Passwords You Need to Change Right Now

20140410-150906.jpg

An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.

But it hasn’t always been clear which sites have been affected. Mashable reached out some of the most popular social, email, banking and commerce sites on the web. We’ve rounded up their responses below.

SEE ALSO: How to Protect Yourself From the Heartbleed Bug

Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you’ll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn’t already compromised, but there’s also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure.

Although changing your password regularly is always good practice, if a site or service hasn’t yet patched the problem, your information will still be vulnerable.

Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you’ll need to change the password everywhere. It’s not a good idea to use the same password across multiple sites, anyway.

We’ll keep updating the list as new information comes in.

Social Networks Affected

Who Is On My Wi-Fi?

http://www.whoisonmywifi.comimage

http://lifehacker.com/who-is-on-my-wi-fi-shows-you-who-else-is-using-your-net-1504773036?utm_campaign=socialflow_lifehacker_facebook&utm_source=lifehacker_facebook&utm_medium=socialflow

Appears to be a very useful tool, both at home and travel.  Article is worthy of a moment of attention.

Passwords and New Jobs…

If you have a Facebook, Twitter, or any other social networking account, can you be asked for you account and its password?  Short answer, YES they can ask but you do not have to give it up…I imagine that depends upon how badly you need the job, also.  This does seem to be the big rave on the news, other than the Obama-Care challenge.

There is software that companies tend to use to sift through the internet to find out if anyone is talking bad about their company AND people have been fired for talking bad about the company that they worked for (note the operative term “worked”).  You have an obligation to not denigrate the company you work for and many of them have policies that reflect such a thing.  If you cross the line you should be held accountable…if only it were a perfect world where everyone was held to the same standard!  But anyway…

You have a right to privacy and there are certain lines that should not be crossed.  While on Facebook, I had posted the article “Should Companies be allowed to ask for your Facebook Password?” by Tuan C. Nguyen.  Someone answered with a comment essentially saying that if a company did ask for my password I could not work for them because they acting unethically (they want their passwords to be secure, but want yours?) and it would be a security violation of password sharing which is frowned upon in the IT community.  And he is definitely right…one of the first things you are taught is security & protection.

Until the next exciting adventure!

 

References:

http://www.smartplanet.com/blog/thinking-tech/should-companies-be-allowed-to-ask-for-your-facebook-password/10872?tag=nl.e660

 

Secure eMail

I recently read a c|net article about an interesting web-site and its service.  The article is “This email will self-destruct…” and mentioned the services at https://oneshar.es, which permits a person to send a one-time message; after the url is accessed one time the information is destroyed and removed from use.  I was rather curious about it and queried Mr. Cipriani about what happened to the information, of which he verified that the information was removed from the system.

This has spectacular possibilities for secure email or messaging.  There are some applications which you can encrypt the message and then you could send via oneshar.es the password or passphrase.  You could just send out a one time message to a person.  In either case, you can determine how you wish to use it, but it is one of those useful applications that may be handy to you, one day.

Keep it on the back burner for now.

http://howto.cnet.com/8301-11310_39-57377686-285/this-e-mail-will-self-destruct..–heres-how/