• Skip to content

User Control Panel Search iVirtua Advanced/Tag Search... Search Users... What is iVirtua Exclusive Community? An exclusive gaming industry community targeted to, and designed for Professionals, Businesses and Students in the sectors and industries of Gaming, New Media and the Web, all closely related with it's Business and Industry. A Rich content driven service including articles, contributed discussion, news, reviews, networking, downloads, and debate. We strive to cater for cultural influencers, technology decision makers, early adopters and business leaders in the gaming industry. A medium to share your or contribute your ideas, experiences, questions and point of view or network with other colleagues here at iVirtua Community. Guest's Communication Live Chat Teamspeak (VOIP) Audio Conference Private Messages Check your Private Messages Themes Choose an iVirtua Community theme to reflect your interests... Business Theme India/Arabic Theme Gaming Theme iVirtua Recommends Fly Emirates

Google serves up surprise password cracking function Digg Topic • Tag topic on On del.icio.us • Technorati Search • Post to Slashdot You are currently in Programming, Web and Software Design/Development Mon Dec 24, 2007 6:33 pm Reply and quote this post A Cambridge University researcher successfully used Google tounearth a password used by an attacker to compromise its security blog. The attacker created an account in Wordpress when he attacked the Light the Blue Touch Paperblog, the online journal of the Computer Laboratory at CambridgeUniversity. Wordpress stores passwords as MD5 hashes without salting, aprocess that adds length and complexity to password hashes. Curious to know what this password might be, Cambridge researcherSteven Murdoch tried a dictionary attack in both English and Russian(the likely native language of the attacker). Rather than building a rainbow table that maps passwords to hashesfor a more exhaustive range of possible inputs, Murdoch plugged the MD5into Google which revealed multiple sites featuring the word "Anthony",the attacker's password. The approach hit on a result because the hashwas in the URL.    Quote: "This makes a lot of sense - I've even written code which does thesame. When I needed to store a file, indexed by a key, a simple optionis to make the filename the key's MD5 hash. This avoids the need toescape any potentially dangerous user input and is very resistant toaccidental collisions," Murdoch notes. The new variant on Google hacking illustrates a couple of importantpoints: that Google is indexing password hashes, albeit inadvertently,as well as everything else; and that MD5 hashes without salting arenext to useless. Murdoch's posting on his findings has sparked a lively thread on the Light the Blue Touch Paper blog. One respondent created a utility that lets users find out if their passwords are safe. Using hard to guess passwords is simple common sense that somehowoften gets overlooked. As one poster notes, searching for hashes ofcommon default passwords such as "admin" throws up database dumps andthe likes. Contributed by Editorial Team, Executive Management Team 372659 iVirtua Loyalty Points • View Profile • Send Private Message • Back to Top Related Articles Sticky: Google OpenSocial API consistent app platform, ... How to Make a Password Strength Meter Like Google Javascript Include Function that works Photos: Cracking open the iPod Nano Photos: Cracking open a digital camera how to enable the spelling check function in th... Rasta Surprise Iwata promises to continue to surprise cus... Page 1 of 1

iVirtua Latest Latest Discussion Discuss... General Discussion / Current Affairs The Great Debates! Gaming Entertainment, Film, Music, Mobile Microsoft / Windows Apple Software Hardware, Internet, Comms Business and Industry Programming and Web / Software Dev Graphic / Web Design Film, Photography, Animation Latest Articles and Reviews Latest Downloads Subscribe to the iVirtua Community RSS Feed Use RSS and get automatically notified of new content and contributions on the iVirtua Community. Tag Cloud access amd announced applications author based beta building business card case company content cool core course cpu create data deal dec demo design desktop developers development digital download drive email feature features file files firefox flash free future gaming google graphics hardware help industry information intel internet iphone ipod jan launch linux lol love mac market media memory million mobile money movie music net nintendo nov nvidia oct office official online patch performance playing power price product program ps3 pst publish ram release released report rss sales screen search security sep server show size software sony source speed support technology thu tue update video vista war web website wii windows work working works xbox 360 2006 2007 2008

© 2006 - 2008 iVirtua Community (UK), Part of iVirtua Media Group, London (UK). Tel: 020 8144 7222

Terms of Service and Community Rules • Advertise or Affiliate with iVirtua • RSS • Press Information and Media Coverage • iVirtua Version 4 • Privacy • Contact