Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The majority of passwords revealed in the recent Hotmail phishing attack would not have taken much cracking in the first place, according to a researcher at security firm Acunetix.Bogdan Calin said in a blog post that an analysis of the phishing attack and the hacked accounts revealed that the most common password was '123456'.The details of some 10,000 Windows Live Hotmail accounts were posted online by an anonymous hacker earlier this week, and Calin suspects that it was rather a crude attack that managed to grab just low-hanging passwords."My impression is that these passwords have been gathered using phishing kits. Even more, the phishing kit used most probably was badly designed. I think it just returned an error message after grabbing the credentials. I noticed this because some of the passwords are repeated once or twice (sometimes with different capitalisation)," he wrote."What most probably happened is that the users didn't understand what was happening, and they tried to enter the same password again and again, thinking the password was wrong."Calin found that the most popular passwords were rather similar, and that the majority were made up of alphanumeric combinations, as opposed to the often recommended letter/number/symbol combinations. Sixty-four accounts used '123456', and the second most common was '123456789' with 18 users.Forty-two percent of users stuck with lower case alpha passwords containing only characters from 'a' to 'z', and 19 percent used numeric passwords containing only the numbers '0' to '9'. Just six per cent used mixed passwords containing letters, numbers and other characters.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.