Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Anonymous Damage Control Anybody?

Published: 2011-02-14
Last Updated: 2011-02-14 16:39:00 UTC
by Richard Porter (Version: 3)
10 comment(s)

One of our readers sent in  link to a list of passwords stolen from rootkit.com (original link removed per reader request).

Dumps of large password databases, many of which are leaked from buggy web applications, have become a quite common. We have said it before, and this is yet another reminder: DO NOT USE THE SAME PASSWORD ON DIFFERENT SITES.

rootkit.com is down right now, and I am not aware of any notification done by rootkit.com to affected users. Many of the leaked passwords have been shown to work for respective twitter and google accounts, showing that the advice is often ignored. 2 Factor Auth cannot come fast enough? 

We can't really make up our mind on whether or not to publish the list of leaked passwords. On the one hand, the users that are affected need to know about them, on the other hand, the data may be considered "contraband". We may publish a list of md5 hashes only later which would probably present a compromise (people can still look up if their password is leaked).

Even if you didn't have an account with rootkit.com, please consider not using passwords that are on the list. These passwords will likely soon be added to everybody's favorite password cracking tools.

Another indication of heavy password reuse, here a list of the top 10:

1023 123456
384 password
329 rootkit
190 111111
181 12345678
174 qwerty
170 123456789
 99 123123
 91 qwertyui
 89 12345
 87 letmein
 76 1234
 72 abc123
 69 dvcfghyt
 67 000000
 55 r00tk1t     <- one advice some people follow is to use a password derived from the site name. Not always a good idea. Maybe these people use 'g00gl3' to log into google?
 51 ìîñêâà
 49 1234567
 46 1234567890
 45 123

 

Richard Porter

--- ISC Handler on Duty

(updated by Johannes Ullrich)

10 comment(s)

Network Visualization

Published: 2011-02-14
Last Updated: 2011-02-14 04:14:11 UTC
by Lorna Hutcheson (Version: 1)
17 comment(s)

One area of interest that I have is network visualization.  What I'm referring to is being able to visually see the traffic flows and patterns to determine anomolies or events of interest.  We have so much information with our networks today, that it is difficult to process all of it.    The trend seems to be getting worse and reverting back to my good ole Army days of "Do more with less".  With the economic times we live it, it always seems that security is one area that takes a hit.  So, we have to work smarter and network visualization is one area that I think has great potential, but seems to be very under developed. 

I haven't explored what's out there in a couple of years.  What was out there that I experimented with it were tools such as:

  • Time-based Network Traffic Visualizer (TNV)
  • NVisionIP
  • Spinning Cube of Potential Doom
  • VisFlowConnect
  • FlowTag
  • InetVis

However, these tools had a long ways to go before they could really be effective on a large scale.  Some were java based and SLOW (others were just slow) when processing any significant amount of data.  However, what they did do, was pretty impressive for being able to visually make sense of a pcap file or your netflow data.  They work great for looking at small chunks of traffic and helping immediately see anomolies.  If this could just be channeled into a near real-time scenario for monitoring networks, that would be fantastic.

I did some quick google searches and didn't turn up any thing new in this arena.  If anyone has any experience with network visualization or knows of any tools or work being done, please let us know.

17 comment(s)
Diary Archives