Website Warnings
We received an email today from a lady who runs a website that helps to look for and locate missing children. She has been using Google Alerts to get the information out about the children they are trying to locate. Unfortunately someone has compromised one of the links and it was passing infections to those who have visited the page. The lady was really disappointed and angry that someone would do something so awful to such a good cause.
Unfortunately this is happening more often than you realize. Websites that are trying to improve our world, trying to help those who can't help themselves, business websites and social networking sites have all fallen victim to these bad players.
As I mentioned in my diary yesterday we had a customers website that was Gumblar'd. We disabled the website and changed the FTP and Admin password on the account. It was really a good thing that we did. I checked my logs this morning and sure enough - the perp that compromised the account must have discovered that his little BOT had died and was attempting to login last night to revive it. Fortunately they were unable too and now we have firewalled them so that they can't get to any of our servers again.
So this is just a word of warning. You can't be sure that you will not visit a website that has some malware imbedded so make sure you protect yourself. Make sure that you use a good anti-virus, make sure that you use a firewall, make sure that you use good, strong passwords and change them often. There are several sites on the Internet that will tell you how strong you passwords are. A couple that I have used are:
www.microsoft.com/protect/yourself/password/checker.mspx
www.securitystats.com/tools/password.php
We all need to do our part to minimize the damage done by the bad guys and try to help to teach our friends, relatives and neighbors to protect themselves as well. To all of you that do, thanks a bunch. You help to make our Internet a safer place for all.
Deb Hale Long Lines, LLC
Comments
If you check the password "abc" the test says mid-strenght.
"12345678" get half of the strenght the "abc" got.
"abc" = 36^3 = 46.656 possible combinations
"12345678" = 36^8 = 2.821.109.907.456 (!) possible combinations
(special characters excepted)
So where's my error in reasoning?
Robert
Aug 2nd 2009
1 decade ago
"abc" => 3 * (Log 52 / Log 2) = 17.1 (assuming alpha symbols only)
"12345678" = 8 * (Log 10 / Log 2) = 26.6 (assuming numeric symbols only)
I guess the site is using its own scoring mechanism.
Dee
Aug 2nd 2009
1 decade ago
Jason
Aug 3rd 2009
1 decade ago
Using your formula.
"Ye%s4e" => 6 * ( Log (26+26+10+28) / Log 2 ) = 39.0(assuming 26 upper alpha, 26 lower aplha, 10 digits, and ~!@#$%^&*()-=+_\][{}/<>?'";: as allowed symbols).
Jason
Aug 3rd 2009
1 decade ago
Both think this is very strong: Absalon06
Both think this is weak: c196e35a5fd79622f878c3edca77ff5b
And more surprising both think Microsoft.com is strong as a password.
Does anybody know about a place to make a valid test of password strength?
StenC
Aug 8th 2009
1 decade ago
According to this site, Absalon06 and Hex string is just strong
Guy
Aug 8th 2009
1 decade ago
Absalon06 --> 60%
Absalon06-- --> 82%
Absalon06---- --> 0% (very weak)
ae345ge3r5789654 is very weak!
ae345ge3r57896 is strong!
It seems that evaluating password strength is a challenge.
StenC
Aug 10th 2009
1 decade ago