This short post looks at passwords attacks that were launched during 5 months’ period against a small web server of ours in 2013.
There are a lot of statistics about what is the most prolific passwords we use to login to our online accounts. What we were interested in was what passwords are being used to guess logons to online systems. We setup a WordPress website and started logging passwords tried against that website. Here are some results after about 5 months of monitoring and over 11,000 of logged attacks.
This attack taxonomy includes most common attacks on passwords. The table below shows attack categories split into online and offline attacks. Offline attacks require access to a database of scrambled or encrypted passwords, while online attacks would use normal user interface to test or obtain user passwords.
Experts like to say that we are responsible for our security on internet. I disagree as we are not born as security experts. Neither does common sense always makes sense as users can’t see what is going on behind flashy images on their monitors. Who is the real bad boy? Continue reading Looking for Adversary→
Banks simplify access to our bank accounts. They keep relaxing security while hoping to replicate the boiling frog story. The trouble is that no-one dies and someone will figure out – sooner rather than later.
I touch on a few things: using online banking to find valid card numbers, and date of birth, increasing chances for unauthorised access, lowering security of login credentials and changing role of debit cards.