[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Fwd: Re: Looking at SSH scans passwords (honeypot analysis)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Fwd: Re: Looking at SSH scans passwords (honeypot analysis)
From: Michal <michal@xxxxxxxxxxx>
Date: Fri, 15 Jan 2010 11:24:23 +0000

On 14/01/2010 22:55, Elliot Fernandes wrote:
> What I can say is that, the person who was trying to access your honeypot was 
> using a wordlist, albeit of bad quality because the wordlist contains a large 
> degree of statistical randomness. For the most of us, passwords consist of 
> dictionary words, so a good wordlist would contain that and permutations of 
> it, not just gibberish. By the way, I've scouraged the internet for wordlists 
> and I've seen entries with !@#$%^&*( , !@#$% , !@#$ , !@# and the others 
> you've included.
> 

On an American Keyboard !@#$%^&*( is shift and the numbers 1 to 9, for
English it's !"£$%^&*( but as he said it's just wordlists filled with
that, thinking someone might use it as a password, which I guess is
possible, it's probably better then your husbands name for example, but
still shit

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA-1971-1] New libthai packages fix arbitrary code execution
Next by Date: [Full-disclosure] Cross site scriping Vulnerabilites in Testlink TestManagement and Execution System
Previous by thread: [Full-disclosure] [SECURITY] [DSA-1971-1] New libthai packages fix arbitrary code execution
Next by thread: [Full-disclosure] Cross site scriping Vulnerabilites in Testlink TestManagement and Execution System
Index(es):
- Date
- Thread