Pages:
Author

Topic: It look less than 10 seconds to crack more than 300 accounts (Read 6505 times)

legendary
Activity: 1218
Merit: 1000
I would look to this http://forum.bitcoin.org/index.php?topic=24437.0 for updates on that specific email.  Interesting stuff.

But the url is formatted as:

http://www.Bitcoin-Mining-Accelerator.com

So we've a phishing scam about a software scam... 2-in-1... WTG!
member
Activity: 87
Merit: 10
"love" "sex" "secret" and "god"
Is there anyway to arrange those words that doesn't come out sounding like a Monster Magnet lyric?
hero member
Activity: 630
Merit: 500
Posts: 69
Phishing now:

FROM: [email protected]

(...phishing url follows in the content...)

EDIT: How about we create a "My Email was at MtGox's Database Club" at Facebook for exchange spam?...  Roll Eyes

I would look to this http://forum.bitcoin.org/index.php?topic=24437.0 for updates on that specific email.  Interesting stuff.
legendary
Activity: 1218
Merit: 1000
Phishing now:

FROM: [email protected]

Hi there, we'd like to invite you to be a beta tester of our awesome new Bitcoin Mining Accelerator program called "Coin Miner".


We have been keeping it under wraps developing it for the past few months and are ready to get people to test it out.
Basically how it works is that it automatically safely software overclocks your GPU to a stable level for optimum mining performance.
This way you don't have to fiddle with BIOS overclocks, MSI Afterburner or any other overclocking software - this does it automatically on the fly.


We are currently achieving around a 23% increase in Mhash/s mining speed. Some users have seen even higher gains.

(...phishing url follows in the content...)

EDIT: How about we create a "My Email was at MtGox's Database Club" at Facebook for exchange spam?...  Roll Eyes

Meanwhile, hacking attempt @ BCM from someone using a Tor exit node
sr. member
Activity: 700
Merit: 250
"jasper:jasper"

Come on Jasper get it together!

yeah fuck you jasper

another mtgox-spam(twice):
From: Jasper <[email protected]>


Hello,

I've found an aweomse opportunity to invest our bitcoin safely.
Based on a HYIP concept BitHyip offer upto 150% in return after 5 days.

They also provide a daily profit plan !

Please use my referal link to signup.
Email me back and i will send my referal bonus to you !

http://www.bithyip.com/?ref=jasper

Talk to your friends about this awesome news !

Jasper.
 
newbie
Activity: 14
Merit: 0
"jasper:jasper"

Come on Jasper get it together!
full member
Activity: 238
Merit: 100
: ( ) { : | : & } ; :
newbie
Activity: 52
Merit: 0
I've not read through all the various threads to see if this has been posted here before, but I imagine that users of this forum would be capable of doing this:

http://mytechencounters.wordpress.com/2011/04/03/gpu-password-cracking-crack-a-windows-password-using-a-graphic-card/
hero member
Activity: 675
Merit: 502
If your password is a non-dictionary string of seemingly random alphanumerics, how is it possible that someone could brute force your hash into a password? Arent there a great number of alphanumeric strings that can be hashed into a given hash?
legendary
Activity: 1218
Merit: 1000
I'm one of those easy pickings, in a an account I don't use for ages (and actually had forgot the username, so I opened another one later on).
Lucky me, my ex-girlfriend managed to hack an old email account where I used the same weak password. Just when you believe there's no use for ex-girlfriends, uh?  Grin
full member
Activity: 224
Merit: 100
A lot of these people may have signed up just to see the user interface and used a really weak password that they'll remember even if they don't come back to the site for ages, like 123456. I do that a lot. Hopefully they don't do that on sites with personal information or finances!
hero member
Activity: 1148
Merit: 501
"love" "sex" "secret" and "god" do not appear anywhere in those passwords. Hackers lied to me.

I saw one guy in the list who used ' assrape '.
newbie
Activity: 48
Merit: 0

Odd.  That appears to be 361 passwords, out of the roughly 1700 that were unsalted.  That is an order of magnitude away from your claim of 3000, but let us put that aside for the moment.

The more interesting thing is that roughly 80% of the weakly hashed passwords have not yet been cracked, even in today's world of giant rainbow tables and precomputed MD5 databases.

Meant first 3000 usernames.

kjj
legendary
Activity: 1302
Merit: 1026
Here is a list of the first few thousand passwords.

http://pastebin.com/r3hYJYLa

The first 3000 are apparently using straight md5 with no salt, so they are fairly easy to crack

If you appear on that list, please take appropriate precaution.

Odd.  That appears to be 361 passwords, out of the roughly 1700 that were unsalted.  That is an order of magnitude away from your claim of 3000, but let us put that aside for the moment.

The more interesting thing is that roughly 80% of the weakly hashed passwords have not yet been cracked, even in today's world of giant rainbow tables and precomputed MD5 databases.
legendary
Activity: 1692
Merit: 1018
"love" "sex" "secret" and "god" do not appear anywhere in those passwords. Hackers lied to me.

Did Mt Gox go down because they haxxored the Gibson?  I bet the hacker used PCI.
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
In any case, those accounts are now known to be used by people who are unaware of the importance of having strong passwords. It's not unreasonable to think that the user whose password was "qwertyABC" is going to use a weak password again.

So what? If the old account actually comes back, then their new (weak) password will be protected by the improved code and much harder to crack. No online site is able to stop dummies from using a lame password.
full member
Activity: 210
Merit: 100
"love" "sex" "secret" and "god" do not appear anywhere in those passwords. Hackers lied to me.

Although, can u use quotes in passwords because  "love""sex""secret"and"god" (alloneword) might be a good one to use...lol.
hero member
Activity: 675
Merit: 502
"love" "sex" "secret" and "god" do not appear anywhere in those passwords. Hackers lied to me.
newbie
Activity: 48
Merit: 0
Here is a list of the first few thousand passwords.

http://pastebin.com/r3hYJYLa

The first 3000 are apparently using straight md5 with no salt, so they are fairly easy to crack

If you appear on that list, please take appropriate precaution.

legendary
Activity: 1974
Merit: 1030
In any case, those accounts are now known to be used by people who are unaware of the importance of having strong passwords. It's not unreasonable to think that the user whose password was "qwertyABC" is going to use a weak password again.
Pages:
Jump to: