Author Topic: All ur passwords r belong to google  (Read 1950 times)

Offline W1nTry

  • Administrator
  • Akatsuki
  • *****
  • Posts: 11329
  • Country: tt
  • Chakra 109
  • Referrals: 3
    • View Profile
  • CPU: Intel Core i7 3770
  • GPU: Gigabyte GTX 1070
  • RAM: 2x8GB HyperX DDR3 2166MHz
  • Broadband: FLOW
  • Steam: W1nTry
  • XBL: W1nTry
All ur passwords r belong to google
« on: November 22, 2007, 08:22:52 AM »
....
Quote
Google can crack passwords

Don't post it online

By Egan Orion: Wednesday, 21 November 2007, 6:38 PM

A CLEVER bloke into security research at the University of Cambridge computer lab wrote in his bog last Friday that he's discovered Google works as a password MD5 hash cracker.

Someone had hacked into his bogsite a few weeks ago and created a user account. After he quickly disabled the rogue account, Steven J. Murdoch did some forensics work -- he's doing academic security research, remember -- and thought to figure out the attacker's password.

Since his bogsite uses Wordpress, which stores passwords as unsalted MD5 hashes in its user database, he tried a dictionary attack. That didn't find any match, even with numbers added to the ends of words. He then used a Russian dictionary, because shell code that had been installed by the attacker had Russian in the comments. No word matchup there, either.

Murdoch writes that he could have found or written a better password cracker. He could have varied the case of letters, added symbols to the mix, or used common substitutions of numbers for letters, but he didn't want to spend more time. Instead, he turned to Google.

He plugged the raw MD5 hash of the attacker's password into a Google search and, voila, Google found him some matches. One was a geneology page for people with the surname of "Anthony" and another was a real estate advertisement placed by a guy named "Anthony".

Murdoch writes, "And indeed, the MD5 hash of 'Anthony' was the database entry for the attacker. I had discovered his password."

In both cases, the target hash was embedded within a URL. It seems MD5 hashes are often used to index webpages, with the input to the MD5 algorithm being the webpage's name.

He concludes, "Because of this technique, Google is acting as a hash pre-image finder, and more importantly finding hashes of things that people have hashed before. Google is doing what it does best -- storing large databases and searching them. I doubt, however, that they envisaged this use though."

So don't go typing your passwords into pages that get posted on the worldwide interwibble. µ

Carigamers

All ur passwords r belong to google
« on: November 22, 2007, 08:22:52 AM »

Offline daniboy79

  • Kage
  • ****
  • Posts: 1004
  • Chakra 9
  • Referrals: 0
    • View Profile
Re: All ur passwords r belong to google
« Reply #1 on: November 22, 2007, 09:09:48 AM »
but... everything uses passwords on www.  :violent5:

"am i going to die?"

Antec 900
Gigabyte EP35-DS3L
Intel Q6600 with Tt TMGi1 HSF
2GB Crucial Ballistix Tracer PC2 6400 (4,4,4,12)
eVGA GeForce 8800GTS 640MB
Maxtor-DM21 250GB  SATAII
Seagate 500GB SATAII
Acer AL2223Wd 22" Monitor
Logitech Z5500 5.1 Surround Monitors

Offline W1nTry

  • Administrator
  • Akatsuki
  • *****
  • Posts: 11329
  • Country: tt
  • Chakra 109
  • Referrals: 3
    • View Profile
  • CPU: Intel Core i7 3770
  • GPU: Gigabyte GTX 1070
  • RAM: 2x8GB HyperX DDR3 2166MHz
  • Broadband: FLOW
  • Steam: W1nTry
  • XBL: W1nTry
Re: All ur passwords r belong to google
« Reply #2 on: November 22, 2007, 09:59:46 AM »
I think what they mean dani is don't put your passwords on any site or mail correspondence, but then you should know that already.

Offline daniboy79

  • Kage
  • ****
  • Posts: 1004
  • Chakra 9
  • Referrals: 0
    • View Profile
Re: All ur passwords r belong to google
« Reply #3 on: November 22, 2007, 10:16:37 AM »
ahh, sweet!

good thing i keep my passwords in my...  :nono:
Antec 900
Gigabyte EP35-DS3L
Intel Q6600 with Tt TMGi1 HSF
2GB Crucial Ballistix Tracer PC2 6400 (4,4,4,12)
eVGA GeForce 8800GTS 640MB
Maxtor-DM21 250GB  SATAII
Seagate 500GB SATAII
Acer AL2223Wd 22" Monitor
Logitech Z5500 5.1 Surround Monitors

Carigamers

Re: All ur passwords r belong to google
« Reply #3 on: November 22, 2007, 10:16:37 AM »

 


* ShoutBox

Refresh History
  • Crimson609: yea everything cool how are you?
    August 10, 2022, 07:26:15 AM
  • Pain_Killer: Good day, what's going on with you guys? Is everything Ok?
    February 21, 2021, 05:30:10 PM
  • Crimson609: BOOM covid-19
    August 15, 2020, 01:07:30 PM
  • Shinsoo: bwda 2020 shoutboxing. omg we are in the future and in the past at the same time!
    March 03, 2020, 06:42:47 AM
  • TriniXjin: Watch Black Clover Everyone!
    February 01, 2020, 06:30:00 PM
  • Crimson609: lol
    February 01, 2020, 05:05:53 PM
  • Skitz: So fellas how we go include listing for all dem parts for pc on we profile but doh have any place for motherboard?
    January 24, 2020, 09:11:33 PM
  • Crimson609: :ph34r:
    January 20, 2019, 09:23:28 PM
  • Crimson609: Big up ya whole slef
    January 20, 2019, 09:23:17 PM
  • protomanex: Gyul like Link
    January 20, 2019, 09:23:14 PM
  • protomanex: Man like Kitana
    January 20, 2019, 09:22:39 PM
  • protomanex: Man like Chappy
    January 20, 2019, 09:21:53 PM
  • protomanex: Gyul Like Minato
    January 20, 2019, 09:21:48 PM
  • protomanex: Gyul like XJin
    January 20, 2019, 09:19:53 PM
  • protomanex: Shout out to man like Crimson
    January 20, 2019, 09:19:44 PM
  • Crimson609: shout out to gyal like Corbie Gonta
    January 20, 2019, 09:19:06 PM
  • cold_187: Why allur don't make a discord or something?
    December 03, 2018, 06:17:38 PM
  • Red Paradox: https://www.twitch.tv/flippay1985 everyday from 6:00pm
    May 29, 2018, 09:40:09 AM
  • Red Paradox: anyone play EA Sports UFC 3.. Looking for a challenge. PSN: Flippay1985 :)
    May 09, 2018, 11:00:52 PM
  • cold_187: @TriniXjin not really, I may have something they need (ssd/ram/mb etc.), hence why I also said "trade" ;)
    February 05, 2018, 10:22:14 AM

SimplePortal 2.3.3 © 2008-2010, SimplePortal