Unsafe @ rootkit.com

Discussion in 'other security issues & news' started by CloneRanger, Feb 12, 2011.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Just by chance i came across a link to ALL the rootkit.com username accounts.

    r.gif

    Out of interest i went to the first page, which was Only one from the 45 pages there !

    p1.gif

    I was amazed at how many people used Very easily crackable passwords, such as,

    password,Password1,rootkit,1234,123123,123456,12345678,123456789,11223344 etc etc

    Many used really simple dictionary terms, and 3/4 letter words/names :p Not only that, but a lot of them used their real names as part of the email address too :D

    I understand that quite a number of them are/were just script kiddies etc, but you might expect them to be more savvy about such matters, obviously not :D So it's no surprise when we learn, or know about, plenty of "regular" internet users that also engage in similar unwise practices :(
     
  2. katio

    katio Guest

    It is a big problem but don't forget some are signing up with a nonsecure password because they don't care about that particular account and its security and some of these "real name" emails are bogus pseudonyms or in the case of skiddies even stolen accounts.
     
  3. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    What was rootkit.com about?
    I mean, what type of website it was before this :D
     
  4. katio

    katio Guest

  5. xer0syk0

    xer0syk0 Registered Member

    Joined:
    Oct 1, 2009
    Posts:
    7
    Interesting to see how a bit of social engineering was used to verify the root password (which had already been collected from listening to communications on HBGary servers):
    xhttp://pastebin.com/tSiQevxe

    The MySQL backup doesn't have the passwords in cleartext, and the main website that has the passwords is currently down (probably due to DDoS or something). I think there are copies lurking around many of the popular file sharing websites. Basically all in all, some of the leaders of the security industry basically just got destroyed due to loose ends.
     
    Last edited by a moderator: Feb 14, 2011
  6. hurzelpurzel

    hurzelpurzel Registered Member

    Joined:
    Nov 3, 2006
    Posts:
    14
    Meh, my password was not cracked. Shame. :D

    But my email address (created solely for that website) got leaked. Wow. I'm shocked. :rolleyes:

    Oh well, seems to pay of not to reuse passwords and use a password generator and 15-20 characters :D
     
  7. katio

    katio Guest

Thread Status:
Not open for further replies.