Sunday, May 16, 2010

Top 10 Passwords You Should Never Use

If you chose an easy-to-remember password, such as your user name or even the word "password," we advise you to change it right away. Easily guessed passwords can compromise your personal identity, privacy and financial accounts.

Researchers from the University of Maryland's A. James Clark School of Engineering in College Park have quantified how frequently unsecured computers are the victims of hacker attacks.

Here's the shocking news: On average, they happen to each unsecured computer every 39 seconds -- that's more than 2,000 times a day.

Hackers use a string of common passwords and user names to penetrate unsecured PCs. If you thought you were being clever by using your user name as your password, note this: Fully 43 percent of all password-guessing attempts simply re-entered the user name.









The top 10 most common passwords:
1. Your user name
2. Your user name followed by 123
3. 123456
4. password
5. 1234
6. 12345
7. passwd
8. 123
9. test
10. 1

On TV and in film, hackers have been portrayed as people with grudges who target specific institutions and manually try to break into their computers. But in reality, study leader Michel Cukier says, "Most of these attacks employ automated scripts that indiscriminately seek out thousands of computers at a time, looking for vulnerabilities. Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections. The computers in our study were attacked, on average, 2,244 times a day."

The team set up weak security on four Linux computers with Internet access, then recorded what happened as the individual machines were attacked. They discovered the vast majority of attacks came from relatively unsophisticated hackers using "dictionary scripts," a type of software that runs through lists of common usernames and passwords attempting to break into a computer.

The top 10 most common user names:
1. root
2. admin
3. test
4. guest
5. info
6. adm
7. mysql
8. user
9. administrator
10. oracle

What do hackers do once they gain access to your computer?
This was the most common sequence of actions:
-- Check the accessed computer's software configuration.
-- Change the password.
-- Check the hardware and/or software configuration again.
-- Download a file.
-- Install the downloaded program.
-- Run the downloaded program.

What are the hackers trying to accomplish?
"The scripts return a list of 'most likely prospect' computers to the hacker, who then attempts to access and compromise as many as possible," Cukier says. "Often they set up 'back doors' -- undetected entrances into the computer that they control -- so they can create 'botnets,' for profit or disreputable purposes."

A botnet is a collection of compromised computers that are controlled by autonomous software robots answering to a hacker, who manipulates the computers remotely. Botnets can act to perpetrate fraud or identity theft, disrupt other networks or damage computer files, among other things.

VIA: AOLDiscover

No comments: