Hacked Syrian Officials Used '12345' As Email Password 231
Nominei writes "The Israeli newspaper Haaretz reports that the Syrian President, aides and staffers had their email hacked by Anonymous, who leaked hundreds of emails online. Reportedly, many of the accounts used the password '12345' (which their IT department probably warned them to change when the accounts got set up, of course)."
That's amazing (Score:5, Funny)
Re:That's amazing (Score:5, Funny)
It wouldn't surprise me if another anonymous hacker beat them to it and changed their addresses to 12345 for the lulz.
Re:That's amazing (Score:5, Insightful)
Why do you insult neanderthals?
Re: (Score:3, Funny)
Re:That's amazing (Score:5, Funny)
Oh, I see how it works. Sure, you let them clean your clothes, serve your food, teach your children. Heck, you'll even let them represent you politically (I've lived in DC, I've seen Congress). But the minute they display the first inkling of self-respect and self-organization, it's "Neanderthals aren't 'smart' enough", "Neanderthals are another species", "Neanderthals are extinct".
I see how it works, alright. You're afraid. Afraid to come out of your shell and admit your true feelings. It's easy enough to hate, but you're just to afraid... to love.
Re: (Score:3, Funny)
Mine is 54321 (Score:2)
No zero, sorry
Re:Mine is 54321 (Score:5, Funny)
Fool! passwords need to be 8 digits at least. Mine is 1234567891011 It goes to 11, for extra security.
Re: (Score:2)
It doesn't just use a few digits but is completely comprised of digits, making it unbreakable.
Re:Mine is 54321 UNREAL (Score:5, Informative)
Re: (Score:3, Informative)
That approach is Diceware, BTW,
http://world.std.com/~reinhold/diceware.html [std.com]
http://happycattech.com/book/security-applications-0 [happycattech.com] (MS Excel and OpenOffice Calc implementations)
Re: (Score:3)
Re: (Score:3)
The reason password lengths were limited is because people were retarded and storing the password in a database. Now, good policy dictates that you never store a password, only its hash and salt. The only reasons to limit length is to limit the bandwidth required in case someone decides to use the unabridged works of Shakespeare as his pass phrase.
Re: (Score:3)
0n3 7w0 7hr33 f0ur fiv3
Re:That's amazing (Score:5, Insightful)
I've got the same combination on my luggage!
Came for this, leaving satisfied!! This thread will go to plaid soon.
Syrians? (Score:2, Funny)
Re: (Score:2)
How soon?
http://www.youtube.com/watch?v=VeZ9HhHU86o
Re: (Score:3)
Awww c'mon, that was a subtle reference to Spaceballs!
Re:That's amazing (Score:5, Funny)
Re:That's amazing (Score:4, Funny)
In this case, the President is an asshole, too.
Well, yes. If you draw a Venn diagram of assholes and presidents, I am fairly certain that the latter is wholly contained within the former.
Re: (Score:2)
s/hole/hat/
Re: (Score:3)
s/hat/helmet
Re: (Score:3)
http://www.youtube.com/watch?v=K95SXe3pZoY [youtube.com]
Re: (Score:2)
You, sir, (Score:2)
are now the primary suspect of breaking into Syria's government networks. You obviously have access to privileged information. Prepare to be arrested...
Re: (Score:2)
They made a rockband sequel to Contra?
That's COOL!
Re: (Score:2)
Only 12345? (Score:5, Funny)
I thought that everyone knew to use at least 123456 as their password. After all that increases its security by an order of magnitude!
Re: (Score:2, Redundant)
oh no, eight is the minimum recommended length. 12345678 is the shortest secure password you should be using. or qwertyui. wait, please don't use that second one, it's my paypal password
Re: (Score:2)
Hey, some of them did ---> Password list on Pastebin [pastebin.com]
IT did warn them (Score:5, Funny)
then the IT guy got taken into the alley and shot in the head for his impudence.
Re:IT did warn them (Score:5, Funny)
Re:IT did warn them (Score:5, Funny)
Re:IT did warn them (Score:4, Insightful)
Should be scored as +1, in all likelihood, true.
Re:IT did warn them (Score:4, Interesting)
I don't know if Assad's quite that malevolent. I sure wouldn't have wanted to have been Uday Hussein's IT manager, that's for sure.
Re:IT did warn them (Score:4, Informative)
"I don't know if Assad's quite that malevolent. "
You watching the news at all these days? The man is ordering troops to kill anyone, collateral damage is not an issue. I'm just not certain who is worse, the leader of Syria or the leaders of Russia and China for backing that pile of shit.
Re: (Score:3)
I've heard this meme from my batshit right-wing zionist relatives, but I've never determined where it's coming from.
It seems to rest on some kind of question-begging with regard to US/Israeli foreign policy justifications, but it's so ludicrously extreme I can't see otherwise-intelligent people swallowing it without some evidence.
So what's the evidence at the root of this meme? Who in a position of any political power in America, from the municipal level on up, has any desire to advance the cause of the Mu
Incredibly stupid (Score:2)
Re:Incredibly stupid (Score:5, Funny)
Well, it was their own e-mail....
Speaking of which, people who don't put objects in their sentences shouldn't even have written them. ;)
Agree (Score:2)
Re: (Score:3)
Pfffft. You ever worked for a Director/VP or higher? Try telling them how to set their passwords. I've seen "boss", "super" and other motivational-poster-worthy simple words. And they want everything to auto-login. One of the last major worm outbreaks I encountered originated in the senior executive offices.
Okay, that was a few years ago. Maybe that company has learned a few
Re: (Score:2)
You know... (Score:4, Insightful)
Every time I go to pastebin.com and look at the hacked sites the passwords are always weak, extremely weak, virtually no one uses strong passwords.
Re:You know... (Score:5, Insightful)
Every time I go to pastebin.com and look at the hacked sites the passwords are always weak, extremely weak
No surprise there.
, virtually no one uses strong passwords.
Non sequitur. The published passwords are weak because that's the passwords that were easily cracked. Those who have strong passwords are underrepresented on the lists precisely because they have stronger passwords so they weren't brute-forced easily.
IT departments and well-meaning distro packagers have to take some of the blame too. I can't choose a password like Zph9vZZZ3tPseX4 because it has Z repeated 3 times, and contains a word found in a dictionary?
Fuck that then, I'll go with abcd1234 instead. Oh, and I have to change it every four weeks? Next time it will be 1234abcd, then abcd12345 and 12345abcd - catch my drift?
Re:You know... (Score:5, Insightful)
Every time I go to pastebin.com and look at the hacked sites the passwords are always weak, extremely weak
No surprise there.
, virtually no one uses strong passwords.
Non sequitur. The published passwords are weak because that's the passwords that were easily cracked. Those who have strong passwords are underrepresented on the lists precisely because they have stronger passwords so they weren't brute-forced easily.
Sure, but every now and then, some *site* uses a poor hash, which allows people like me to do research on password strength and frequency. These results don't exhibit the selection bias you're talking about, because they're a full dump of passwords on the site. This [dlitz.net] is just for one specific site, but I found that 36% of all passwords were easily discoverable using a rainbow table, 33% of passwords weren't unique, and 1 in 72 users had the password "super123" for some reason.
I actually had a list of email addresses and their corresponding passwords for the site. I wouldn't be surprised if a lot of these passwords could also be used to get access to their corresponding GMail/Yahoo/Hotmail accounts (but I didn't test it out, because I enjoy not being in jail).
Re:You know... (Score:5, Interesting)
Sure, but every now and then, some *site* uses a poor hash, which allows people like me to do research on password strength and frequency. These results don't exhibit the selection bias you're talking about, because they're a full dump of passwords on the site. This is just for one specific site, but I found that 36% of all passwords were easily discoverable using a rainbow table, 33% of passwords weren't unique, and 1 in 72 users had the password "super123" for some reason.
The link you provide supports that this is selection bias - he cracked 26025 out of 93688 passwords, and then made the brilliant deduction that boils down to "of those passwords that I easily cracked, most were found to be easily cracked". No shit, Sherlock.
Sure, that 36% of passwords are easily cracked is bad in itself, but that's another thing entirely. It can't be used as statistics to extrapolate anything using the word "most". It only applies to that subset of weak password.
I also have to arrest you for " I found that 36% of all passwords were easily discoverable using a rainbow table". This is incorrect. 100% of all passwords are easily discoverable using a rainbow table. 36% may be easily discoverable using a partial rainbow table, which is not the same thing.
Re: (Score:2)
So what you're saying is that MOST passwords were pretty decent (not discoverable using a rainbow table) then? That's a little different from the OP's assertion that "virtually no one uses strong passwords."
That depend on the system (Score:2)
Re:You know... (Score:5, Interesting)
yep never use the same user name or password for different sites you care about, at the minimum.
FTFY. I mean, really, nobody has the mental capacity to remember a unique, strong password for every titchy site they have an account on.
Me, I have a strong, unique password for the handful of things that deserve it (My workstation, email, banking, facebook) and then a common password that I use among all the other sites, that I really don't care about being compromised.
Re: (Score:2)
I mean, really, nobody has the mental capacity to remember a unique, strong password for every titchy site they have an account on.
Yes, I'm using a password manager for the rest (1password). It can also generate super-secure randomly generated passwords.
Re: (Score:2)
I use keepass for that the same way. However, after I got a smartphone I needed to retype all of those passwords. Yeah that's nice, to manually enter the 30 character random bytestring... I've since fallen back to a bit simpler scheme. The XKCD scheme works rather well.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
I think you mean: Virtually no one who uses strong passwords ends up with their password posted on pastebin.com for you to see. :P
Re: (Score:2)
Palin Popcorn Password (Score:5, Insightful)
Is this really 'hacking' when you guess the password?
Reminds me of the script-kiddie who 'hacked' into Sarah Palin's email account once he successfully guessed her password was 'popcorn'...
Wonder how he's doing in prison?
Re: (Score:2)
Is this really 'hacking' when you guess the password?
It is hacking if you manually enter a URL, so yes, guessing a password is hacking too. Basically, if people are not creative enough to think of how their security system might be defeated, then anyone who defeats it is a hacker (and deserves a jail sentence).
Re:Palin Popcorn Password (Score:5, Informative)
That never happened.
Someone guessed Sarah Palin's security questions (such as "Where did you first meet your spouse" with the answer of her high school in Alaska), and got into the account. Then the password was changed to popcorn.
Re: (Score:2)
No, he served nearly a year in prison. It was that punk kid who falsified evidence to shut down ACORN and who tried to wiretap a senator's office who got off with minimal punishment.
Re: (Score:2, Informative)
Not minimal, none. He got like 80 hours of community service. No fine and no jail time. The guy should be in jail for fraud and slander/libel at a minimum and for trying to tap a member of congresses phone he should be in jail for espionage. Anyone that thinks that jackass is a hero needs their head examined.
Re: (Score:2)
if he really was a kid when doing it, what do you expect? convicting him as an adult?
Re: (Score:3, Insightful)
He was 25, so yes, I do think he should be tried as an adult. He should be in prison, but he's not because Fox (and by extension their mindless viewers) adore him for his destruction of an organization that had the gall to try to help poor people.
Re: (Score:2)
*And to destroy our economy by getting said poor people mortgages they couldn't afford.
Re:Palin Popcorn Password (Score:4, Insightful)
You've confused your right wing memes.
ACORN, the group shut down after the faked videos, is the group that was going to destroy the country by letting poor people vote.
The keywords you want for "destroy our economy by getting poor people mortgages" are either Barney Frank or Fannie Mae/Freddie Mac.
Just pointing this out to help but if you want to keep your right wing memes straight, watch more Fox news.
Re: (Score:2)
his destruction of an organization that had the gall to try to help poor people.
By registering them to vote without telling them and then sending someone to vote for them, because after all, they knew how they really wanted to vote.
OK, that statement is hyperbole, but ACORN commttied systematic voter fraud in the entire country. And ACORN has not been destroyed, it has just changed its name and is happily continueing to collect taxpayer dollars (despite a law forbidding that) through "unaffiliated" affiliates and other shady techniques. Do a thorough study of ACORN's corporate structu
Re: (Score:2)
Reversing mods to say this...
Have you ever raked leaves for 80 hours?
Is it even hacking anymore? (Score:2)
When people use such stupid passwords, is it really even considered hacking anymore?
Conversely, does calling this hacking diminish the skills of those who actually know their security inside and out?
Re: (Score:2)
If nobody thought of a way that a security system could be defeated, then anyone who defeats that system is a hacker and has engaged in hacking.
Now I'll have to change my dadblasted passwords! (Score:2)
Assads email wasn't hacked (Score:5, Informative)
BAD PASSWORD: it is too simplistic/systematic (Score:4, Funny)
Leet Hackers (Score:2)
Don't shoot the messenger (Score:2)
* And by "change" I mean "shoot."
The headline gave me a headache (Score:2)
Comment removed (Score:5, Interesting)
Strong simple passwords explained (Score:2)
I know it's preaching to the converted with the above two posters, but it's worth looking at.
The passwords I give users from permutations of a word list make them laugh but they can remember them.
Old rumour regarding US nuke launch codes... (Score:2)
...apparently the launch keys for each and every silo-based ICBM were/are all "0000000000" (ten zeroes). Scary.
Re: (Score:2)
Okay, now that the hardest part is solved - where to punch them in?
Re: (Score:2)
I doubt they'd be connected via public WAN... or could the US Government possibly be that stupid??
Re: (Score:2)
Since the requirement for a password was forced on the military from the outside and they wanted the last man standing to be able to launch without being locked out they set the password to all zeros as a workaround for what they considered to be a stupid and dangerous restriction. I can see their point.
Hacker walk of shame (Score:4, Funny)
As the hacker saw much to his horror that the Syrian President's e-mail password was indeed 12345 he tried to break the connection but it was too late. Word had spread and all knew that his most important hack was one that a five year old could have bested. A week later the hacker was found with a gun in his mouth and the numbers "12345" scrawled across his walls. His last e-mail was a simple "Who uses 12345 as a password!" Other hackers said that it was a tragedy that he would be remembered for one lame hack. Word came later that day that the Syrian President had beefed up security by using his son's name as his current password. Hackers world wide turned away in disgust and refused to stoop to hacking some one that lacked even basic internet skills.
Some turned their attention to hacking President Obama's e-mail until it was found he used the password "Romneysucksballs". No hacker would dignify such a password with a hack. Later that day it was revealed that Bill Gates used "stevejobsisaweiner" as his password but most knew this was the case since the late 90s.
Re: (Score:2, Troll)
Gmail, Yahoo, Hotmail... (Score:4, Insightful)
Was it hacking? (Score:2)
Cracking..? (Score:2)
It's a good password (Score:2)
Maybe 12345 is really complicated in Arabic. Like MMMMMMMMMMMMCCCXLV.
Re:12345 (Score:5, Insightful)
Re:12345 (Score:5, Funny)
Or a couple of NSA agents looking at each other and saying "shit, I've got to go change my password."
Re:12345 (Score:5, Insightful)
Re: (Score:2)
Re:12345 (Score:4, Insightful)
Re:12345 (Score:5, Informative)
Governments will go to extreme lengths to avoid revealing when they have access to information that the "enemy" thinks is secure. The allies went to very extreme measures to avoid tipping the Germans off that they had access to all the communications that went out on the Enigma machine. This included letting their own troops be ambushed and killed and massive use of resources and manpower to cover up when they did use the information, such as flying a hundred aerial survey missions to cover up knowing the travel path of a sea convoy.
Re:12345 (Score:4, Insightful)
The air raid on Coventry. (Score:3)
The German air raid that almost destroyed Coventry was an example of this, The Brits knew it was coming but they also knew that the Germans were beginning to get suspicious. As a result, the British government felt that they had to let this air raid occur even though they knew many people would be killed.
Re: (Score:2)
The thing about, say, the CIA or Mosad, they would hack, but not reveal they had and just keep reading the emails as they came in.
Re:12345 (Score:5, Funny)
The Papal and Italian agencies turn to their roots for cipher strength: IIIIIIIVV
Re: (Score:2)
I count three prior to your post.
You either need to type faster or reload the page before deciding to comment.
Re: (Score:2, Insightful)
Really, Why weren't these accounts configured to expire on the first login, like most default passwords?
They are not configured to expire on the first login because most users never truly log in - they tend to access the services through point-and-drool applications that have no facilities for changing the password.
And even when they do log in, it's likely with dumbed down Windows terminal progs which for unfathomable reasons close the window immediately on disconnect, so the user won't have a chance to read why he was logged out and what to do about it.
So some admins take the easy way out and don't expire th
Re: (Score:3)
To be fair, the current Administration (NDAA) agrees with ASSad, just as long as you label them "terrorist" first ;)
Re: (Score:2)
more likely C) shot in the head for questioning his judgement