• Здраво и добредојдовте на форумот на IT.mk.

    Доколку сеуште не сте дел од најголемата заедница на ИТ професионалци и ентузијасти во Македонија, можете бесплатно да се - процесот нема да ви одземе повеќе од 2-3 минути, а за полесна регистрација овозможивме и регистрирање со Facebook и Steam.

Google станал "MD5 Cracker"?!

Статус
Затворена за нови мислења.
  • Ја почнал/а темата
  • #1

LiquidWorm

Администратор
26 март 2007
2,667
183
www.zeroscience.mk
Forgotten your password? Google can find it for you. Unfortunately

When a Cambridge University team wanted to break a hacker's password, they turned to Google - with startling results. But there's a lesson for you too..

There's a certain amount of crowing associated with hacking the blog of a security team - which might be why a hacker, apparently Russian, broke into the blog of the Cambridge University security team at the Light Blue Touchpaper blog.

He did it via some weaknesses in their Wordpress installation, upgrading himself from a plain "can post" user to an admnistrator of the blog using a zero-day (that is, previously unnoted) vulnerability, via SQL injection.

But the interesting part came later, when the team was clearing up. They could see the user, but what password had he used? All they had was the entry in the MySQL database for the password; but that had been loosely encoded (encrypted is too strong a word) using the MD5 hash.

You shouldn't, in theory, be able to extract the original text from an MD5 hash. That would take millions, or at least thousands, of computers running all the time.

But Steven Murdoch began thinking. Who is there out there who has thousands of computers running all the time? Um, everyone. And some might be generating MD5 hashes and putting them on the web...

He took the hash - 20f1aeb7819d7858684c898d1e98c1bb - from the database and stuck it into Google. Lo and behold, it turned out to be "Anthony".

So far, so trivial. Except this: if someone does the same trick on a site that you use, they might be able to get read access to the database. They'll be able to see the username and email associated with the MD5 hash. And, on the assumption that you use that password repeatedly, such a hacker could trawl the web looking for places you log in.

So: want to check the security of your favourite password(s)? First, use the MD5 hashing page here (it's a Javascript function; there's nobody grabbing your password, I'd wager, though if you want to feel safe and have OSX, go to the terminal and type md5 -s mypassword - though use your password, not mypassword.

Second, paste that code into your favourite search engine. If it returns no results - well done! You've evaded that hack, for now.

So, how did you do? (I passed. Phew.)

Hints if you failed: change that password to one which includes both letters and numbers.

And no, we don't know if the junior official at HMRC used MD5.
Извор: http://blogs.guardian.co.uk/technology/2007/11/23/forgotten_your_password_google_can_find_it_for_you_unfortunately.html

:))
 

Commie

Gaining Experience
27 октомври 2007
4,717
218
www.foxmediahouse.com
Liquid bas so drugar mi zboruvavme za ova deneska mi rece deka moze da vleze vo bazata na necija strana i da ja suredi i toa po istava postapka kako i ovoj deckovo gore sto go napravil so passwordot.
 
  • Ја почнал/а темата
  • #3

LiquidWorm

Администратор
26 март 2007
2,667
183
www.zeroscience.mk
dap, ova milsam deka eden od nacinite na koj raboti e so pomos na md5 crackerite sto gi imaat po nekoi od mnogute sajtovi a google samo indexira ;)
 

taranenik

Intern
12 јуни 2007
555
13
All they had was the entry in the MySQL database for the password; but that had been loosely encoded (encrypted is too strong a word) using the MD5 hash.

E mnogu jak password stavile slusaj, Anthony.
 

Aleks

Gaining Experience
18 мај 2007
5,748
288
Abe super e google :)) I jas imam na nego barano hashovi .. so nekoja srekja .. imam nekolku najdeno shto ispadnaa da se tocni :p
 
Статус
Затворена за нови мислења.

Нови мислења

Последни Теми

Статистика

Теми
43,504
Мислења
822,067
Членови
28,046
Најнов член
hittrajkovski
На врв Дно