Back to blog

make love, not bruteforce – the importance of passwords

23/09/2014 - Posted in internet , security Posted by:

Tags: , ,

You just have to love the internet. Warkittehs, Youtube, background noise,  almost unlimited knowledge(makes Alexandria look like the local library) and of course getting hacked. I was just browsing the internet and procrastinating a little bit while my phone and mail program went nuts. A quick glance at the subject tells me “[deus ex machina] Too many failed login attempts”. Usually i get attacked occasionally by like some mass scan and brute force tool that moves on after a few tries, but this time the attacker was a little more persistent – still brute force though.

brute force notifications. I got three more while writing this post

This post is more directed at people who think that the internet is just the thing they use to browse for whatever they desire. You should know that the internet is never dormant. There is war out there and you can get hit easily if you step out of the safe boundaries of your home router. The router is basically your great firewall. It blocks all incoming connections that were not opened from behind the router, and believe me that saves you a lot of scanning and brute forcing. I have several ports forwarded to machines inside my network. Ports i use to connect to my server while i am not at home. This is fine as long as you know what you are exposing, update your software and most importantly choose strong passwords. I encourage you once again to use a password manager like the ones i mentioned in an earlier post. My server gets attacked around 10-15 times a day and it seems someone found my blog – i feel honoured. My server and blog are not very popular so imagine a big site like Facebook or Youtube. The only thing that keeps the attackers, we are talking about brute forcing now, out are strong passwords. There are lists with passwords from previous hacks of websites that contain commonly used passwords. In fact passwords are so bad that you can log into a ton of accounts by just taking the freely available lists and run them through your program. Be smarter, be better and don’t let someone embarrass you on Facebook or Twitter just because your password was “monkey”.

List size vs # of cracked accounts with various lists*

TL;DR;

Use strong passwords, especially when you open an attack surface via port forwarding.

*image courtesy of skullsecurity – if you want me to remove it please contact me and i will do so.

Leave a Reply

Your email address will not be published. Required fields are marked *