08-10-2014 02:23 PM
by Dan Goodin - Aug 10 2014
In the vexing pursuit of passwords that are both easy to remember and hard to crack, many people embed clues into their login credentials, choosing for instance, "playstationplaystationdec2014" to safeguard a recently created gaming account or "L0an@ w0rk!" for an IT administrative account at a financial services company. Now, a whitehat hacker is capitalizing on the habit with a tool that automates the process of launching highly targeted cracking attacks.
Dubbed WordHound, the freely available tool scours press releases, white papers, and Twitter accounts belonging to companies or sites that have recently suffered security breaches. The software then generates a list of commonly found words or phrases that attackers can use when trying to convert cryptographic hashes from compromised password databases into the corresponding plaintext passcodes. The tool, devised by security consultant Matthew Marx, was unveiled Wednesday at Passwords 14 conference in Las Vegas.
08-10-2014 03:35 PM
Helpful Webroot Links: