As Stratfor continues rebuilding its Website after the cyber-attack in which email addresses of its subscribers and other personal details were leaked, the company is coming under fire for its weak passwords and security policies.
Attackers breached Strategic Forecasting and stole over 200GB of data belonging to individuals and organizations who registered to have access to its publications for global intelligence analysis on Dec. 24. Over 860,000 password hashes from the registration database has been dumped since.
The Tech Herald analyzed the leaked files and was able to crack 81,883 password hashes in less than five hours using common brute-force tools and basic equipment. "The system doing the cracking isn't the most powerful on the block, but it does the job nicely," Tech Herald's Steve Ragan wrote. The password lists were cracked using a free CPU based hash-cracker called Hashcat and various dictionary lists available online.
0 comments:
Post a Comment