[Dailydave] phpbb.com hacked...
Robert Graham
robert_david_graham at yahoo.com
Fri Feb 6 18:12:23 EST 2009
I ran the passwords through an analysis program to gather statistics on them. I posted a summary of the results here:
http://www.darkreading.com/blog/archives/2009/02/phpbb_password.html
35% of passwords are 6-characters. Here is the top 20 list:
Here is the top 20 passwords from the phpbb dataset:
3.03% "123456"
2.13% "password"
1.45% "phpbb"
0.91% "qwerty"
0.82% "12345"
0.59% "12345678"
0.58% "letmein"
0.53% "1234"
0.50% "test"
0.43% "123"
0.36% "trustno1"
0.33% "dragon"
0.31% "abc123"
0.31% "123456789"
0.31% "111111"
0.30% "hello"
0.30% "monkey"
0.28% "master"
0.22% "killer"
0.22% "123123"
Why are "dragon", "master", and "killer" so popular? Since the phpbb dataset includes e-mail addresses, I'm thinking of e-mailing the people and ask them why they chose that particular password. Likewise, while I know that "trustno1" was a password used in the X-Files, I forget where "letmein" and "monkey" come from (I know they were used in movies/tv, I just forget which ones).
--- On Wed, 2/4/09, Dave Aitel <dave.aitel at gmail.com> wrote:
> From: Dave Aitel <dave.aitel at gmail.com>
> Subject: [Dailydave] phpbb.com hacked...
> To: "dailydave" <dailydave at lists.immunitysec.com>
> Date: Wednesday, February 4, 2009, 4:14 PM
> An interesting post on how a real site got hacked. You
> rarely see this
> level of detail.
>
> http://hackedphpbb.blogspot.com/
>
> -dave
> (kudos to Ryan Naraine for pointing this link out!)
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
More information about the Dailydave
mailing list