Slashdot Mirror

← Back to Stories (view on slashdot.org)

Analyzing 20,000 MySpace Passwords

Posted by ryuzaki0 on from the thats-kinda-scary dept.

Rub3X writes "Author found 20 thousand MySpace passwords on a phishing site and did some tests on them. They were tested for strength, length and a number of other things. Also tested was the most popular password, and the most popular email service used when registering for myspace."

11 of 177 comments (clear)

  1. Author should have... by 10sball · · Score: 5, Funny

    spent some of that time analyzing the strength of his hosting plan

    --
    [place .sig here]
  2. 666 - myname by vrta · · Score: 5, Informative

    Most common passwords used:
    13 - cookie123
    12 - iloveyou
    12 - password
    11 - abc123
    11 - fuckyou
    11 - miss4you

    --
    Why don't sheep shrink when it rains?
    1. Re:666 - myname by rednip · · Score: 5, Insightful
      Most common passwords used:
      Really, it should read: the most commonly used passwords, by MySpace users who were targeted by and fell for a phisher.
      --
      The force that blew the Big Bang continues to accelerate.
  3. Passwords from hacker site = biased. by Vo0k · · Score: 5, Interesting

    Say, 10% of passwords contained on a site was obtained using a dictionary attack. Then perform analysis on these password. Conclusion that basing on statistically significant number of passwords (10%, >10000) almost 100% of passwords on the site are vulnerable to dictionary attack is simply wrong - the sample was biased.
    Similar about phishing-originated passwords. Phishing is a result of bad practices on user side, and usually clicking attachments in spam, using insecure browser and no antivirus is connected with using poor quality passwords. The results WILL show worse quality of user passwords than real simply because the passwords originate from subset of users who know less of security in general (and as result, got hacked.)

    --
    Anagram("United States of America") == "Dine out, taste a Mac, fries"
  4. Re:Slashdotted. by Anonymous Coward · · Score: 5, Funny

    It works fine for me. Post your Slashdot password and someone will login and check that your account isn't broken.

    Thanks,

    Slashdot Admin

  5. Re:Site Slashdotted by GotenXiao · · Score: 5, Funny
    Oh, the irony. Bottom of the page:
    Need a cheap host that can survive the Digg effect?

    Links back to that guy's host XD
    --
    Goten Xiao
  6. Re:Slashdotted. by tomhudson · · Score: 5, Funny

    How did you get the combination of my luggage?

  7. Re:Site Slashdotted by Anonymous Coward · · Score: 5, Funny
    Need a cheap host that can survive the Digg effect?

    Yes.. the Digg effect, not the slashdot effect ;)
  8. Re:Flawed by Zapman · · Score: 5, Insightful

    This is what it is. It's an analysis of passwords, obtained by a script kiddie's phishing site. The author makes no claims to 'analysing the strength of every myspace password' or some such. All the information you need to analyze his results are right there.

    He didn't 'choose' to study this... the data fell into his hands, and he offered analysis.

    This is a great little 'news for nerds' thing. The author says he has this data, he's smart enough not to publish it (just the analysis), he gives some interesting results from raw analysis of the 'data'. Take the story for what it is: Sunday morning on Slashdot.

    --
    Zapman
  9. Re:Almost by flooey · · Score: 5, Insightful

    "Really, it should read: the most commonly used passwords, by MySpace users who were targeted by and fell for a phisher" - or by people pretending to be MySpace users when targeted by a phisher - or by people giving a bogus password when targeted by a phisher.

    I'd imagine that's why fuckyou is up there so high. I sort of assume that's a message to the phisher rather than a real password.

  10. Ironically enough... by not-admin · · Score: 5, Funny

    At the bottom of his article it has an add for:
    'Need a cheap host that can survive the Digg effect?'

    That links to his webhost... Guess it doesn't survive it very well, eh?