Monthly Archives: August 2012

How fast can your password be cracked?

Published August 28, 2012 | By Carlos M.

The question is not if your password can be cracked, it is how fast. Black Hat hackers (determined outlaws looking to steal on the internet) are using sophisticated yet affordable hardware to crack passwords.

PC processors constantly increase in computing power either by increasing the speed, the efficiency and/or the number of processors -or cores-, but hackers are now installing multiple graphic cards, which have incredible computing power to build mini supercomputers just to crack passwords. A PC running a single AMD Radeon HD7970 GPU, for instance, can try on average a mind boggling 8,200,000,000 password combinations each second, hackers have set up systems with 8 graphic cards that allow more than 16,000 cores cracking passwords at neck breaking speeds.

Most internet users have 25 accounts for which only 7 passwords are used and each is composed of 8 characters or less.

Leaks of password files have terrible consequences, because hackers get a picture of the passwords people are using instead of trying with completely random collections of letters, numbers and symbols, which makes things a lot easier for them. They use this knowledge to build dictionaries to try in any system forcing their way in EVEN FASTER.

Recently a client gave me his credentials for uploading a video and the combination was equivalent to User: ‘smith’ Password ‘smith123

That is a quite obvious and weak combination, and the website http://www.grc.com/haystack.htm tell us that the password will be cracked in 0.029 seconds in a massive attack. Let’s strengthen it:

 Changing it a little with some substitutions to:

Sm1t4!@3

(Using capital S, 1 instead of i, 4 instead of h and the symbols on top of the 1 and 2) still similar to ‘smith123’, is a great improvement since it will take 1.12 minutes to crack but if we pad it with symbols:

{}{}{}{}Sm1t4!@3{}{}{}

it will take a whopping 1.04 hundred million trillion centuries. There are determined hackers out there, but I can assure you they are not THAT determined. I can also bet you that your bank won’t be around by the time they crack the password. Once you type it a few times this becomes an outrageously strong yet easily remembered password.

 Here are recommendations on how to cover all your bases:

  • Generate looooong passwords like the one described above and store them in secure websites like http://lastpass.com or http://passwordsafe.com protected by an equally strong but memorable master password.
  • Generate a unique password for every account you use on the internet.
  • Change your passwords at least every 6 months. Change it immediately if you have the suspicion that security has been breached.
  • When signing in into websites make sure the address of the log-in page starts with https:// and not http:// it means that what you type is encrypted and attempts by others to eavesdrop on your connection to the server to which you are accessing are futile.

 

Posted in Security | Tagged , , , , , , | Leave a comment

Is Your Hosting Company Up To Snuff?

Published August 20, 2012 | By Carlos M.

Some of our new customers ask us: why can’t we host our site with Company X? It’s only $6.95 per month, much cheaper than your services. The answer is simple: Peace of Mind, and here is why:

Somebody recently called because a website hosted with Company X had been hacked and it had proven impossible for him to regain control over it. That is one of the scenarios where the difference is obvious. When a website is compromised (and any one can be) there are many operations that have to take place, and practically all require the highest level of access to the server and logs. This is called “root access”, the person doing the diagnostic must have constant communication with the systems administrator and work hand in hand. When you call Company X, a level 1 tech picks up the phone, he/she has a collection of scripts that are designed to make the call as short as possible and -if at all acting on the issue- send it to a level 2 tech. It frequently takes them up to 72 hours to do something on the trouble ticket. Meanwhile your site is down or worse: being used as a phishing platform or redirecting to another website in East Europe.

respond quickly to server issues

Who is looking after the server?

When you call for support at AMPHION you will talk with someone who will take responsibility for resolving your issue.

Weeks after the incident I’m not sure our caller has regained control on his site. At AMPHION we most definitely would have it solved in hours.

Security is not the only difference, our servers are monitored from 5 different locations around the world, so we know about any glitch before our customers do, and take corrective action. That is why our uptime has been better than 99.95% right up there with Google.

Servers are under attack everyday all over the world. If your website is important for your organization, who has your back will make a big difference. Can you wait days for it to be restored? If at all?

Posted in Hosting | Tagged , , | Leave a comment

Recent Comments

    Hosting Services | Video Production | Website Development

    Copyright © 2012. All Rights Reserved.

    Designed by AMPHION communications.