Feeds

MS honeypot research sheds light on brute-force hacks

An idiot's guide to stronger passwords

Choosing a cloud hosting partner with confidence

Microsoft's honeypot-based research has highlighted common password mistakes, as well as shedding light on automated hacking techniques.

Attack data collected from an FTP-server honeypot revealed that most attacks attempted to log into administrator accounts (Administrator and the French equivalent Administrateur were by far the two most commonly attacked userIDs) using dictionary-based attacks.

Many of these brute force attacks were reckoned to originate from bot networks of compromised Windows PCs.

The most common attempted passwords in brute force attacks were (in descending order) password, 123456, #!comment:, changeme and Fuckyou. From the exercise, which lasted a year, Microsoft extrapolated general password advice for internet accounts that's just as applicable to consumers as sys-admins.

Security researchers at Microsoft recommended the use of hard to guess passwords featuring letters, numbers and symbols while noting "there are passwords in dictionaries that are even using special characters (for example #!comment: ), not only numbers and letters".

Web users would therefore be wise to choose a password featuring a combination of upper and lower case letters. Choosing longer passwords is also helpful, a blog entry on the research on Microsoft's Malware Protection Centre blog concludes.

A password-checking tool developed by Microsoft (here) allows users to check on the strength of the passwords they pick. ®

Beginner's guide to SSL certificates

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.