Friday, January 5, 2007

MySpace - 20.000 passwords stolen !








20.000 passwords MySpace.com: results of one phishing

Phishing is a creation of similar sites with the purpose of reception of the confidential information and a robbery of trustful users.


Surprisingly as christmas countdown graphic myspace many people fall into clutches phishers. It would seem also preventions everywhere hang, and post clients show preventions, but all the same - people brings down and brings down clock countdown myspace wedding. However sometimes and phishing it can be useful.
In one fine day I have received the letter from Admin@MySpace.com with the request to pass under the reference and to enter the password for check. It was clear, that people entice my data from account MySpace. To please burglars I has entered it not true data. The pleasant fact for me became that in the catalogue where the script of processing laid, the file with the collected logins and passwords - about 20.000 pieces laid also! Certainly I download it and parsered it.
Results have seemed to me curious enough. Some myspace passwords were simply awful, the some people have simply chosen "password"! The Behaviour of people in the Network simply does not give in I understand... Results of my research are those.

Let's consider length of passwords:




Actually and all right with it, with long if passwords were in the different register. However the majority of the got passwords just stayed in the same register.
Do not use passwords containing a word myspace: myspace layout, myspace background, pimp myspace, 123 code myspace, myspace video, music myspace...

Further I have tested passwords on stability. For this purpose has written simple PHP a script:

function CheckPasswordStrength($password)
{
$strength = 0;
$patterns = array(’#[a-z]#’,'#[A-Z]#’,'#[0-9]#’, '/[¬!”£$%^&*()`{}\[\]:@~;\’#<>?,.\/\\-=_+\|]/’);
foreach($patterns as $pattern) {
if(preg_match($pattern,$password,$matches)) {
$strength++;
}
}
return $strength;
}


One spot is charged for letters in the bottom register, one more - for letters in the top register, one - for symbols and one for special simbols. For example, all my bank and post accounts receive four spots, passwords from forums and useless enough -three. It seems to me, it is true enough system of an estimation.



Well and at last special work has not made to define the most popular passwords.

13 - countdown cute myspace
12 - code countdown counter myspace
12 - baby clock countdown myspace
11 - banner countdown myspace
11 - countdown eve myspace new years
11 - countdown flash myspace
9 - birthday blog countdown myspace
9 - blingybob countdown myspace
8 - countdown graduation myspace
8 - blog countdown generator myspace
8 - countdown create myspace
8 - countdown myspace page
8 - countdown happy myspace new year
8 - countdown make myspace
8 - countdown myspace vacation
8 - countdown generator myspace timer
7 - countdown layout myspace
7 - blingy blob countdown myspace
7 - countdown myspace time
7 - birthday countdown myspace timer
7 - myspace music video
7 - myspace countdown custom
7 - countdown custom myspace


MySpace the beginnings the active policy of protection of own users after of some incidents, negative image affecting its authority. One of the steps undertaken by lawyers of the company, became removal of the prevention to two webmasters, thought up a smart code by means of which it is possible to trace, whether there is in a network this or that user MySpace.
It is necessary to note, that actions of lawyers have rendered a positive effect on businessmen who have understood, that thus they will not manage to achieve glory and money. Site SingleStat.us which carried out functions of "monitor" of users MySpace .com, has been closed later ten days after its owners have received the written prevention.

For the services businessmen asked a symbolical payment from the registered users, thus, intending to receive profit due to the big number of clients of the service.

No comments: