Windows security is sad. Although most of you have probably already read my article about using strong passwords, even the strongest passwords won’t keep your Windows login account from being penetrated. In fact, it takes only a couple of minutes to gain complete access to a Windows system using nothing more than a free CD ROM.

Now, if there is any good news – people are constantly locking themselves out of their personal laptops and home computers by forgetting the password. And recently I’ve had two different friends do this within a period of a couple of days. So you guys know how this works… when I start getting requests, I document the solution.
Read the rest of this entry »

Folks, I was at the airport and I popped open my laptop to hop on the net and upon doing so I encountered a seriously sneaky bastard. Do you see anything wrong with the image below?

Well, hopefully you notice the little icon of a laptop beside the network entitled “Free Public WiFi”. This is NOT a free wireless access point, but instead a laptop computer that someone has configured to capture your personal data and rob you blind.
Read the rest of this entry »

I wouldn’t actually do this, but for some reason I’m just fascinated with these unbelievably simple methods of circumventing the system.

Just like the How to Pick a Padlock, this method of using a coin operated washing machine for free is so simple it makes you wonder how they would ever collect any money in these machines!
Read the rest of this entry »

Here is a demonstration of how to open a padlock in 1 minute or less using nothing more than scissors and a coke can.
Read the rest of this entry »

If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?

Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.

1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
2. The last 4 digits of your social security number.
3. 123 or 1234 or 123456.
4. “password”
5. Your city, or college, football team name.
6. Date of birth – yours, your partner’s or your child’s.
7. “god”
8. “letmein”
9. “money”
10. “love”

Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…
Read the rest of this entry »

Twitter Comments

	aj_wood RT @johnpoz: How I'd Hack Your Weak Passwords http://onemansblog.com/passwords
	Re-Tweet | Reply | View Tweet

	VictorKubik RT @johnpoz: How I'd Hack Your Weak Passwords http://onemansblog.com/passwords
	Re-Tweet | Reply | View Tweet

	GarysBit www.HerfertSoftware.com - Importance of Strong Passwords - see how easy it is to hack weak passwords - http://onemansblog.com/passwords
	Re-Tweet | Reply | View Tweet

	GarysBit Importance of Strong Passwords - see how easy it is to hack week passwords - http://onemansblog.com/passwords - www.HerfertSoftware.com
	Re-Tweet | Reply | View Tweet

	ccostan RT @johnpoz: "How I'd Hack Your Weak Passwords" was featured on NPR, and has been read over 1MILLION times! http://onemansblog.com/passwords
	Re-Tweet | Reply | View Tweet

	jdblundell RT @johnpoz: "How I'd Hack Your Weak Passwords" was featured on NPR, and has been read over 1MILLION times! http://onemansblog.com/passwords
	Re-Tweet | Reply | View Tweet

	loumacuser "How I'd Hack yr Weak Passwords" was featured on NPR, & has bn read ovr 1MILLION times! http://onemansblog.com/passwords (via @johnpoz)
	Re-Tweet | Reply | View Tweet

	johnpoz "How I'd Hack Your Weak Passwords" was featured on NPR, and has been read over 1MILLION times! http://onemansblog.com/passwords
	Re-Tweet | Reply | View Tweet

Have you ever come across a link in a blog post or from a Google search to a Web site that essentially wanted you to either register or pay to access the content? Well, it just so happens that most of the sites that make you register allow Google to come right on in because they want their content indexed so that people will find it, come to their site, and register!

Given that information, all we need to do now is convince the Web site that we are Google. The way to do that is to change a setting, called the User Agent, in the Windows registry which gets fed to the Web server in question.

I’ve put together an easy way to do this for myself, and I’m sharing it with the world in case anyone else would like to do so as well.
Read the rest of this entry »

Damn it! I’ve been preaching this for years but I don’t think many people are listening. Security practices in the Internet era have to change! We are way, way behind the technology available and it’s costing far more not to do anything about it than to fix the problems.

For example, the UK government estimates that ID theft costs the nation £1.7bn every year. Let’s see, that’s 1.7 billion divided by 60 million people or £28 per year, for every man, woman, child, infant, invalid and 90 year old in a nursing home. You could equip every person in the country with a fingerprint reader or secure ID token for a fraction of that cost and practically eliminate this huge – and growing – threat.
Read the rest of this entry »

I hate to be the one to continually complain about security, but that doesn’t mean I won’t keep doing it. I would estimate that 95% of people are FAR too lax when it comes to security measures, and that another 4% are just plain old lax.

This latest story focuses on a concept called social engineering as a weak link in the chain (among other issues). Social engineering is the process of causing a security breach through submersive human interaction – in this case fooling bank personnel into believing you are someone you are not.
Read the rest of this entry »

What’s so scary about this little blue pill? Well, it represents the prototype for a (currently) completely untraceable, and therefore unrepairable, new type of software which can infect a computer with malware.

The only good news is that the person alerting the world to this new menace is the ethical hacker/researcher who invented it. Joanna Rutkowska is a security researcher who is making her findings public in order to allow the entire security world to work on the issue. While is is probably not a threat to your current machine, it does use technology planned for upcoming PCs.
Read the rest of this entry »