Saturday, September 3, 2011

Unsafe Password Management Practices

MORTO Windows Worm spread by attacking weak passwords

Did you know that 35% of all data breaches are a result of lost, stolen or compromised personal computers? That means that although companies invest in numerous technologies to protect their information, they have a 35% gap in their security plan on PC’s.

The result of poor password management and insecure systems is all too evident in the press lately with thousands of password breaches for Sony Playstation Network, Gawker media’s sites, RockYou.com and many others.

The new password -guessing Windows worm “Morto” is spread by attacking weak passwords. “Morto” takes advantage of the fact that so many computers, servers and networks secure the front door with a simple hook ‘n’ latch security system. It is not that passwords are insecure, but rather how users pick and manage their passwords.

Morto works by attempting to log in to accounts using a series of incredibly weak passwords, such as “12345,” “admin,” “password,” and “test,” along with some brute-force dictionary guesses. It also attempts overly common logon names, including “administrator,” “admin,” “backup,” and “sql.”

With increasing amounts of personal information available online through social networking sites and other sources, many users are putting themselves at increased risk by using weak passwords based on known things such as the name of a child or partner.

This particular worm highlights the importance of setting strong system passwords

No comments: