Comments on: Using Cloud Computing To Crack Passwords – Amazon’s EC2 http://www.darknet.org.uk/2009/11/using-cloud-computing-to-crack-passwords-amazons-ec2/ Ethical Hacking, Penetration Testing & Computer Security Tue, 14 Feb 2012 00:17:07 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: emerging http://www.darknet.org.uk/2009/11/using-cloud-computing-to-crack-passwords-amazons-ec2/#comment-160022 emerging Tue, 10 Nov 2009 16:00:35 +0000 http://www.darknet.org.uk/?p=2258#comment-160022 days ago i read an article about a super computer of a speed of 1.1 Tera for $14,519 is now available for public when i looked at the price i was just amazed. the price of that super computer is of a fraction compared to the prices above, so wont it be easier for who ever has the cash to buy such machines ?.i would buy one my self ;). so i guess the threat is real close and real as to the traditional ways of authentication. so at the price of cracking a 10 char upper/lower/symp password -60k us$- i can buy almost 4 of those nice machines and with parallel programing u have your own cloud at home. did u consider this ? days ago i read an article about a super computer of a speed of 1.1 Tera for $14,519 is now available for public when i looked at the price i was just amazed. the price of that super computer is of a fraction compared to the prices above, so wont it be easier for who ever has the cash to buy such machines ?.i would buy one my self ;). so i guess the threat is real close and real as to the traditional ways of authentication. so at the price of cracking a 10 char upper/lower/symp password -60k us$- i can buy almost 4 of those nice machines and with parallel programing u have your own cloud at home. did u consider this ?

]]> By: Michael Argast http://www.darknet.org.uk/2009/11/using-cloud-computing-to-crack-passwords-amazons-ec2/#comment-159977 Michael Argast Tue, 03 Nov 2009 18:21:43 +0000 http://www.darknet.org.uk/?p=2258#comment-159977 In many ways, the criminals were the first to innovate in the area of Cloud Computing. While services like Amazon/EC2 have been getting a lot of press lately, for several years you've been able to rent large botnets to send spam, launch denial of service attacks and crack passwords. The prices these botnets go for are orders of magnitude cheaper than EC2, and if they don't want to pay-to-play, the criminals can always build a new one themselves. Don't use the 'costs' above as any indicator as to the real world effort that criminals have to spend in order to break your passwords. Secure your password files, ensure remote access to your systems require tokens or 2-factor authentication, and use strong passwords. Michael Argast, Security Analyst, Sophos In many ways, the criminals were the first to innovate in the area of Cloud Computing. While services like Amazon/EC2 have been getting a lot of press lately, for several years you’ve been able to rent large botnets to send spam, launch denial of service attacks and crack passwords.

The prices these botnets go for are orders of magnitude cheaper than EC2, and if they don’t want to pay-to-play, the criminals can always build a new one themselves.

Don’t use the ‘costs’ above as any indicator as to the real world effort that criminals have to spend in order to break your passwords. Secure your password files, ensure remote access to your systems require tokens or 2-factor authentication, and use strong passwords.

Michael Argast, Security Analyst, Sophos

]]>