Phishers never give up, password theft protected pages? But what about password protected messenger application… No more to say check it out (lame)…

Link :: www.ourgodfather.com

Another Yahoo anti-phising (did you know?):

zahoo.com (also yahoo, for the ones that have inverted keyboard y-z)

A sterling case for two factor authentication if I ever saw one.

The rule is use two of the 3 methods of authentication, if possible use all 3.

1. What you have (A USB key or Token)
2. What you are (Biometrics – Fingerprint or Iris scan)
3. What you know (A password or passphrase)

More than 8 out of every 10 computer attacks against businesses could be stopped if enterprises checked the identity of not only the user, but also the machine logging onto its network, a report released Monday claimed.

The study, conducted by a California research firm and paid for by BIOS maker Phoenix Technologies, used data from cases prosecuted by federal authorities between 1999 and 2006 to reach its conclusions.

“We wanted to get an honest viewpoint that wasn’t opinion- or survey-based,” said Dirck Schou, the senior director of security solutions at Phoenix. The problem with acquiring data on computer attacks, including the amount of damage done, is that companies are often hesitant to admit to a breach. “That’s the beauty of this [data],” said Schou. “It’s only looking at those who have actually suffered an attack.”

Their point of view is implementing checking of the physical machine, or perhaps logically checking that it should be part of the network? Some unique ID for each machine generated from hashes of the parts perhaps.

According to the report, attacks based on logging in with stolen or hijacked credentials cost businesses far more, on average, than the typical worm or virus assault. When a privileged account is penetrated by an unauthorized user, the average damage runs to $1.5 million, the report said. The average cost from a single virus attack was much smaller: under $2,400.

“Cyber criminals who accessed privileged accounts obtained IDs and passwords through many means,” the report said. “Network sniffing, use of password cracking programs, and collusion with insiders. It was also common for employees to share their IDs and passwords with coworkers who later left the organization and used that knowledge to gain access.”

All common and fairly easy methods, perhaps it’s time people really took some effort to understand information security and the issues at hand.

Source: Information Week

Here are listed the most commonly occurring from the sample.

10. ‘thomas’ (0.99%)

First off, at number 10, is the most common format of passwords – the name. Thomas is a perennially popular name in the UK (2nd most popular in 2000), so it is perhaps no surprise that it makes the top 10, with nearly 1 in 1,000 people opting for this ubiquitous forename as their password.

We can only guess that there are a lot of fans of Thomas Jefferson or Thomas Edison out there! The high prevalence of Christian names only further reinforces the fact that loved ones are a common choice when it comes to passwords.

9. ‘arsenal’ (1.11%)

Football teams tend to be another popular choice, and the gunners fall in 9th place. This may or may not be reflective of the fact that the word ‘arsenal’ starts with a 4-letter swear word – another popular choice when it comes to passwords.

Arsenal are ranked 6th overall in average attendance rankings, and are the 2nd most popular football-related password.

8. ‘monkey’ (1.33%)

Quite why the monkey makes it into 8th place is beyond me, but the fact that it’s a 6-letter word (6 letters is a typical minimum length for passwords), is easily typed and is memorable probably helps cement its position as ideal password material.

Still, it’s quite worrying that there’s such a trend – perhaps the internet and monkeys are inextricably linked?

7. ‘charlie’ (1.39%)

Another name – nowhere near as common a name as No. 10, Thomas, but it’s our most popular name-based password overall.

Could of course, be a homage to a number of famous Charlies – Chaplin, Sheen, or those of a Chocolate Factory persuasion. Or, of course, it could just be the case that they’re referring to it’s slang usage.

6. ‘qwerty’ (1.41%)

I wonder where the inspiration for this one came from? Perhaps when faced with a blinking cursor and an instruction to choose a password people will tend to look to the things closest to them – which would explain why 1 in 700 people choose ‘qwerty’ as their password.

5. ’123456′ (1.63%)

Can you count to 6? It’s the most common minimum required length of password – and the 5th most common password.

4. ‘letmein’ (1.76%)

A modern-day version of ‘open sesame’ – and 1 person in 560 will type ‘letmein’ as their password. Quite why is beyond me.

I could be mistaken, but I have a hunch that ‘letmein’ has been featured in a movie or TV series – Fox Mulder’s password from the X Files – ‘trustno1′ – also ranked quite highly.

3. ‘liverpool’ (1.82%)

The most popular football team by some margin, Liverpool was the third most popular password overall. Does this mean that 1 in 550 people is such a devout Liverpool fan that they would be willing to entrust private data to the team they love?

Liverpool ranked 3rd in the average attendance ratings – leaving the 2 most popular teams, Manchester United and Newcastle United, out of the top 10 list – perhaps because they’re too long and difficult to type.

2. ‘password’ (3.780%)

Akin to pressing the ‘any’ key, when told to enter a ‘password’, it would seem that users aren’t the sharpest tool in the box – with almost 1 in 250 people choosing the word ‘password’.

1. ’123′ (3.784%)

With nearly 4 people in 1,000 opting for a simple numerical sequence as their password (it should be noted that there was no lower length limit specified), ’123′ must be the first thing a lot of people think of when asked to specify a password. One dreads to think what their PIN number might be!

Source: Modern Life is Rubbish