Security E: Hands on!
Compelling question: Do passwords really matter?
Notice: All but one of the tools covered today is open source or freeware.
1) Sniffing:
Read "A guide to sniffing out passwords and cookies" (and how to protect yourself against it) -- ASK
QUESTIONS if there are terms and/or concepts you don't understand. (Note: Wireshark is commonly
used)
-- Consider the disclaimer "to help find lost passwords and allow for penetration testing": A penetration
test, occasionally pentest, is a method of evaluating computer and network security by simulating an
attack on a computer system or network from external and internal threats. (Wikipedia)
Website Examples: Password Sniffer & Facebook Dump
2) Keylogger:
Sample Video of "Elite Keylogger"
Question: Why would antivirus software detect any such program as a threat?
3) "Brute Force" Attacks
In cryptography, a brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in
theory, be used against any encrypted data[1] (except for data encrypted in an information-theoretically
secure manner). Such an attack might be utilized when it is not possible to take advantage of other
weaknesses in an encryption system (if any exist) that would make the task easier. It consists of
systematically checking all possible keys or passwords until the correct one is found. In the worst case,
this would involve traversing the entire search space.
When password guessing, this method is very fast when used to check all short passwords, but for
longer passwords other methods such as the dictionary attack are used because of the time a bruteforce search takes. (Wikipedia)
A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list
called a dictionary (from a pre-arranged list of values).[1] In contrast with a brute force attack, where a
large proportion key space is searched systematically, a dictionary attack tries only those possibilities
which are most likely to succeed, typically derived from a list of words for example a dictionary (hence
the phrase dictionary attack). Generally, dictionary attacks succeed because many people have a
tendency to choose passwords which are short (7 characters or fewer), such as single words found in
dictionaries or simple, easily predicted variations on words, such as appending a digit. However these
are easy to defeat. Adding a single random character in the middle can make dictionary attacks
untenable. Unlike Brute-force attacks, Dictionary attacks are not guaranteed to succeed.
Tools galore (fuer alle Idioten): a) sample video b) YourtubeBRUTEFORCE.pdf and Crackstation.pdf
(dictionaries)
4) Password Manager:
a) Last Password video b) Keepass video (Techzilla)
TRY IT!!
Install both and compare and contrast.
End of section "walk away" awareness: Cleaning up our trail, knowing how to keep our browsing and
other Internet-related sessions secure (Incognito, Fog, VPN), AND how to manage SECURE passwords
are skills you should value at home AND in the workplace (with which you too will be all the more
valued).