Thursday, October 08, 2009

Passwords on the Web

Somebody tried to post some 10.000 mailaccounts with passwords to pastebin.com. Bad idea, the post was truncated after ~ 10.000 lines, making the alphanumerically sorted list ending with B***.

Paul Dixon, aka Lordelph, the owner of pastebin.com (great idea for a website, btw) posted a blogentry about this here: http://blog.dixo.net/2009/10/07/pastebin-com-and-password-lists, you might get the rest of the story out of major media coverage.

While i really like the pastebin-concept i also like making fun of users contents: Doing a google-search for mailaccounts or password does reveal quite a few posts hosting passwords of different origins: There is are bulletin-boards complete userdatabase-dump, published by hacker-kids dissing other hacker-kids. There are gmail-accounts with passwords stored in scripts using the account for automatically sending emails or attachments.

I found a working facebook-account in another script.

And finally i found that google is not only indexing, but also caching the pastebin-entrys. So if you tag your pastebin-text with a lifetime of one day, or if you delete your pastebin-entry it is rather likely that searchengines have already indexed and cached your entry, thus totally subverting the TTL-concept of pastebin.

Seems like pastebin.com and its sisterprojects in other tlds (Thanks Paul for making the source available!) would be a nice place to spend the next procrastrinated afternoon.

Back to work now.

tom




3 comments:

consultation voyance gratuite said...

Really informative post. This blog provide very useful information for everyone and thanks for sharing.

voyance gratuite said...

Thank you for the good writeup. It in fact was a amusement account it. Look advanced to far added agreeable from you! By the way, how could we communicate?

sofy lefour said...

Bravo pour le blog et vos articles.
voyance mail gratuite