[olug] [OT] Password study.

DYNATRON tech dynatron at gmail.com
Thu Dec 21 00:37:38 UTC 2006


i think the value of the information was not myspace specific, but a good
survey of the password habits of your average internet user. as far as
ad/spyware installs on myspace, i have found that some of the banner
advertisers on myspace are scripting such things right into the page. you
can shut off scripting in your browser, but then myspace is lame as hell. so
i guess your better off just meeting people in person. i play music, and we
don't have the time or following to play live shows, so it's a great way to
get exposure. i don't think anyone could get anything of use from phishing
thier way into our account. they could steal our myspace identity, but
nothing important like financial info. however, for a famous person, this
could have disastrous results, and with fame comes infamy. with infamy comes
enemies. many celebrities and famous musicians use myspace as their
communicator to the fans. someone could hijack the account and post
something horrible in your name. something like that could seriously damage
anyone dependent on public opinion of themselves.

if i am remembering the recently posted myspace password article correctly,
i believe the author was impressed by the amount of passwords that included
a numeric character, but he was oblivious to the fact that myspace required
the use of at least one numeric character in the password. i know this
requirement to be true at the time that i created an account with myspace.
i'm not sure if they have always required it, or if they still do.

in my experience, it seems that people are becoming more lazy with password
as more and more non IT people are using computers every day.

one rule still seems to holds true in my experience:
1/4 of people would use no password, or the password "password" if given the
opportunity. this gives anyone a decent chance of being able to access
anyone else's logins. it's a similar trend with bank PIN's (birthdates,
etc.). don't even get me started on voicemail PIN's. i'd say any idiot can
guess 50% of voicemail PIN's.

i've found that pa55w0rd (or similar variation) is also a popular password
among n00bs when alpha-numerics are required. then, there's always the
popular "blank" password when it comes to windows machine logins. doing
residential PC services i get a good sampling of casual PC user password
habits. i think people are just too hooked to convenience. the risk of being
digitally jacked is more appealing to them than having to perform a few
keystrokes from memory every once in a while. i interpret it as kind of a
sad reminder of your average person's tendency to be downright lazy.

what is re-assuring about this is that so few people are victimized. it
tells me that most people are not out to steal your sh1t. most stolen
information seems to be collected by data miners who are building an
industry out the trade of other peoples personal information. this data is
invaluable to the PR/advertising industries, and i wouldn't be surprised if
a lot of this nefarious activity is being encouraged by large, "legitimate"
businesses.



On 12/20/06, Tim OBrien <IrishMASMS at olug.org> wrote:
>
>
> <quote who="Carl Lundstedt">
> [snipped]
> > Really, what does a compromised MySpace account get someone?
> [snipped]
>
> Lets' see, I have seen spamming, pishing, drive by spy/ad ware installs,
> other nefarious activities...
>
> --
> Timothy "Irish" O'Brien
> ----------------------------------------------
> A: No.
> Q: Should I include e-mail quotations after my reply?
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>



-- 
dynatron digital services
box 191 - 68037
www.dynatron.org
dynatron at gmail.com



More information about the OLUG mailing list