What is Digg?Sponsored by Dragon Age: Origins
Can't get enough Dragon Age: Origins? Check out new footage. view!
DragonAge.BioWare.com - EA presents BioWare's new dark fantasy epic Dragon Age: Origins. '9/10' from Game Informer.
102 Comments
- 6pintsofbitter, on 10/12/2007, -1/+62I just logged on to Arch 's account with it
- AssProphet, on 10/12/2007, -1/+49Most people? I think you don't realize how stupid most people are.
- shortkid422, on 10/12/2007, -0/+44That's the combo I have on my luggage.
- inactive, on 10/12/2007, -3/+43 Most common passwords used:
13 - cookie123
12 - iloveyou
12 - password
11 - abc123
11 - *****
11 - miss4you
9 - password19
9 - clumsy
8 - sassy
8 - summer06
8 - pablobob
8 - boobie
8 - *****
8 - iloveyou1
8 - tink69
8 - password1
7 - gospel
7 - terrete
7 - monster7
7 - marlboro1
7 - bitch1
7 - flower
7 - space
Thanks - 3monkeys, on 10/12/2007, -1/+35What I found funny was how the phisher's left there data unsecured. Of course some of this data is probably bogus (like the authors), but is a substantial data set and the conclusions are probably accurate.
- crilen007, on 10/12/2007, -2/+31Thanks for what? Only 13/20000 people used cookie123, have fun trying to get into someones account.
- grapeape25, on 10/12/2007, -0/+2611 - *****
I doubt this is a real password... other people probably realised it was a phising and just put this in, in hopes the phisher would read it. - inactive, on 10/12/2007, -1/+23@ the time of this post, Tom has 110928884 friends
The 20,000 phished users only account for 0.018% of total myspace users.
110928884 (users total) / 20,000 (users in sample size for passwords) = 5546.4442 users total per user surveyed.
If 13/20000 people had "cookie123" as their password, then 72,103.746 users total should have that password. At this rate, .11 of my 175 myspace friends SHOULD have that password.
Conclusion: GET AS MANY MYSPACE FRIENDS AS POSSIBLE.
Okay, why this really fails:
a - Tom gets new friends all the time
b - Not everyone is Tom's friend, making this an innacurate measure
c - 20,000 is an awful round number...
d - The "people knew it was phishing and just threw something in" excuse is possibly applicable.
e - insert other reasons - inactive, on 10/12/2007, -0/+2012345 isn't a common password? Shocking.
- isemism, on 10/12/2007, -0/+15Well, considering the demographic, I'd say yes.
- ahill7, on 10/12/2007, -0/+14And most people that respond to phishing aren't the brightest bunch to analyze regarding password complexity or security in general for that matter.
however, i like the approach and the research was soundly done...digg+ - Sh0cker, on 10/12/2007, -0/+14I'm willing to bet more than 12 out of 20K used password for their password. Closer to 12 out of 1000 more like it.
Not to mention...it doesn't matter if I have Capslock on or not, i get in with mine all caps, mixed caps, all lowercase. Myspace passwords are not case sensitive. - isemism, on 10/12/2007, -0/+13And a phisher is born...
- duster, on 10/12/2007, -0/+13pablobob is my new password for everything from now on
- isemism, on 10/12/2007, -0/+12"I consider strength two fine for a myspace account. It’s a basic password usually with upper or lower case and a number or symbol. " -
Except that MySpace's passwords aren't case sensitive...
That should be a FYI to the admins, if they actually have admins, and not just a bunch of monkeys bashing around in a datacenter.. which Im inclined to believe lately. - YankeesSuck, on 10/12/2007, -1/+12When you do that, you are simply confirming to the spammer/phiser that your email address is valid. Which leads to you getting more spam/phishing emails in the future.
Best bet is just to delete them. - inactive, on 10/12/2007, -0/+10I used to phish and crack for AOL screen names, I know it's lame, but the most common passwords without a doubt are:
password
abc123
red123
qwerty
***** - meez, on 10/12/2007, -1/+11http://duggmirror.com/security/Analyzing_20_000_MySpace_Passwords/
- coheedcollapse, on 10/12/2007, -0/+9Cookie cookie cookie starts with C.
In other notes, this has to be the easiest method to get passwords ever. I think like 98% of Myspace users don't have any technology knowledge apart of using some lame ass program to "pimp" out their profile page. (By Pimp out I mean make totally unreadable and fill with so many images, videos, and songs that it can slow down the most functional of browsers.) - yonas, on 10/12/2007, -0/+9*****. I have to change my password now.
- invader, on 10/12/2007, -0/+9ditto. i've given the '*****' password to a bunch of phishers
- 1shawn, on 10/12/2007, -0/+8This isn't surprising at all. Look at the age group we're talking about here. How many average 14 year olds do you think can identify an email scam, especially if it looks like the message originated from MySpace? Also, how many do you think actually take passwords and security very seriously? Probably not many. Yes, there are very intelligent teens that that take this sort of thing seriously, but definitely not the average teen.
- endtwist, on 10/12/2007, -0/+8ThaRub3x:
To find the most common passwords, create a script that just runs through each password on the list. For each password, simply add one to a counter for that password ($passwords['password']++)...then just print_r() the array when you're done. - adizzle, on 10/12/2007, -0/+8I don't know for how long, but myspace forces you to have a number and letter in the password. Might be a semi-recent addition.
- robdavy, on 10/12/2007, -1/+9I don't believe it. Of 20,000 people, the most common password (and only used by 13 people), is cookie123?!?
No chance.
I don't blame the author much, except that he's trusting very bad data. - jgtg32a, on 10/12/2007, -3/+101 2 3 4 5? That's amazing! I've got the same combination on my luggage!
- 3monkeys, on 10/12/2007, -0/+7@audiodude 'average' myspace user ... dumb. Sounds reasonable to me.
- doubledoh, on 10/12/2007, -0/+7I've been using the open source program KeePass for a couple of years. It kicks ass in that I can keep all my passwords in one place (great if you are a web dev with dozens of sites), it's secure itself and most notably: it can randomly generate super secure passwords and tell you exactly how secure they are:
http://keepass.sourceforge.net/ - Exploited, on 10/12/2007, -1/+8Actually every time I see a phishing attempt like this, I put ***** as the password. So it would be very plausable to assume that it is people messing around with the scammer.
Try matching the passwords to the emails and see if the emails are even valid. - m0laria, on 10/12/2007, -1/+8or maybe phreaking is compounded with phat for pretty hot and tempting, so really, phishing is "pretty hot and tempting fish"
- inactive, on 10/12/2007, -1/+8I wonder how many people actually went and tried that :)
- invader, on 10/12/2007, -2/+8when i see a phishing page, i usually run a script that submits the same thing over and over again, usually a couple hundred times.
on the flip side, i phished myspace a little over a year ago and got a few thousand accounts before i took it down. many of them still work. - inactive, on 10/12/2007, -0/+6Is this really the 'average' myspace user, if they were dumb enough to type their password into this form?
- neom, on 10/12/2007, -0/+6Hm, I never thought of that.. (that someone might think that!). Sorry, I was seriously just interested to see what people put as their passwords.
- inactive, on 10/12/2007, -1/+7god is too small, usually the sites require at least 4 or 5 characters...
- CypherXero, on 10/12/2007, -0/+6I could use this for an MD5 database I'm working on. I'm already up to over 9.5 million different words that have been hashed already, and it makes security auditing a much faster process.
- herro, on 10/12/2007, -1/+6buried because thats too damn long.
- diggapleaze, on 10/12/2007, -0/+5funniest comment on digg. ever. gold star for you.
- Chipsandsnacks, on 10/12/2007, -1/+6I can vouch for that
- ntnwwnet, on 10/12/2007, -0/+5Modding you down just saved me half of a page. Why would you post the ENTIRE text file!?
Find a cheap host somewhere. - duster, on 10/12/2007, -0/+5the author isn't exaclty trusting the data
- inactive, on 10/12/2007, -2/+7@mtnxfreeride
I was going to try and do something like that, but I couldn't figure out how to. If I ran all those passwords against a dictionary it would take a year. If you have any ideas I will code something up really fast. - apex32, on 10/12/2007, -1/+5That would explain why several of those passwords have a "1" appended to them.
- invader, on 10/12/2007, -0/+4go to myspace.com
you'll see plenty of 'average' myspace users. - jtjdt, on 10/12/2007, -0/+4I'm almost positive when a password says "F***You" it's because the person knows it's a Phishing attempt.
- Chipsandsnacks, on 10/12/2007, -0/+4Well of course I don't do it in emails, just phishing redirect pages.
- teknotant, on 10/12/2007, -0/+4Packet sniff your local collage campus/library you can easily get a few hundred, if not reach a thousand usernames and passwords in a few hours. Usually when you get the username and password of the Myspace account, you also have the username and password for their email as well (or other password protected services).
- Urusai, on 10/12/2007, -0/+4Packet sniffing? Oh the shame. The shame of plaintext authentication, that is.
- CharlesDarwin, on 10/12/2007, -1/+5Also, anybody that uses a dictionary word in their password is a ***** moron!
- lowerlogic, on 10/12/2007, -1/+4I know someone who used the password "*****" for their AIM account. I asked him how many characters his password was, and he said 7 - a 4 letter word and a 3 letter word. I then asked what the last letter was, and he said "u". After he logged off, the first thing I thought to try "*****", and it worked. I told him next time he logged in and he said he promptly changed the password on him AIM account and several other things that used the same password.
-
Show 51 - 100 of 102 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is