Here I present the top 30 passwords taken from Troy Hunts haveibeenpwned.com/passwords website where he provides a great tool and resource to verify if your password is in a breach disclosed to Have I Been Pwned. He also released the SHA-1 hashes of over half a billion disclosed passwords to be downloaded for our own pleasure. From this I did a quick analysis.
Note, Troy did not release the plaintext passwords as some had sensitive materials; thus there was a little searching to convert these, but fortunately for us, or unfortunately depending on how you look at it, these were easy to Google/convert (e.g. put the hash into Google and find a match). It's no surprise that number sequences and keyboard patterns make up the bulk of the list. One outlier was "myspace1" which was identified 707,334 times in breach disclosures. This is likely due to the breach of passwords from the website myspace.com and users using "myspace1" to meet minimum password requirements. The infamous "password", "password1", "iloveyou", "monkey", and "dragon" appear in the top 30. People love password monkey dragons! Enjoy!
0 Comments
In this document I analyze the Windows NT Architecture and it's implementation of the Security Reference Monitor model. It identifies gaps and strengths in the implementation from Windows 2000 through Windows 10 and Windows Server 2012R2. The bottom line is, Windows NT is a complex, flexible, robust system, however, it also supports so many capabilities that a simple security model and implementing basic security reference model principles hinder true secure operations. The Operating System can, of course, be hardened, however, the basic structure presents challenges which would need many other systems to provide compensating security controls as well as mitigations and detective controls. I'll still use Windows, however, a complete redesign of their security reference monitor implementation may be required to provide a secure, auditable, and tamper-resistant operating system. This document was created for an assignment in my Cyber Security Operations and Leadership program at the University of San Diego. |
AuthorI am a Doctoral Scholar at Colorado Technical University and a graduate of the Cyber Security Operations and Leadership program from the University of San Diego. I work in cybersecurity, and have accumulated twenty years in the IT industry. There are few IT roles I have not performed, which gives me great insights into making sense of all the IT confusion. Archives
February 2022
Categories
All
|