brute force

(get it in RSS or Atom)

OpenSSH password guessing attacks may be 10,000 times easier than you thought

An interesting problem with OpenSSH has been publicised on the Full Disclosure mailing list.

We TOLD you not to use WPS on your Wi-Fi router! We TOLD you not to knit your own crypto!

Belkin is the latest router vendor to be found relying on "non-secret secrets."

Paul Ducklin looks at the router equivalent of locking the key to the company safe in the top drawer of your desk...

SSCC 190 - The CeBIT 2015 edition [PODCAST]


Recorded right on the Sophos booth at the CeBIT show in Hannover, Germany.

Here's the Fifth Anniversary edition of our weekly podcast...enjoy!

SSCC 171 - Are you SURE that "1234" is a bad password? [PODCAST]

Here's the latest Chet Chat podcast for your listening pleasure...


Do we really need strong passwords?

Short password

The idea that computer users should use long, complex passwords is one of computer security's sacred cows.

But is is really necessary?

Mark Stockley investigates...

Anatomy of an Apple theft protection bypass - and how to avoid it


A tiny but intriguing open source project entitled iCloudHacker attracted interest over the weekend.

It claims to "bypass Apple's theft protection" - and although that's streching the truth a bit, it has some lessons to teach us about encryption...

LG TVs grab data, GitHub attacked, vBulletin breached - 60 Sec Security [VIDEO]


How honest is your TV? Why do crooks like source code hacks? Should you brag when you publish a breach notification?

Find out now in 60 Second Security.

GitHub users with weak passwords - you have been warned!

GitHub, one of the world's biggest online repositories of software source code, is warning users to jolly well shape up when it comes to login security.

Of course, GitHub isn't saying it quite like that (it is being more polite)...but we are!

Windows Picture Passwords - are they really as "easily crackable" as everyone's saying?


Following a USENIX paper about the security of Windows Picture Passwords, you may have read that they are "easily crackable."

Paul Ducklin wondered about that, and tried to come up with a balanced view...

Winners of the BH2013 #sophospuzzle - and how to solve it!


Here are all the winners in the recent BlackHat 2013 #sophospuzzle.

And, of course, an explanation of how to solve it.

Android security fail, Cryptocat tartan, Nintendo crack - 60 Sec Security [VIDEO]


Are cryptographic holes the new buffer overflows?

Take a look at this week's 60 Second Security video and let us know what you think!

Anatomy of a change - Google announces it will double its SSL key sizes


Google just announced that its secure web pages will be ditching 1024-bit RSA keys in favour of 2048 bits.

We look at the lessons to be learned from whats, the whys and the wherefores of this change...

"Rude password - login denied": the AT&T April Fool that wasn't


Why, and more importantly, *how*, would you go about weeding out rude passwords?

Surely an April Fool?

Paul Ducklin takes a look...

SHA-1 brute-force attack trimmed by 21% - paper from Oslo password hacking conference

SHA-1 brute-force attack trimmed by 21% - paper from Oslo password hacking conference

Jens Steube, author of the pasword cracking tool hashcat, can make your SHA-1 password cracking tool 25% faster.

Just like that.