Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
Transcript of Password Cracking
Those who allow anyone (or just the friends of friends) to see everything in their profile, or who show no reserve when adding friends, are at risk of this threat.
With the changes that continue all the time with Facebook privacy settings, it is nearly impossible for most to keep track and make the necessary changes. Estimate! How many users are there on Facebook as of October 2012? 1 candy answer There are 1 billion users Use billing info, email + name to add credit card to amazon.com account Use credit card #, name + billing address to add a new email to amazon account Use "I forgot my password" feature and new email to gain access to account Using name, billing address, and last 4 digits of credit card, gain access to iTunes USe find my phone and find my mac to gain remote access to iPhone, iPad and macbook. wipe everything. @me.com is recovery email for gmail. use to access gmail account. Wipe emails. Gmail is recovery email for twitter, use to access twitter account 70% of people will hand over their password in exchange for a bribe It is possible to convince people
to hand out their password by pretending to
be an IT guy, or someone they're
not and simply ask
for it Researchers from Northwestern University, Stanford University and SRI 30% of people will hand over their password without a bribe Social Engineering -game like guitar hero
-40 min practice (random sequences with a specific sequence showing up more than others)
-5 min test
-tested by how well the user is able to play the sequence as opposed to the other random sequences
-lasts a couple of weeks
-can't be tortured or coerced into revealing the sequence DEFINE THAT WORD! What is phishing? 3 candy answer Phishing is using an email or website that appears to be legitimate in order to gain a user’s password -using www.vvebsite.com instead of www.website.com
-since the majority of users use the same passwords across multiple websites, it is likely that they will gain access to multiple accounts using the info they gain.
- they could emulate a bank website, PayPal, an email,
website, Facebook, etc. How to prevent It From Happening to you study at Berkeley -90% of the people involved were fooled by a good phishing website
-unaffected by age, sex, amount of time spent on the internet, experience or education -check the address bar
-pay attention to the
"secure" symbol on the address bar in particular
- double check what you've typed, phishing makes use of common spelling/typing mistakes
-use bookmarks you've made instead of links you get in
emails Dictionary attack Brute Force Secret Service's DNA - tests every possible combination of characters systematically
- they start with just lower case letters
- 100% effective, however, it might take 4 thousand years to crack it. - uses a list of words to crack the password
- take more human nature into consideration
- people are more likely to use words than random combinations of characters
- takes into account the
tendency of changing "E"s into "3"s - Distributing Networking Attack
- determines criminal's hobbies and interests through the emails, documents, internet history and bookmarks saved on their computer.
- creates a list of words and performs a dictionary attack on encrypted files
- uses 4 thousand computers to date
- criminal working with horses - his password turned out to be an obscure word for one part of a stirrup Systematic Attacks top 5! What are the top 5 most popular passwords? 1 candy each (5 total) 1. "123456"
5. "pussy" In conclusion... The majority of the methods used to crack passwords rely on users compromising their own passwords/systems. The greatest weakness of privacy is human nature