LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-18-2010, 03:24 PM   #1
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Smile Most popular SSH usernames and passwords (graphically represented)


DRG SSH Username and Password Authentication Tag Clouds

Thanks to Bruce Schneier for covering this.
 
Old 09-18-2010, 04:57 PM   #2
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 12,102

Rep: Reputation: 982Reputation: 982Reputation: 982Reputation: 982Reputation: 982Reputation: 982Reputation: 982Reputation: 982
I thought this (also) relevant:
Quote:
Just to clarify - these are popular usernames and passwords used by SSH scanner/brute forcers. This doesn't necessarily correlate to popular account credentials actually in use in the wild.
 
Old 09-18-2010, 06:20 PM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Good catch! I'd actually love to find out exactly what the sources of this data are. The authors of the visualization should provide a description on that page I think. It seems like it's being pulled from observations of brute force attack attempts in the wild (as the graph is supposedly being updated hourly). If that's the case, it won't correlate so much with actual credentials in use, unless we view brute force scanner developers as having top-notch knowledge about the matter. If, OTOH, only successful authentications are being considered, then that might give this more weight (albeit still not enough to make conclusions about actual credential popularity).
 
Old 09-19-2010, 10:41 AM   #4
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,887

Rep: Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774
When I have seen this kind of thing before (& I've never seen it done as a tag cloud, which was neat) it has usually been from honeypot research, so that is better described as the most popular with the bad guys to try to attack, rather than the passwords/usernames most frequently used in the real world.

I don't really see how you could do anything else to get this information, but I am probably overlooking something cunning, as usual...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Snooping For Usernames And Passwords Over SSH Using Strace On Linux LXer Syndicated Linux News 0 05-27-2009 07:50 PM
Storing usernames and passwords on the web? concoran Linux - General 9 03-28-2008 03:55 PM
Restoring usernames & passwords to a protected directory under Debian & Plesk CP ppcw Linux - Newbie 2 02-16-2008 04:11 PM
default usernames/passwords andrew285 Suse/Novell 6 07-17-2006 06:14 PM
Usernames/Passwords tracker kemplej Linux - Software 1 09-17-2004 06:19 AM


All times are GMT -5. The time now is 02:07 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration