Italian security researchers from VoidSec have come across a botnet structure that was using vulnerable Aethra Internet routers and modems to launch brute-force attacks on WordPress websites.
This particular incident was uncovered after one of the VoidSec researchers was sifting through his WordPress log file and found a brute-force attack coming from the same IP range. After further investigation, all the IPs came from six Internet Service Providers: Fastweb, Albacom, Clouditalia, Qcom, WIND, and BSI Assurance UK, four of which are from Italy. What all these networks had in common were Aethra routers.Read more
When hackers or penetration testers compromise a system and want access to clear text passwords from a database dump, they must first crack the password hashes that are stored.
Many attackers approach this concept headfirst: They try any arbitrary password attack they feel like trying with little reasoning. This discussion will demonstrate some effective methodologies for password cracking and how statistical analysis of passwords can be used in conjunction with tools to create a time boxed approach to efficient and successful cracking. Password cracking is a dying enterprise.Read more