Italian security researchers from VoidSec have come across a botnet structure that was using vulnerable Aethra Internet routers and modems to launch brute-force attacks on WordPress websites.
This particular incident was uncovered after one of the VoidSec researchers was sifting through his WordPress log file and found a brute-force attack coming from the same IP range. After further investigation, all the IPs came from six Internet Service Providers: Fastweb, Albacom, Clouditalia, Qcom, WIND, and BSI Assurance UK, four of which are from Italy. What all these networks had in common were Aethra routers.Read more
When hackers or penetration testers compromise a system and want access to clear text passwords from a database dump, they must first crack the password hashes that are stored.
Many attackers approach this concept headfirst: They try any arbitrary password attack they feel like trying with little reasoning. This discussion will demonstrate some effective methodologies for password cracking and how statistical analysis of passwords can be used in conjunction with tools to create a time boxed approach to efficient and successful cracking. Password cracking is a dying enterprise.Read more
A brute force attack is, simply, an attack on a username, password, etc. that systematically checks all possible combinations until the correct one is found. Scripts are usually used in these attacks to automate the process of arriving at the correct username/password combination.
This is why time is of the essence when it comes to detecting and stopping a brute force attack – the more time the attacker has, the more passwords can be tried. Brute force attacks are one of the few hacks detectable by their volume, rather than their type. As an IT professional - do you know what a brute force attack is, how to spot one when it happens, and how to prevent it?Read more