Lost+Found: Twitter password cracking and GPL malware
Too short for news, too good to lose; Lost+Found is a round up of useful security news. Today: Password cracking with Twitter, GPL Malware and are you ready for the Cyber Exploitation Corps?
- Twitter turns out to be a remarkably rich source of word lists as Joshua Dustin demonstrates. He used a simple Twitter search and some keywords about his target to generate a 4,400 word list which yielded 1,978 passwords; he used John The Ripper and as a target the MilitarySingles.com MD5 password hashes.
- It may only be a joke, but the CrySyS.hu researchers want the source for Duqu and they have the GPL on their side. It appears that, unlike Flame which used permissively licensed open source, Duqu used GPL licensed software. As the Duqu developers have distributed the code, that means that the GPL comes into force and the malware makers need to make the source code available.
- The Cyber Exploitation Corps want you, or at least someone skilled in computer security, intrusion detection, pen-testing and packet analysis, according to a job posting from the NSA. The mission is Computer Network Operations which involves "network navigation, tactical forensic analysis, and collection of valuable intelligence information".