Mark Burnett, A security Consultant has just published 10 million passwords along with their corresponding
usernames. Although it's a thoughtful offering to other researchers but a legally
risky move given the current legal situation surrounding hacking.
Usually, passwords are secretly released only to researchers, but it restricts
them from analyzing how username and password might go together. Burnett
has explained that his aim is to provide a clean set of data to share with the world for quite some
time to provide both, together, as it gives "great insight into user
behavior and is valuable for furthering password security."
But he's done so with some fear and much justification (and, before you panic too
much, he believes most of them are now dead). "I think this is
completely illogical that I have to write an entire article justifying the
release of this data out of fear of prosecution or legal harassment," he
writes on his blog.
Although researchers typically only release passwords, I am releasing
usernames with the passwords. Analysis of usernames with passwords is an
area that has been greatly neglected and can provide as much insight as
studying passwords alone. Most researchers are afraid to publish
usernames and passwords together because combined they become an
authentication feature.
In the case of me releasing usernames and passwords together, my aim is not to defraud, facilitate unauthorized access to a computer
system, steal the identity of others, to aid any crime or to harm any
individual or entity. The sole intent is to further research with the
goal of making authentication more secure and therefore protect from
fraud and unauthorized access.
Ultimately, these passwords are no longer be
valid to the best of my knowledge and I have taken extraordinary measures to make this data
ineffective in targeting particular users or organizations. This data is
extremely valuable for academic and research purposes and for
furthering authentication security and this is why I have released it to
the public domain.
0 comments:
Post a Comment