Re: [Full-disclosure] Large password list

[Addy Yeow]

There are many password lists already available for free out in the wild
but mostly lack the quality.

The minimal fee for UNIQPASS is necessary to help:
- keep ongoing effort to improve the quality of the list over time
- ensure frequent updates, i.e. when new leaked databases appear (existing
users of UNIQPASS get updated copy for free)
- cover cost of upstream bandwidth, the list is currently at  64MB
compressed and new versions are likely to only get larger
- reduce abuse

On Fri, Dec 2, 2011 at 1:33 AM, Fabio Pietrosanti (naif) <
li...@infosecurity.ch> wrote:

> On 12/1/11 6:14 PM, Addy Yeow wrote:
> > I thought some of you may find this large password list useful, over 27
> > million entries.
> > http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99)
>
> Anyone linking a warez version (Why pay $4.99?) ?
>
> -naif
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Large password list

[Addy Yeow]

I thought some of you may find this large password list useful, over 27
million entries.
http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzCheck--a tool for checking account security

[Addy Yeow]

You can check searchable list of the leaked accounts at
http://dazzlepod.com/lulzsec/final/

On Sun, Jun 26, 2011 at 2:18 PM, Nathan Whitmore  wrote:

>
> So, apparently LulzSec is  over and done with. Even so, they’ve left a lot
> behind, in the form of more than 100,000 compromised passwords. Cearly, this
> is still potentially a problem, especially considering password reuse.
>
> LulzCheck is a Greasemonkey script for Firefox. Basically, whenever you log
> into a website, it checks the username that you supply against an updated
> list of accounts that have been “leaked” by LulzSec, and gives you a warning
> if it finds your login in that list.
>
> Keep in mind, if you get a warning message, it *may not actually apply to
> the site that your are logging into. *Because people reuse logins, and the
> ultimate origin of some of the leaked usernames/passwords is unknown, it’s
> not really possible for LulzCheck to automatically pin down exactly what
> accounts you need to change.
>
> *LulzCheck can be downloaded at http://userscripts.org/scripts/show/105484
> *
>
> --
> Any technology distinguishable from magic is by definition insufficiently
> advanced
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.dazzlepod.com . http://twitter.com/dazzlepod
We write elegant and minimal apps that works. We develop web apps with
Django framework.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Lulzsec leaked accounts -- change your password if affected

[Addy Yeow]

*On June 16, 2011, LulzSec released over 62,000 accounts containing emails
and passwords in cleartext obtained from random sources. LulzSec announced
the release in a Twitter post at
https://twitter.com/#!/LulzSec/status/81327464156119040. The table below is
the list of these accounts. Passwords have been completely masked to protect
the users from further attacks.**
**This disclosure was mentioned in Los Angeles
Times
, 
PCWorld
 and CBC 
News
.**
**What should you do?
Use the search box below to find out if your email is in the list. If yes,
you are advised to change your password immediately if it is still in use
elsewhere. For your privacy, do not enter your complete email in the search
box. Try using the first part of your email instead, e.g. example instead of
exam...@example.com.*
*

Disclosure URL: *http://dazzlepod.com/lulzsec/
Over 10% accounts appear to be still accessible.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/