Re: [Full-disclosure] Large password list
Creative Commons BY-SA might be more appropriate than the GPL. On Dec 2, 2011 10:41 AM, Travis Biehn tbi...@gmail.com wrote: My password leaks will all be released under the GPL. -Travis On Fri, Dec 2, 2011 at 7:28 AM, Mario Vilas mvi...@gmail.com wrote: On Fri, Dec 2, 2011 at 3:05 AM, adam a...@papsy.net wrote: C:\Users\adam\Desktopls -la combined.zip | gawk {print $5} *31337*317 That's a funny coincidence. :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Twitter https://twitter.com/tbiehn | LinkedInhttp://www.linkedin.com/in/travisbiehn| GitHub http://github.com/tbiehn | TravisBiehn.comhttp://www.travisbiehn.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
Get g0tmi1k's password list, for me there is lot of work behind and i've found that working fine ;) http://g0tmi1k.blogspot.com/2011/06/dictionaries-wordlists.html Regards 2011/12/2 Charles Morris cmor...@cs.odu.edu Of course, you are quite right, it follows, and it's been many years since I've used anything less than 512 bits with strong internal state for anything relevant. Still... On Fri, Dec 2, 2011 at 2:30 PM, Gage Bystrom themadichi...@gmail.com wrote: I think it simply makes sense though. As more and more common passwords are cracked by the multitude of boxes out there dedicated to cracking hashes, the more and more likely that its gunna turn up in a list or a site somewhere. Add in that Google is really good at finding long strings and numbers if they exist on the net and the fact that the entire idea behind hashes is for them to be uniqueyeah. On Dec 2, 2011 11:17 AM, Charles Morris cmor...@cs.odu.edu wrote: This is extremely depressing. On Fri, Dec 2, 2011 at 2:14 PM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Dec 1, 2011 at 10:59 PM, Sanguinarious Rose sanguiner...@occultusterra.com wrote: I am at a lack of words for this, why pay $4.99 when you can just do some simple googling? You can even search pastebin and get a mass collection of password lists from dbases. Add a dash of awk and maybe a pinch of sed and viola! Why even spend the CPU cycles to process the password list? See Jon Callas' post on the Random Bits mailing list: No one bothers cracking the crypto (real life edition), http://lists.randombit.net/pipermail/cryptography/2011-December/001870.html . Interestingly (sadly?), googling the hash worked quite well for me on a number of test cases, including common words and proper names. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
Any specific dictionary file/collection work best for you,and was wpa involved, ifso, wich list was best there.. just, somuch to download there..like 15gig :s i would rather hone in on the effective one :) thanks mate! drew On 5 December 2011 19:28, Alessandro Tagliapietra tagliapietra.alessan...@gmail.com wrote: Get g0tmi1k's password list, for me there is lot of work behind and i've found that working fine ;) http://g0tmi1k.blogspot.com/2011/06/dictionaries-wordlists.html Regards 2011/12/2 Charles Morris cmor...@cs.odu.edu Of course, you are quite right, it follows, and it's been many years since I've used anything less than 512 bits with strong internal state for anything relevant. Still... On Fri, Dec 2, 2011 at 2:30 PM, Gage Bystrom themadichi...@gmail.com wrote: I think it simply makes sense though. As more and more common passwords are cracked by the multitude of boxes out there dedicated to cracking hashes, the more and more likely that its gunna turn up in a list or a site somewhere. Add in that Google is really good at finding long strings and numbers if they exist on the net and the fact that the entire idea behind hashes is for them to be uniqueyeah. On Dec 2, 2011 11:17 AM, Charles Morris cmor...@cs.odu.edu wrote: This is extremely depressing. On Fri, Dec 2, 2011 at 2:14 PM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Dec 1, 2011 at 10:59 PM, Sanguinarious Rose sanguiner...@occultusterra.com wrote: I am at a lack of words for this, why pay $4.99 when you can just do some simple googling? You can even search pastebin and get a mass collection of password lists from dbases. Add a dash of awk and maybe a pinch of sed and viola! Why even spend the CPU cycles to process the password list? See Jon Callas' post on the Random Bits mailing list: No one bothers cracking the crypto (real life edition), http://lists.randombit.net/pipermail/cryptography/2011-December/001870.html. Interestingly (sadly?), googling the hash worked quite well for me on a number of test cases, including common words and proper names. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
On Fri, Dec 2, 2011 at 3:05 AM, adam a...@papsy.net wrote: C:\Users\adam\Desktopls -la combined.zip | gawk {print $5} *31337*317 That's a funny coincidence. :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
Thanks, I'm not really up on my hipster licensing schemes. -Travis On Fri, Dec 2, 2011 at 1:54 PM, Nate Theis ntth...@gmail.com wrote: Creative Commons BY-SA might be more appropriate than the GPL. On Dec 2, 2011 10:41 AM, Travis Biehn tbi...@gmail.com wrote: My password leaks will all be released under the GPL. -Travis On Fri, Dec 2, 2011 at 7:28 AM, Mario Vilas mvi...@gmail.com wrote: On Fri, Dec 2, 2011 at 3:05 AM, adam a...@papsy.net wrote: C:\Users\adam\Desktopls -la combined.zip | gawk {print $5} *31337*317 That's a funny coincidence. :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Twitter https://twitter.com/tbiehn | LinkedInhttp://www.linkedin.com/in/travisbiehn| GitHub http://github.com/tbiehn | TravisBiehn.comhttp://www.travisbiehn.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Twitter https://twitter.com/tbiehn | LinkedInhttp://www.linkedin.com/in/travisbiehn| GitHub http://github.com/tbiehn | TravisBiehn.comhttp://www.travisbiehn.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
On Thu, Dec 1, 2011 at 10:59 PM, Sanguinarious Rose sanguiner...@occultusterra.com wrote: I am at a lack of words for this, why pay $4.99 when you can just do some simple googling? You can even search pastebin and get a mass collection of password lists from dbases. Add a dash of awk and maybe a pinch of sed and viola! Why even spend the CPU cycles to process the password list? See Jon Callas' post on the Random Bits mailing list: No one bothers cracking the crypto (real life edition), http://lists.randombit.net/pipermail/cryptography/2011-December/001870.html. Interestingly (sadly?), googling the hash worked quite well for me on a number of test cases, including common words and proper names. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
This is extremely depressing. On Fri, Dec 2, 2011 at 2:14 PM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Dec 1, 2011 at 10:59 PM, Sanguinarious Rose sanguiner...@occultusterra.com wrote: I am at a lack of words for this, why pay $4.99 when you can just do some simple googling? You can even search pastebin and get a mass collection of password lists from dbases. Add a dash of awk and maybe a pinch of sed and viola! Why even spend the CPU cycles to process the password list? See Jon Callas' post on the Random Bits mailing list: No one bothers cracking the crypto (real life edition), http://lists.randombit.net/pipermail/cryptography/2011-December/001870.html. Interestingly (sadly?), googling the hash worked quite well for me on a number of test cases, including common words and proper names. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
I think it simply makes sense though. As more and more common passwords are cracked by the multitude of boxes out there dedicated to cracking hashes, the more and more likely that its gunna turn up in a list or a site somewhere. Add in that Google is really good at finding long strings and numbers if they exist on the net and the fact that the entire idea behind hashes is for them to be uniqueyeah. On Dec 2, 2011 11:17 AM, Charles Morris cmor...@cs.odu.edu wrote: This is extremely depressing. On Fri, Dec 2, 2011 at 2:14 PM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Dec 1, 2011 at 10:59 PM, Sanguinarious Rose sanguiner...@occultusterra.com wrote: I am at a lack of words for this, why pay $4.99 when you can just do some simple googling? You can even search pastebin and get a mass collection of password lists from dbases. Add a dash of awk and maybe a pinch of sed and viola! Why even spend the CPU cycles to process the password list? See Jon Callas' post on the Random Bits mailing list: No one bothers cracking the crypto (real life edition), http://lists.randombit.net/pipermail/cryptography/2011-December/001870.html. Interestingly (sadly?), googling the hash worked quite well for me on a number of test cases, including common words and proper names. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
Very true... most hashes like, 'lol' and such, are usually around, 12345 is, all the main weak ones are google'able... I do like people like openwall.com, BUT, they do A. contribute BACK to community through owl linux, and, provide lists free, you can optionally buy 700megs for about 20bux, I know i did buy theyre cd, so im guilty of supporting owlOS , and tho, we are also speaking 700megs, and access to gigabytes of lists here... 4bux for 20megs is a joke :P On 3 December 2011 06:14, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Dec 1, 2011 at 10:59 PM, Sanguinarious Rose sanguiner...@occultusterra.com wrote: I am at a lack of words for this, why pay $4.99 when you can just do some simple googling? You can even search pastebin and get a mass collection of password lists from dbases. Add a dash of awk and maybe a pinch of sed and viola! Why even spend the CPU cycles to process the password list? See Jon Callas' post on the Random Bits mailing list: No one bothers cracking the crypto (real life edition), http://lists.randombit.net/pipermail/cryptography/2011-December/001870.html. Interestingly (sadly?), googling the hash worked quite well for me on a number of test cases, including common words and proper names. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
On Fri, 02 Dec 2011 13:40:54 EST, Travis Biehn said: My password leaks will all be released under the GPL. That may not be legally allowable, for one of several reasons: 1) Most password lists are almost certainly mere aggregations of facts and thus not eligible for copyright protection at all. This would almost certainly be true for any list of passwords from one source, as it would almost certainly be programmatic with little or no creative input, and probably true for groups of sources. 2) You can get around that by claiming it's a compilation. 17 USC 101 says: A compilation is a work formed by the collection and assembling of preexisting materials or of data that are selected, coordinated, or arranged in such a way that the resulting work as a whole constitutes an original work of authorship. The term compilation includes collective works. And you can probably make the case that the choice of which sources to include in the compilation constitutes an original work. Congrats. You now have copyright on the compilation - but *not* on the individual passwords. 3) Unfortunately, the individual users still have the copyright on their passwords/hashes, and unless you get their permission, you can't relicense the passwords/hashes under GPL. And there's also the compilation copyright the site has on the list of all passwords at their site :) (For real fun, consider that published and unpublished works are treated differently. And a password list almost always becomes a published work without the permission of the author(s) ;) pgpIExrZoCycN.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
Valdis, (For real fun, consider that published and unpublished works are treated differently. And a password list almost always becomes a published work without the permission of the author(s) ;) Talking of currently implemented systems... One could argue that the author of lists resulting from cracked hashes is the cracker, as the cracker is simply computing one of the infinite collisions that each hash intrinsically has. Nobody can say if that collision was caused by the original password Now back to operational content... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
On Fri, Dec 2, 2011 at 10:26 PM, Charles Morris cmor...@cs.odu.edu wrote: Valdis, (For real fun, consider that published and unpublished works are treated differently. And a password list almost always becomes a published work without the permission of the author(s) ;) Talking of currently implemented systems... One could argue that the author of lists resulting from cracked hashes is the cracker, as the cracker is simply computing one of the infinite collisions that each hash intrinsically has. on a related note: http://en.wikipedia.org/wiki/Illegal_number http://en.wikipedia.org/wiki/Illegal_prime -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
Of course, you are quite right, it follows, and it's been many years since I've used anything less than 512 bits with strong internal state for anything relevant. Still... On Fri, Dec 2, 2011 at 2:30 PM, Gage Bystrom themadichi...@gmail.com wrote: I think it simply makes sense though. As more and more common passwords are cracked by the multitude of boxes out there dedicated to cracking hashes, the more and more likely that its gunna turn up in a list or a site somewhere. Add in that Google is really good at finding long strings and numbers if they exist on the net and the fact that the entire idea behind hashes is for them to be uniqueyeah. On Dec 2, 2011 11:17 AM, Charles Morris cmor...@cs.odu.edu wrote: This is extremely depressing. On Fri, Dec 2, 2011 at 2:14 PM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Dec 1, 2011 at 10:59 PM, Sanguinarious Rose sanguiner...@occultusterra.com wrote: I am at a lack of words for this, why pay $4.99 when you can just do some simple googling? You can even search pastebin and get a mass collection of password lists from dbases. Add a dash of awk and maybe a pinch of sed and viola! Why even spend the CPU cycles to process the password list? See Jon Callas' post on the Random Bits mailing list: No one bothers cracking the crypto (real life edition), http://lists.randombit.net/pipermail/cryptography/2011-December/001870.html. Interestingly (sadly?), googling the hash worked quite well for me on a number of test cases, including common words and proper names. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Large password list
I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
On 12/1/11 6:14 PM, Addy Yeow wrote: I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) Anyone linking a warez version (Why pay $4.99?) ? -naif ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
There are many password lists already available for free out in the wild but mostly lack the quality. The minimal fee for UNIQPASS is necessary to help: - keep ongoing effort to improve the quality of the list over time - ensure frequent updates, i.e. when new leaked databases appear (existing users of UNIQPASS get updated copy for free) - cover cost of upstream bandwidth, the list is currently at 64MB compressed and new versions are likely to only get larger - reduce abuse On Fri, Dec 2, 2011 at 1:33 AM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: On 12/1/11 6:14 PM, Addy Yeow wrote: I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) Anyone linking a warez version (Why pay $4.99?) ? -naif ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
- reduce abuse The concerning part is that you're serious. Tell me, how does someone paying for a list of STOLEN passwords reduce abuse? This email, your obsession with LulzSec and the disclaimer on your site make it pretty clear where the information is coming from, so what kind of abuse potential does this have by someone not paying? And who are you to not only take credit, but also demand payment, for other peoples' efforts? I'm partly tempted to buy and post the list here just to spite you for being so idiotic. On Thu, Dec 1, 2011 at 7:16 PM, Addy Yeow ayeo...@gmail.com wrote: There are many password lists already available for free out in the wild but mostly lack the quality. The minimal fee for UNIQPASS is necessary to help: - keep ongoing effort to improve the quality of the list over time - ensure frequent updates, i.e. when new leaked databases appear (existing users of UNIQPASS get updated copy for free) - cover cost of upstream bandwidth, the list is currently at 64MB compressed and new versions are likely to only get larger - reduce abuse On Fri, Dec 2, 2011 at 1:33 AM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: On 12/1/11 6:14 PM, Addy Yeow wrote: I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) Anyone linking a warez version (Why pay $4.99?) ? -naif ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
Which country is UNIQPASS registered as a tm? On Fri, Dec 2, 2011 at 1:47 AM, adam a...@papsy.net wrote: - reduce abuse The concerning part is that you're serious. Tell me, how does someone paying for a list of STOLEN passwords reduce abuse? This email, your obsession with LulzSec and the disclaimer on your site make it pretty clear where the information is coming from, so what kind of abuse potential does this have by someone not paying? And who are you to not only take credit, but also demand payment, for other peoples' efforts? I'm partly tempted to buy and post the list here just to spite you for being so idiotic. On Thu, Dec 1, 2011 at 7:16 PM, Addy Yeow ayeo...@gmail.com wrote: There are many password lists already available for free out in the wild but mostly lack the quality. The minimal fee for UNIQPASS is necessary to help: - keep ongoing effort to improve the quality of the list over time - ensure frequent updates, i.e. when new leaked databases appear (existing users of UNIQPASS get updated copy for free) - cover cost of upstream bandwidth, the list is currently at 64MB compressed and new versions are likely to only get larger - reduce abuse On Fri, Dec 2, 2011 at 1:33 AM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: On 12/1/11 6:14 PM, Addy Yeow wrote: I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) Anyone linking a warez version (Why pay $4.99?) ? -naif ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
Also, not to beat a dead horse, but.. - cover cost of upstream bandwidth, the list is currently at 64MB compressed and new versions are likely to only get larger Is also pretty ridiculous. Why? Because you're offering hashes.txthttp://dazzlepod.com/site_media/txt/hashes.txt , passwords.txt http://dazzlepod.com/site_media/txt/passwords.txt and uniqpass_preview.txthttp://dazzlepod.com/site_media/txt/uniqpass_preview.txt to the world: C:\Users\adam\Desktopls -la uniqpass_preview.txt | gawk {print $5} 19855177 C:\Users\adam\Desktopls -la passwords.txt | gawk {print $5} 17496649 C:\Users\adam\Desktopls -la hashes.txt | gawk {print $5} 22033538 C:\Users\adam\Desktopecho 19855177 + 17496649 + 22033538 | bc 59385364 In total, 56MB and you're offering them for free and uncompressed. C:\Users\adam\Desktopzip -9 combined.zip passwords.txt uniqpass_preview.txt hashes.txt adding: passwords.txt (164 bytes security) (deflated 60%) adding: uniqpass_preview.txt (164 bytes security) (deflated 38%) adding: hashes.txt (164 bytes security) (deflated 46%) C:\Users\adam\Desktopls -la combined.zip | gawk {print $5} 31337317 Meanwhile, if you were compressing them: they'd be almost half the size. But you're not, you don't even seem concerned with doing so, and you're going to pretend that 8MB is really making *that* big of a difference? If so, why are you wasting 27MB by offering those 3 files uncompressed? That doesn't really make much sense to me. On Thu, Dec 1, 2011 at 7:52 PM, Benji m...@b3nji.com wrote: Which country is UNIQPASS registered as a tm? On Fri, Dec 2, 2011 at 1:47 AM, adam a...@papsy.net wrote: - reduce abuse The concerning part is that you're serious. Tell me, how does someone paying for a list of STOLEN passwords reduce abuse? This email, your obsession with LulzSec and the disclaimer on your site make it pretty clear where the information is coming from, so what kind of abuse potential does this have by someone not paying? And who are you to not only take credit, but also demand payment, for other peoples' efforts? I'm partly tempted to buy and post the list here just to spite you for being so idiotic. On Thu, Dec 1, 2011 at 7:16 PM, Addy Yeow ayeo...@gmail.com wrote: There are many password lists already available for free out in the wild but mostly lack the quality. The minimal fee for UNIQPASS is necessary to help: - keep ongoing effort to improve the quality of the list over time - ensure frequent updates, i.e. when new leaked databases appear (existing users of UNIQPASS get updated copy for free) - cover cost of upstream bandwidth, the list is currently at 64MB compressed and new versions are likely to only get larger - reduce abuse On Fri, Dec 2, 2011 at 1:33 AM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: On 12/1/11 6:14 PM, Addy Yeow wrote: I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) Anyone linking a warez version (Why pay $4.99?) ? -naif ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
This is what whitehats would probably class as a 'blackhat' , the sad thing is, i bet NO blackhats, really like this.. not serious ones. Its sad, your a pathetic person, resorting to online theft, to cover your bs demands, as pointed out, what 'costs', for keeping, stolen data... ? ONLY the cost, You are, to the community. your called a bad scourge, and bad example of a hacker. I wish you and your website and service, are overthrown, your a fool, and, you suck. i hope feds are pulling you apart. amigo. go fk yourself, rot. your NO hacker, your 'wanker' go whack d1ck sum more. Bad sad kid with some sqli...well, sadly, you should NEVER post criinal activities, to a list like this, are you stupid or, just fucking REALLY STUPID?? Idiot You are NO blackhat,and NO hacker. xd On 2 December 2011 12:52, Benji m...@b3nji.com wrote: Which country is UNIQPASS registered as a tm? On Fri, Dec 2, 2011 at 1:47 AM, adam a...@papsy.net wrote: - reduce abuse The concerning part is that you're serious. Tell me, how does someone paying for a list of STOLEN passwords reduce abuse? This email, your obsession with LulzSec and the disclaimer on your site make it pretty clear where the information is coming from, so what kind of abuse potential does this have by someone not paying? And who are you to not only take credit, but also demand payment, for other peoples' efforts? I'm partly tempted to buy and post the list here just to spite you for being so idiotic. On Thu, Dec 1, 2011 at 7:16 PM, Addy Yeow ayeo...@gmail.com wrote: There are many password lists already available for free out in the wild but mostly lack the quality. The minimal fee for UNIQPASS is necessary to help: - keep ongoing effort to improve the quality of the list over time - ensure frequent updates, i.e. when new leaked databases appear (existing users of UNIQPASS get updated copy for free) - cover cost of upstream bandwidth, the list is currently at 64MB compressed and new versions are likely to only get larger - reduce abuse On Fri, Dec 2, 2011 at 1:33 AM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: On 12/1/11 6:14 PM, Addy Yeow wrote: I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) Anyone linking a warez version (Why pay $4.99?) ? -naif ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
22033538 whats this hash for nothin. hes a f00l. altho, i dont like you, atleast, you see a fool as i do. unfortunately, your not much better. On 2 December 2011 13:05, adam a...@papsy.net wrote: Also, not to beat a dead horse, but.. - cover cost of upstream bandwidth, the list is currently at 64MB compressed and new versions are likely to only get larger Is also pretty ridiculous. Why? Because you're offering hashes.txt, passwords.txt and uniqpass_preview.txt to the world: C:\Users\adam\Desktopls -la uniqpass_preview.txt | gawk {print $5} 19855177 C:\Users\adam\Desktopls -la passwords.txt | gawk {print $5} 17496649 C:\Users\adam\Desktopls -la hashes.txt | gawk {print $5} 22033538 C:\Users\adam\Desktopecho 19855177 + 17496649 + 22033538 | bc 59385364 In total, 56MB and you're offering them for free and uncompressed. C:\Users\adam\Desktopzip -9 combined.zip passwords.txt uniqpass_preview.txt hashes.txt adding: passwords.txt (164 bytes security) (deflated 60%) adding: uniqpass_preview.txt (164 bytes security) (deflated 38%) adding: hashes.txt (164 bytes security) (deflated 46%) C:\Users\adam\Desktopls -la combined.zip | gawk {print $5} 31337317 Meanwhile, if you were compressing them: they'd be almost half the size. But you're not, you don't even seem concerned with doing so, and you're going to pretend that 8MB is really making that big of a difference? If so, why are you wasting 27MB by offering those 3 files uncompressed? That doesn't really make much sense to me. On Thu, Dec 1, 2011 at 7:52 PM, Benji m...@b3nji.com wrote: Which country is UNIQPASS registered as a tm? On Fri, Dec 2, 2011 at 1:47 AM, adam a...@papsy.net wrote: - reduce abuse The concerning part is that you're serious. Tell me, how does someone paying for a list of STOLEN passwords reduce abuse? This email, your obsession with LulzSec and the disclaimer on your site make it pretty clear where the information is coming from, so what kind of abuse potential does this have by someone not paying? And who are you to not only take credit, but also demand payment, for other peoples' efforts? I'm partly tempted to buy and post the list here just to spite you for being so idiotic. On Thu, Dec 1, 2011 at 7:16 PM, Addy Yeow ayeo...@gmail.com wrote: There are many password lists already available for free out in the wild but mostly lack the quality. The minimal fee for UNIQPASS is necessary to help: - keep ongoing effort to improve the quality of the list over time - ensure frequent updates, i.e. when new leaked databases appear (existing users of UNIQPASS get updated copy for free) - cover cost of upstream bandwidth, the list is currently at 64MB compressed and new versions are likely to only get larger - reduce abuse On Fri, Dec 2, 2011 at 1:33 AM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: On 12/1/11 6:14 PM, Addy Yeow wrote: I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) Anyone linking a warez version (Why pay $4.99?) ? -naif ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
In case you missed it, that's one of the other files he's hosting off that website. Part of his plan to sell this groundbreaking .txt file, or whatever. On Thu, Dec 1, 2011 at 8:11 PM, xD 0x41 sec...@gmail.com wrote: 22033538 whats this hash for nothin. hes a f00l. altho, i dont like you, atleast, you see a fool as i do. unfortunately, your not much better. On 2 December 2011 13:05, adam a...@papsy.net wrote: Also, not to beat a dead horse, but.. - cover cost of upstream bandwidth, the list is currently at 64MB compressed and new versions are likely to only get larger Is also pretty ridiculous. Why? Because you're offering hashes.txt, passwords.txt and uniqpass_preview.txt to the world: C:\Users\adam\Desktopls -la uniqpass_preview.txt | gawk {print $5} 19855177 C:\Users\adam\Desktopls -la passwords.txt | gawk {print $5} 17496649 C:\Users\adam\Desktopls -la hashes.txt | gawk {print $5} 22033538 C:\Users\adam\Desktopecho 19855177 + 17496649 + 22033538 | bc 59385364 In total, 56MB and you're offering them for free and uncompressed. C:\Users\adam\Desktopzip -9 combined.zip passwords.txt uniqpass_preview.txt hashes.txt adding: passwords.txt (164 bytes security) (deflated 60%) adding: uniqpass_preview.txt (164 bytes security) (deflated 38%) adding: hashes.txt (164 bytes security) (deflated 46%) C:\Users\adam\Desktopls -la combined.zip | gawk {print $5} 31337317 Meanwhile, if you were compressing them: they'd be almost half the size. But you're not, you don't even seem concerned with doing so, and you're going to pretend that 8MB is really making that big of a difference? If so, why are you wasting 27MB by offering those 3 files uncompressed? That doesn't really make much sense to me. On Thu, Dec 1, 2011 at 7:52 PM, Benji m...@b3nji.com wrote: Which country is UNIQPASS registered as a tm? On Fri, Dec 2, 2011 at 1:47 AM, adam a...@papsy.net wrote: - reduce abuse The concerning part is that you're serious. Tell me, how does someone paying for a list of STOLEN passwords reduce abuse? This email, your obsession with LulzSec and the disclaimer on your site make it pretty clear where the information is coming from, so what kind of abuse potential does this have by someone not paying? And who are you to not only take credit, but also demand payment, for other peoples' efforts? I'm partly tempted to buy and post the list here just to spite you for being so idiotic. On Thu, Dec 1, 2011 at 7:16 PM, Addy Yeow ayeo...@gmail.com wrote: There are many password lists already available for free out in the wild but mostly lack the quality. The minimal fee for UNIQPASS is necessary to help: - keep ongoing effort to improve the quality of the list over time - ensure frequent updates, i.e. when new leaked databases appear (existing users of UNIQPASS get updated copy for free) - cover cost of upstream bandwidth, the list is currently at 64MB compressed and new versions are likely to only get larger - reduce abuse On Fri, Dec 2, 2011 at 1:33 AM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: On 12/1/11 6:14 PM, Addy Yeow wrote: I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) Anyone linking a warez version (Why pay $4.99?) ? -naif ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
As usual Xd is trolling .. and I shouldn't answer but he pisses me off .. Gary B On 12/01/2011 09:10 PM, xD 0x41 wrote: This is what whitehats would probably class as a 'blackhat' , the sad thing is, i bet NO blackhats, really like this.. not serious ones. Its sad, your a pathetic person, resorting to online theft, to cover your bs demands, as pointed out, what 'costs', for keeping, stolen data... ? ONLY the cost, You are, to the community. your called a bad scourge, and bad example of a hacker. I wish you and your website and service, are overthrown, your a fool, and, you suck. i hope feds are pulling you apart. amigo. go fk yourself, rot. your NO hacker, your 'wanker' go whack d1ck sum more. Bad sad kid with some sqli...well, sadly, you should NEVER post criinal activities, to a list like this, are you stupid or, just fucking REALLY STUPID?? Idiot You are NO blackhat,and NO hacker. xd On 2 December 2011 12:52, Benji m...@b3nji.com wrote: Which country is UNIQPASS registered as a tm? On Fri, Dec 2, 2011 at 1:47 AM, adam a...@papsy.net wrote: - reduce abuse The concerning part is that you're serious. Tell me, how does someone paying for a list of STOLEN passwords reduce abuse? This email, your obsession with LulzSec and the disclaimer on your site make it pretty clear where the information is coming from, so what kind of abuse potential does this have by someone not paying? And who are you to not only take credit, but also demand payment, for other peoples' efforts? I'm partly tempted to buy and post the list here just to spite you for being so idiotic. On Thu, Dec 1, 2011 at 7:16 PM, Addy Yeow ayeo...@gmail.com wrote: There are many password lists already available for free out in the wild but mostly lack the quality. The minimal fee for UNIQPASS is necessary to help: - keep ongoing effort to improve the quality of the list over time - ensure frequent updates, i.e. when new leaked databases appear (existing users of UNIQPASS get updated copy for free) - cover cost of upstream bandwidth, the list is currently at 64MB compressed and new versions are likely to only get larger - reduce abuse On Fri, Dec 2, 2011 at 1:33 AM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: On 12/1/11 6:14 PM, Addy Yeow wrote: I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) Anyone linking a warez version (Why pay $4.99?) ? -naif ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
On Fri, 02 Dec 2011 13:10:14 +1100, xD 0x41 said: Idiot You are NO blackhat,and NO hacker. xd You know things are pretty screwed up when I'm +1'ing an xD rant. :) pgp6MREtrth6e.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
I am at a lack of words for this, why pay $4.99 when you can just do some simple googling? You can even search pastebin and get a mass collection of password lists from dbases. Add a dash of awk and maybe a pinch of sed and viola! If you are like me I always download and store the various dbase leaks because it makes an awesome dictionary. Some more simple magic and you have a cut down list of all the common passwords used. I'd rather spend the money on some coffee to drink while I do the above examples. On Thu, Dec 1, 2011 at 10:14 AM, Addy Yeow ayeo...@gmail.com wrote: I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
Or simply, use openwal.com who atleast do something and have an oyutstanding os... they do not charge on that basis, and also the socalled hash, if you look in the 3 offered fiiles, theyre all same length of digits, i am not even sure what hes offering, because, i assume that is a decrypted list...not encrypted, yet he has *_hash.txt there,wich is same length as other txt files, same ne line, 5 digit kinda list... not even a 1234 :s lol... its very ambiguous, and id beware that it is just not a flare, to get ppl to visit, to infect, other ways... be careful guys... l,theyre cdlists, and a million others linked to them :s its kinda stupid and, hopefully it dies... like, shutdown. On 2 December 2011 14:59, Sanguinarious Rose sanguiner...@occultusterra.com wrote: I am at a lack of words for this, why pay $4.99 when you can just do some simple googling? You can even search pastebin and get a mass collection of password lists from dbases. Add a dash of awk and maybe a pinch of sed and viola! If you are like me I always download and store the various dbase leaks because it makes an awesome dictionary. Some more simple magic and you have a cut down list of all the common passwords used. I'd rather spend the money on some coffee to drink while I do the above examples. On Thu, Dec 1, 2011 at 10:14 AM, Addy Yeow ayeo...@gmail.com wrote: I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
http://dazzlepod.com/site_media/txt/passwords.txt hes put alo of passes here, and makes direct compares to JTR on the website.. this seems to be the Point of sale also...so this domain would shape the outcome.. On 2 December 2011 14:40, Richard Golodner rgolod...@infratection.com wrote: On Fri, 2011-12-02 at 14:14 +1100, xD 0x41 wrote: needs to b shudown...if it can be... cheers, always happy to speak to you :) Always happy to speak with you as well my friend. We can shut the fucker down. Can you give me his domain name. I think that a shitty php bug would get a lot of L44t hackers as they see that shit and just download it without thinking about it. Get me a little background info and I can get started. Richard ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/