Sometimes two stories are destined to intersect. For me two stories just did!
First story: Bitcoin.
Bitcoin is the transaction tool of an underground economy. The users of this currency work for each other and pay in bit coin. One bitcoin is worth about $US5 according to wikipedia. If you want to know about bitcoin wikipedia is a great start.
I heard of a server being discovered working with bitcoin. I asked what someone would do with a server to generate bitcoin. Here I learned a second term rainbow table. The suggestion was that a technician had compromised a server and was using it to create rainbow tables and being paid in bit coin.
First story: Bitcoin.
Bitcoin is the transaction tool of an underground economy. The users of this currency work for each other and pay in bit coin. One bitcoin is worth about $US5 according to wikipedia. If you want to know about bitcoin wikipedia is a great start.
I heard of a server being discovered working with bitcoin. I asked what someone would do with a server to generate bitcoin. Here I learned a second term rainbow table. The suggestion was that a technician had compromised a server and was using it to create rainbow tables and being paid in bit coin.
A rainbow table seems to be a list of every possible password from a given set of characters. A hacker can then use this very large file of possible passwords to hack an account.
As described to me a robot finds a user name and tries to access the account by using the user name with the first password in the table. If it does not work they try it with the second password and on through the millions of passwords in the table till one works.
All very clever and interesting but I was told the story after describing a situation I had encountered.
A student seemed to have had her password guessed. Her account was sending many hundreds of spam email per minute.
We tracked her logs and discovered that after opening an email early in May there was an attempt to log into her account made about every one third of a second. This continued for about 7 weeks till the robot guessed her password. It gained access to her account and began sending spam.
We think this is what happened but it is a simplified version of the whole story.
We calculated that there had been 12,700,800 guesses made at her password before hitting the correct one. The world of bitcoin and rainbow tables, this mythical, distant, geek world; had just collided with my sane, managed, regulated world of school email.
The hacking was shut down as soon as it was discovered simply by changing the password. The hacker will have to move on now.
Is your password good enough to not be guessed from a rainbow table? The only solution is to change it regularly and make it long. It seems that a password of 14 characters may be safe for a while.
The rainbow file for 10 character passwords would take me three months to acquire if I did not want to exceed my internet quota. These people do operate in a world outside my realm.
As described to me a robot finds a user name and tries to access the account by using the user name with the first password in the table. If it does not work they try it with the second password and on through the millions of passwords in the table till one works.
All very clever and interesting but I was told the story after describing a situation I had encountered.
A student seemed to have had her password guessed. Her account was sending many hundreds of spam email per minute.
We tracked her logs and discovered that after opening an email early in May there was an attempt to log into her account made about every one third of a second. This continued for about 7 weeks till the robot guessed her password. It gained access to her account and began sending spam.
We think this is what happened but it is a simplified version of the whole story.
We calculated that there had been 12,700,800 guesses made at her password before hitting the correct one. The world of bitcoin and rainbow tables, this mythical, distant, geek world; had just collided with my sane, managed, regulated world of school email.
The hacking was shut down as soon as it was discovered simply by changing the password. The hacker will have to move on now.
Is your password good enough to not be guessed from a rainbow table? The only solution is to change it regularly and make it long. It seems that a password of 14 characters may be safe for a while.
The rainbow file for 10 character passwords would take me three months to acquire if I did not want to exceed my internet quota. These people do operate in a world outside my realm.