Meet WordHound, the tool that puts a personal touch on password cracking


Dan Goodin, Ars Technica In the vexing pursuit of passwords that are both easy to remember and hard to crack, many people embed clues into their login credentials, choosing for instance, “playstationplaystationdec2014” to safeguard a recently created gaming account or “L0an@ w0rk!” for an IT administrative account at a financial services company. Now, a whitehat hacker is capitalizing on the habit with a tool that automates the process of launching highly targeted cracking attacks. Dubbed WordHound, the freely available tool scours press releases, white papers, and Twitter accounts belonging to companies or sites that have recently suffered security breaches. The software then generates a list of commonly found words or phrases that attackers can use when trying to convert cryptographic hashes from compromised password databases into the corresponding plaintext passcodes. The tool, devised by security consultant Matthew Marx, was unveiled Wednesday at Passwords 14 conference in Las Vegas. “People are influenced greatly by their environment when choosing a password,” Marx, who works for consultancy MWR Info Security , told Ars. “It could be a work environment, their personal life, or the sport teams they like. I wanted to create a tool that leveraged this human vulnerability.” Read 8 remaining paragraphs | Comments

See the article here:
Meet WordHound, the tool that puts a personal touch on password cracking


Please enter your comment!
Please enter your name here


This site uses Akismet to reduce spam. Learn how your comment data is processed.