[infosecinstitute] How to Perform a Safe Password Analysis

It’s one of the most exciting moments in a security researcher’s work: while looking through an obscure log file, you see strings like “James1984″ and “SecureMe!” scattered throughout the data. Upon closer inspection, you realize that you’ve uncovered hundreds if not thousands of cleartext username/password pairs!

Even as you celebrate your success, you are also tempted to use your victory to push for additional security reforms, such as a stronger password policy, or publish your results to educate other security professionals. But how, exactly, would you go about conducting and publishing a password analysis without exposing the company to harm, from insider threats or otherwise?

[darknet] The 25 Worst Passwords Of 2013 – “password” Is Not #1

The worst passwords of 2013 – really, more like the most common. The majority come from the massive Adobe leak, which contributed over 40 million passwords and skewed the data a fair bit pushing “photoshop” and “adobe123″ into the list.

[zdnet] Change your passwords: Comcast hushes, minimizes serious hack

Summary: Opinion: Comcast took a page from Snapchat's playbook to hush and downplay NullCrew FTS' successful hack on dozens of Comcast's servers — from an unpatched, easy-to-fix vulnerability dated December 2013 — which most likely exposed customer data