Tag Archive for: Password

Famed Hacker Unveils Wild Crack-In-The-Box Password Cracker Fueled By Dozens Of RTX 4090s


A password cracking setup outfitted with multiple graphics cards.

Kevin Mitnick, a former black hat hooligan-turned-good-guy who spent several years in prison in the 1990s for various computer-related tomfoolery, is showing off a beastly setup outfitted with 30 high-end GeForce graphics cards. We know what you’re wondering—can it run Crysis? It certainly has enough firepower to push pixels around like a schoolyard bully on steroids. But what his setup is really designed to do is to crack passwords with the same speed and ease it would take Hercules to crack a walnut.

Anyone who is not familiar with Mitnick can look him up on Google or visit the Wikipedia entry on him for a quick history lesson. His hacking days started in his pre-teen years and it only gets more interesting from there. The US Department of Justice and Federal Bureau of Investigation are certainly familiar with the man who is widely considered to be the world’s most famous hacker—he eluded both agencies for years…up until he didn’t.

A successful “Free Kevin” movement helped Mitnick earn an early release after spending more than five years behind bars. These days he spends his time as a highly sought-after security consultant. He’s also the chief executive officer at Mitnick Security Consulting, and chief hacking officer at KnowBe4, among other roles on his ever-expanding resume.

Kevin Mitnick tweet showing off his password cracking setup.

In posts shared to both Facebook and Twitter, Mitnick uploaded photos of a “badass password cracker” that the team at KnowBe4 helped him set up and configure. The beastly configuration is outfitted with two dozen of NVIDIA’s flagship consumer graphics cards, the GeForce RTX 4090 based on the Ada Lovelace GPU architecture, as well as six GeForce RTX 2080 cards based on Turing.

“This is what companies come up against when we are hired for Red Team engagements. Our team now has a new large group of GPUs to crack passwords much, much faster,” Mitnick explains.

In security parlance, a Red Team engagement is essentially a simulated cyberattack. You can think of it as an intense security audit. Exposing vulnerabilities is inevitably part of the process, but that’s not the main goal. These simulated attacks test a company’s ability to detect and respond to security threats.

This process is of course…

Source…

How To Hack Your Own Password


[Haseeb] failed the marshmallow test as a kid. He has no self-control. He wastes a lot of time on reddit. There is a solution to this problem — simply lock yourself out of your account. The process is simple, and all you need to do is change your password to something random, change the recovery email address, and click submit. In the blink of an eye, all your imaginary Internet points vanish.

That’s the one guaranteed way to quit reddit. However, [Haseeb] wanted to hold onto those magic Internet points in the event they become worth something. This led to a far more baroque solution. He found a service that would email him at a later date, send an email to himself containing a random password, and quit reddit temporarily. Until that email was delivered, he was officially off reddit. When that email was received, productivity would stop.

A few years pass, and [Haseeb] had some time to kill at his new job. He decided to scrounge up his old password, only to discover he locked himself out of his Reddit account until 2018. What followed is a security exploit of an ’email me in the future’ service, and a great example of how much effort one person will commit to a lifetime of instant gratification.

The email service in question is LetterMeLater, a site that will send an email at some arbitrary point in the future. You can hide the body of the email from yourself, making this a fairly good solution for what [Haseeb] is doing. He was still locked out of his email, though, and emailing the people running LetterMeLater seemed absurd. Dopamine is fun, though, and [Haseeb] eventually found a workaround. This site indexes the body of an email for search. This is great, because the body of the email this site would send [Haseeb] in 2018 contained his reddit password and only his reddit password. With a little bit of code, he can perform substring queries on an email he can’t read. Now, extracting the password is simply a first year CS homework problem.

At this point, the only thing [Haseeb] knows about his password is that it’s a long string of random characters that probably doesn’t include upper-case characters. That’s 26 possible characters, 10 possible numbers,…

Source…

#pussinboots creating a strong password be like #shorts