The Solution to Brute Force Attacks, and Where Most Malicious Sites are Hosted
Article by George Norman
On 11 Mar 2010
A brute force attack occurs when someone with malicious intent goes though all the possible keys until the right one is found. Say for example that an attacker knows your username and needs to crack your password. He will try a gazillion combinations until the one that opens up your account is found.

To keep your account safe and protected, you need to pick a properly strong password. First of all you should avoid using simple words (because the attacker will try every word in the dictionary until the one you used is uncovered) and you should avoid using easily identifiable data (your birthday, your address, something like that). Especially during a brute force it is important that your password cannot be easily guessed. A strong password should contain more than 8 characters long, a random sequence of uppercase and lowercase letters, characters and digits.

Advertising

According to Eset’s Senior Cybercrime Research Analyst, Craig Johnston, an attacker may have to try hundreds of thousands if not millions of combinations to get the password right on some systems. That might seem like a huge number, but keep in mind that on some systems the attacker can try hundreds of combinations per second.

The main protection against brute force attacks is choosing a long password that combines upper and lower case letters, numbers, and special characters. But according to Craig Johnston there is something else that could be done to prevent brute force attacks. Please note that this is not to say that you should stop using strong passwords – Johnston talks about a way of making things very hard for brute force attackers.

“Instead of a system instantly returning with a negative response if the password is incorrect, why not build a delay into the response of say, a tenth of a second? Then, when another log in attempt is name on that same username, the response comes back after a tenth of a second delay. The next failed log in attempt on the username would result in a two tenths delay, then three tenths, etcetera. After one hundred attempts, there would be a ten second delay between responses. By the one thousandth attempt, the delay would be one hundred seconds. This would render a brute force attack useless. But a legitimate user who happened to enter the wrong password would not notice a tenth of a second delay. Even a two tenths or three tenths of a second delay,” explained Johnston.

Moving on, do you have any idea where in the world most malicious sites are hosted? According to popular opinion, most malicious websites are hosted in far, far away countries like China. According to a study conducted by AVG Technologies, the developers behind the popular free antivirus solution AVG Anti-Virus Free Edition 9.0, a staggering 44% of the world’s malicious sites are hosted in the good old US of A. But you were not wrong to thing that China is also host to numerous malicious sites. AVG’s study revealed that the top 3 countries to host malicious sites are the:
  1. United States
  2. Germany
  3. China

"The results of this study shatter the myth that malicious code is primarily hosted in countries where e-crime laws are less developed,” said Karel Obluk, Chief Technology Officer, AVG Technologies. “Our research shows that malicious content is much more likely to show up on web servers in the U.S. than one in Asia or Eastern Europe. This makes perfect sense since the USA is a primary target market for the criminals and has rich and mature Internet infrastructure making the threats both highly accessible and cheap to host. What is most striking is the clear rise in the number of malicious servers in the last six months. Today’s hacking techniques are highly evasive so the average user cannot tell if a website is serving malware or not. A web security product is needed."



Tags: Eset, Brute force attack, AVG Technologies, AVG, Malicious sites, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 24 Jul 2017
Piriform, the London-based company that’s best known for its very useful CCleaner cleaning utility and optimization tool, has been acquired by Avast, the Czech security company that bought AVG for $1.3 billion about a year ago.
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
By George Norman on 17 Jul 2017
If you want top notch protection for your Windows computer, you can’t go wrong by getting something developed by the internationally renowned security company Kaspersky Lab. The problem is that…
By George Norman on 31 Jul 2017
Are people taking better care of their passwords, or have their password habits changed for the worse? To get an answer to that question, data loss prevention software company Digital Guardian surveyed a thousand people about their password security habits and found that...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
The Solution to Brute Force Attacks, and Where Most Malicious Sites are Hosted
HTML Linking Code