The Solution to Brute Force Attacks, and Where Most Malicious Sites are Hosted
A brute force attack occurs when someone with malicious intent goes though all the possible keys until the right one is found. Say for example that an attacked knows your username and needs to crack your password. He will try a gazillion combinations until the one that opens up your account is found.
To keep your account safe and protected, you need to pick a properly strong password. First of all you should avoid using simple words (because the attacker will try every word in the dictionary until the one you used is uncovered) and you should avoid using easily identifiable data (your birthday, your address, something like that). Especially during a brute force it is important that your password cannot be easily guessed. A strong password should contain more than 8 characters long, a random sequence of uppercase and lowercase letters, characters and digits.
According to Eset’s Senior Cybercrime Research Analyst, Craig Johnston, an attacker may have to try hundreds of thousands if not millions of combinations to get the password right on some systems. That might seem like a huge number, but keep in mind that on some systems the attacker can try hundreds of combinations per second.
The main protection against brute force attacks is choosing a long password that combines upper and lower case letters, numbers, and special characters. But according to Craig Johnston there is something else that could be done to prevent brute force attacks. Please note that this is not to say that you should stop using strong passwords – Johnston talks about a way of making things very hard for brute force attackers.
“Instead of a system instantly returning with a negative response if the password is incorrect, why not build a delay into the response of say, a tenth of a second? Then, when another log in attempt is name on that same username, the response comes back after a tenth of a second delay. The next failed log in attempt on the username would result in a two tenths delay, then three tenths, etcetera. After one hundred attempts, there would be a ten second delay between responses. By the one thousandth attempt, the delay would be one hundred seconds. This would render a brute force attack useless. But a legitimate user who happened to enter the wrong password would not notice a tenth of a second delay. Even a two tenths or three tenths of a second delay,” explained Johnston.
Moving on, do you have any idea where in the world most malicious sites are hosted? According to popular opinion, most malicious websites are hosted in far, far away countries like China. According to a study conducted by AVG Technologies, the developers behind the popular free antivirus solution AVG Anti-Virus Free Edition 9.0, a staggering 44% of the world’s malicious sites are hosted in the good old US of A. But you were not wrong to thing that China is also host to numerous malicious sites. AVG’s study revealed that the top 3 countries to host malicious sites are the:
"The results of this study shatter the myth that malicious code is primarily hosted in countries where e-crime laws are less developed,” said Karel Obluk, Chief Technology Officer, AVG Technologies. “Our research shows that malicious content is much more likely to show up on web servers in the U.S. than one in Asia or Eastern Europe. This makes perfect sense since the USA is a primary target market for the criminals and has rich and mature Internet infrastructure making the threats both highly accessible and cheap to host. What is most striking is the clear rise in the number of malicious servers in the last six months. Today’s hacking techniques are highly evasive so the average user cannot tell if a website is serving malware or not. A web security product is needed."
Tags: Eset, Brute force attack, AVG Technologies, AVG, Malicious sites, Security
To keep your account safe and protected, you need to pick a properly strong password. First of all you should avoid using simple words (because the attacker will try every word in the dictionary until the one you used is uncovered) and you should avoid using easily identifiable data (your birthday, your address, something like that). Especially during a brute force it is important that your password cannot be easily guessed. A strong password should contain more than 8 characters long, a random sequence of uppercase and lowercase letters, characters and digits.
Advertising
According to Eset’s Senior Cybercrime Research Analyst, Craig Johnston, an attacker may have to try hundreds of thousands if not millions of combinations to get the password right on some systems. That might seem like a huge number, but keep in mind that on some systems the attacker can try hundreds of combinations per second.
The main protection against brute force attacks is choosing a long password that combines upper and lower case letters, numbers, and special characters. But according to Craig Johnston there is something else that could be done to prevent brute force attacks. Please note that this is not to say that you should stop using strong passwords – Johnston talks about a way of making things very hard for brute force attackers.
“Instead of a system instantly returning with a negative response if the password is incorrect, why not build a delay into the response of say, a tenth of a second? Then, when another log in attempt is name on that same username, the response comes back after a tenth of a second delay. The next failed log in attempt on the username would result in a two tenths delay, then three tenths, etcetera. After one hundred attempts, there would be a ten second delay between responses. By the one thousandth attempt, the delay would be one hundred seconds. This would render a brute force attack useless. But a legitimate user who happened to enter the wrong password would not notice a tenth of a second delay. Even a two tenths or three tenths of a second delay,” explained Johnston.
Moving on, do you have any idea where in the world most malicious sites are hosted? According to popular opinion, most malicious websites are hosted in far, far away countries like China. According to a study conducted by AVG Technologies, the developers behind the popular free antivirus solution AVG Anti-Virus Free Edition 9.0, a staggering 44% of the world’s malicious sites are hosted in the good old US of A. But you were not wrong to thing that China is also host to numerous malicious sites. AVG’s study revealed that the top 3 countries to host malicious sites are the:
- United States
- Germany
- China
"The results of this study shatter the myth that malicious code is primarily hosted in countries where e-crime laws are less developed,” said Karel Obluk, Chief Technology Officer, AVG Technologies. “Our research shows that malicious content is much more likely to show up on web servers in the U.S. than one in Asia or Eastern Europe. This makes perfect sense since the USA is a primary target market for the criminals and has rich and mature Internet infrastructure making the threats both highly accessible and cheap to host. What is most striking is the clear rise in the number of malicious servers in the last six months. Today’s hacking techniques are highly evasive so the average user cannot tell if a website is serving malware or not. A web security product is needed."
Tags: Eset, Brute force attack, AVG Technologies, AVG, Malicious sites, Security
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 22 Sep 2011
AVG Technologies, the Czech company that provides antivirus and security software products for home and business users, announced earlier this week that AVG Business Edition 2012 has been released
By George Norman on 05 Sep 2011
AVG Technologies, the Czech company that provides antivirus and security software products for home and business users, announced at the start of the month that AVG Internet Security 2012 has 
By George Norman on 06 Sep 2011
Research Now, a leading global online sampling and online data collection company, was commissioned by AVG Technologies, the Czech company that provides antivirus and security software products for home and business users, to run a survey 
By George Norman on 14 Sep 2011
The antivirus app that AVG Technologies, the Czech company that provides antivirus and security software products for home and business users, recently released to the Windows Phone Marketplace, has been given the boot by Redmond-based software giant MicrosoftAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
The Solution to Brute Force Attacks, and Where Most Malicious Sites are Hosted
HTML Linking Code
HTML Linking Code