The Worst Passwords of the last year

Everyone who uses a PC or Mac gets told not to use easy to guess passwords like “123456” or “password” . As it turns out – people obviously aren’t that bothered as they still use them.

Password management application provider SplashData on Tuesday released a list of the 100 Worst Passwords of 2017, compiled from more than 5 million passwords leaked during the year. For a fourth consecutive year, “123456” and “password” took the top two spots on the list.The list included plenty of other usual suspects like “qwerty” (No. 4), “football” (No. 9), “iloveyou” (No. 10) and “admin” (No. 11), along with some new additions, including “starwars,” which ranked as the 16th worst password of 2017.

“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” SplashData CEO Morgan Slain said in a statement. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”

Other new additions to the list this year included “letmein” (No. 7), “monkey” (No. 13), “123123” (No. 17), “hello” (No. 21), “freedom” (No. 22), “whatever” (No. 23) and “trustno1” (No. 25). SplashData warned that using any of the passwords on the top 100 list “would put users at grave risk for identity theft.”

The company recommends using passphrases instead of simple passwords, mirroring advice earlier this year from the National Institute of Standards and Technology. Passphrases should include at least 12 characters and a mix of characters, including upper and lower cases, SplashData recommended. Users should also be sure to set a unique password for each website, and consider using a password manager.

Without further ado, here’s SplashData’s list of the top 25 worst passwords of 2017. To see the full 100, click here.

1 – 123456
2 – password
3 – 12345678
4 – qwerty
5 – 12345
6 – 123456789
7 – letmein
8 – 1234567
9 – football
10 – iloveyou
11 – admin
12 – welcome
13 – monkey
14 – login
15 – abc123
16 – starwars
17 – 123123
18 – dragon
19 – passw0rd
20 – master
21 – hello
22 – freedom
23 – whatever
24 – qazwsx
25 – trustno1

Vaccine, not Killswitch, Found for Petya (NotPetya) Ransomware Outbreak

By Catalin Cimpanu at www.bleepingcomputer.com
June 27, 2017 05:46 PM 63

Cybereason security researcher Amit Serper has found a way to prevent the Petya (NotPetya/SortaPetya/Petna) ransomware from infecting computers.

The ransomware has been wreaking havoc across the globe today, locking hard drive MFT and MBR sections and preventing computers from booting. Unless victims opted to pay a ransom (which is now pointless and not recommended), there was no way to recover their systems.

In the first hours of the attack, researchers believed this new ransomware was a new version of an older threat called Petya, but they later discovered that this was a new strain altogether, which borrowed some code from Petya, hence the reason why they recently started it calling it NotPetya, Petna, or as we like to call it SortaPetya.

Researchers flocked to find killswitch mechanism

Because of the ransomware’s global outreach, many researchers flocked to analyze it, hoping to find a loophole in its encryption or a killswitch domain that would stop it from spreading, similar to WannaCry.

While analyzing the ransomware’s inner workings, Serper was the first to discover that NotPetya would search for a local file and would exit its encryption routine if that file already existed on disk.

The researcher’s initial findings have been later confirmed by other security researchers, such as PT Security, TrustedSec, and Emsisoft.

This means victims can create that file on their PCs, set it to read-only, and block the NotPetya ransomware from executing.

While this does prevent the ransomware from running, this method is more of a vaccination than a kill switch. This is because each computer user must independently create this file, compared to a “switch” that the ransomware developer could turn on to globally prevent all ransomware infections.

How to Enable the NotPetya/Petna/Petya Vaccine

To vaccinate your computer so that you are unable to get infected with the current strain of NotPetya/Petya/Petna (yeah, this naming is annoying), simply create a file called perfc in the C:\Windows folder and make it read only. For those who want a quick and easy way to perform this task, Lawrence Abrams has created a batch file that performs this step for you.

Please note that he batch file will also create two addition vaccination files called perfc.dat and perfc.dll. While my tests did not indicate that these additional files are needed, I added them for thoroughness based on the replies to this tweet.

This batch file can be found at: https://download.bleepingcomputer.com/bats/nopetyavac.bat (PR PC Support takes no responsibility for use of this batch file – although it has been checked out )

For those who wish to vaccinate their computer manually, you can do so using the following steps. Please note that these steps are being created to make it as easy as possible for those with little computer experience. For those who have greater experience, you can do it in quite a few, and probably better, ways.

First, configure Windows to show file extensions. For those who do not know how to do this, you can use this guide. Just make sure the Folder Options setting for Hide extensions for known file types is unchecked like below.

Once you have enabled the viewing of extensions, which you should always have enabled, open up the C:\Windows folder. Once the folder is open, scroll down till you see the notepad.exe program.

Once you see the notepad.exe program, left-click on it once so it is highlighted. Then press the Ctrl+C ( Ctrl+C Button) to copy and then Ctrl+V ( Ctrl+V Button) to paste it. When you paste it, you will receive a prompt asking you to grant permission to copy the file.

Press the Continue button and the file will be created as notepad – Copy.exe. Left click on this file and press the F2 key on your keyboard and now erase the notepad – Copy.exe file name and type perfc as shown below.

Once the filename has been changed to perfc, press Enter on your keyboard. You will now receive a prompt asking if you are sure you wish to rename it.

Click on the Yes button. Windows will once again ask for permission to rename a file in that folder. Click on the Continue button.

Now that the perfc file has been created, we now need to make it read only. To do that, right-click on the file and select Properties as shown below.

The properties menu for this file will now open. At the bottom will be a checkbox labeled Read-only. Put a checkmark in it as shown in the image below.

Now click on the Apply button and then the OK button. The properties Window should now close. While in my tests, the C:\windows\perfc file is all I needed to vaccinate my computer, it has also been suggested that you create C:\Windows\perfc.dat and C:\Windows\perfc.dll to be thorough. You can redo these steps for those vaccination files as well.

Your computer should now be vaccinated against the NotPetya/SortaPetya/Petya Ransomware.

Sonos Tips: Custom Alarms

Those of you with SONOS system may find this useful – received this email from SONOS ( and if you don’t have one, I strongly recommend you invest! 🙂 )

sonos

Sure, music’s a great way to greet each morning, but there’s a whole day’s worth of things you can do with Sonos Alarms.

  1. Like rise and shine to different songs or playlists on different days. (Funk Fridays, anyone?)
  2. Set up TuneIn radio to deliver your favourite news, weather or local radio shows while you make your morning coffee.
  3. Entertain the dog while you’re away.
  4. Have Beyoncé greet you as you arrive home from work.
  5. Send the kids off to bed with their favourite song.
  6. Wake your better half on their birthday with that song they love.

To set a SONOS alarm

On your Sonos app, tap the Menu, upper left

1

Scroll to Alarms

2

Select ‘new Alarm’

3

Set the Time, Room, Music, Frequency and Volume

4

Tap Done

5