The world's most famous password was born because it was secretly deleted from the 'dangerous password list'.


by

Damian Patkowski

' SecLists ' is a list of multiple types of data useful for security assessment, including user names, passwords, URLs, sensitive data, etc. that are at high risk of hacking. When a user who discovers that this list contains the password he or she is using secretly deletes only his or her own password, other users find the modified content, and it is a mess.

Projects / OWASP SecLists Project --OWASP
https://www.owasp.org/index.php/Projects/OWASP_SecLists_Project

Since the list of SecLists is published on GitHub, it is data that anyone can easily access from the Internet.

GitHub --danielmiessler / SecLists



One comment will be posted on the GitHub page of SecLists. The comment was posted by software engineer Assaf Nativ (@assafnativ). The comment I posted was, 'Please remove my password from the list, and hackers shouldn't hack me.'



Many users have responded to this comment, and the comment section has developed into a state of great joy.

A user named mitcom said, '@assafnativ, don't forget to update the filename. 10_million_password_list_top_1000.txt (one of the SecLists, a list of the top 1000 most frequently used passwords) is incorrect, 999 Only one password is listed. ' This points out that @assafnativ removed his password (dolphins) from the list from the difference in the update information of '10_million_password_list_top_1000.txt'.



'Change your password to'dolphins'! Now'dolphins' is safe!'



'My password'hunter2'is safe.'



'Is my password'thisissparta'safe ???'



'Is @assafnativ the same password as me?'



'Create a'Password / unhackable_passwords.txt'file and put'dolphins' in it.'



''12345' should be erased. It's a waste of test time because such a stupid password is nothing more than a baggage, it's obviously not used, and it's known to be insecure.'



Some people use images to mess with @assafnativ.



'If you remove'dolphins' from the list, add'thanks for all the fish'instead.'



'The best patch ever'



'Now the world knows your password'



'The best removal request in 2017'



'If you don't want to change your password, you have to change the world.'



'I'm facing a similar problem. My password is'qwe123', but for some reason it's often hacked, so please remove my password from this list as well. Hmm?



Since 'dolphins' has unexpectedly become known to many users, it seems better to change it early if you are using the same password.

in Security, Posted by logu_ii