Password Checker Sites - Use these!

A recent popular Trojan that took account passwords from a famous technical blog site, Gawker.com has been a focus of geek attention.
The UK paper called The Telegraph also wrote about the 25 weakest passwords in use today. These accounts at Gawker were broken into because of weak passwords.
Hackers have been showing more and more interest in breaking into web accounts like Gmail, Hotmail.com, Comcast.net, Live.com, Twitter.com, Ffacebook.com, etc.

While Gmail has released something called 2 step verification as an EXCELLENT option for your Google Account, most other sites are still not doing this.

For a sanity check there are some reliable and trustworthy web sites you can use to test your existing passwords; to see how strong they are.  These great sites let you know if your password is strong enough for today's web:

Microsoft Password Strength Checker
How Secure Is My Password?
The Password Meter
WolframAlpha
our favorite Steve Gibson Password Haystack Webpage 

For creating a very complicated password, consider using Steve Gibson’s  Password Generator Webpage

This is so importnat that we have now published this on both blogs.
- credits to lifehacker.com and grc.com !

How Sophisticated is a 2008 Computer Trojan?

On December 17, 2007 a Symantec security researcher Liam O Murchu discovered a Trojan that is called  Silent Banker. While McAfee names the same Trojan Spy-Agent.cm, it is the same beast. According to the Symantec website, the Trojan horse program was identified perform the following functions:

...records keystrokes, captures screen images, and steals confidential financial information to send to the remote attacker.

Since this discovery it was reviewed again in October 2008 and had grown very sophisticated since it was discovered. According to this review, the software digs deeper into the affected computers, by using rootkit technologies which once installed, sits under the Windows operating system - which means it is even harder to detect by anti-virus software. This Trojan horse has regular communication with its authors, and maintains the website pages for over 400 financial institutions around the world, including the major US firms. When an infected machine his directed to a bank like Chase, the user is immediately redirected to a fake version of the Chase site, with a replica version of the bank's webpage. From there, it skims the user name and password (even for the highly acclaimed two factor authentication bank sites). This infection continues to update itself and send user name and password information back to the Trojan authors and can exist on computers until the machine is completely reformatted and reinstalled.