Back in December, a list of 34,000 MySpace usernames and passwords was released on the Internet. Hackers had used a phishing attack to lure MySpace users to a fake login page. There, users would try to login, only to have their username and password sent to a server in France. This is a classic example of people failing to follow one of the golden rules of email: “Don’t trust links in email… ever”.

What I found interesting was some of the analysis security experts did on the released data. From Bruce Schneier’s artcle in Wired:

The top 20 passwords are (in order):

password1, abc123, myspace1, password, blink182, qwerty1, f*ckyou, 123abc, baseball1, football1, 123456, soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1, iloveyou1, and monkey.

If your password is in the list, or is as horribly insecure as these are, I suggest changing it… hackers aren’t stupid. In many cases they are professional engineers. There is enough money to be made by stealing this stuff that many criminals can now afford to hire professionals.

Here’s something else I found interesting from an article in InfoWorld by Roger Grimes:

I was surprised about how many Christian-sounding — for example, “Ilovejesus” — log-on names were associated with the worst cuss words.

I think that one speaks for itself…

And there’s always something funny from Dilbert: