this is from /. today. the author happened upon a phishing site with an open directory index. he proceeded to find the phisher’s database, where he analyzed passwords that were there for myspace.

although somewhat problematic statistically, his results are very interesting:

http://cyber-knowledge.net/blog/2006/09/16/analyzing-20000-myspace-passwords/

gadi evron,
ge@beyondsecurity.com.