1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News RockYou passwords stolen

Discussion in 'Article Discussion' started by CardJoe, 16 Dec 2009.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,346
    Likes Received:
    316
    CardJoe, 16 Dec 2009
    #1
  2. mi1ez

    mi1ez Modder

    Joined:
    11 Jun 2009
    Posts:
    1,622
    Likes Received:
    104
    These people sound like idiots, but I wonder how many other companies have databases that are similarly unsecure...

    I'll bet it's more than we'd even like to think about!
     
    mi1ez, 16 Dec 2009
    #2
  3. yuusou

    yuusou Multimodder

    Joined:
    5 Nov 2006
    Posts:
    2,878
    Likes Received:
    955
    +1
     
    yuusou, 16 Dec 2009
    #3
  4. NickCPC

    NickCPC Minimodder

    Joined:
    8 Apr 2009
    Posts:
    260
    Likes Received:
    52
    Most of their "gadgets" are rubbish anyway, I'm glad I don't use their "services".
     
    NickCPC, 16 Dec 2009
    #4
  5. NuTech

    NuTech Minimodder

    Joined:
    18 Mar 2002
    Posts:
    2,222
    Likes Received:
    96
    Why on earth would they store passwords in their database? That's as irresponsible as it gets.

    This quote on their homepage made me laugh too -
    No, obviously we don't 'know'...
     
    NuTech, 16 Dec 2009
    #5
  6. BradShort

    BradShort Familyman - Forever gamer

    Joined:
    23 Apr 2009
    Posts:
    482
    Likes Received:
    31
    no need to keep passwords, n00bs. If your data is that insecure i believe you should be able to sue.....
     
    BradShort, 16 Dec 2009
    #6
  7. sear

    sear Guest

    This is why you keep your personal information off the Internet as much as you can. Nothing is safe or secure anymore.
     
    sear, 16 Dec 2009
    #7
  8. TomH

    TomH BELTALOWDA!

    Joined:
    28 Nov 2002
    Posts:
    837
    Likes Received:
    45
    +2^9000
     
    TomH, 16 Dec 2009
    #8
  9. Mr T

    Mr T 4 Left Into Long 3 Right

    Joined:
    14 Nov 2001
    Posts:
    1,742
    Likes Received:
    0
    What kind of n00b stores passwords in plaintext >_<
     
    Mr T, 16 Dec 2009
    #9
  10. mclean007

    mclean007 Officious Bystander

    Joined:
    22 May 2003
    Posts:
    2,035
    Likes Received:
    15
    And that concludes lesson 101 in why you shouldn't rely on SSL alone to secure user data - just because the user session is secure from snooping doesn't mean someone can't extract the data from your database. At an absolute minimum, passwords should be irreversibly hashed before being entered into a database. Preferably use a salt with hmac (http://uk3.php.net/manual/en/function.hash-hmac.php) to prevent simple collision searches on hashed data. Hashing does increase database size (a typical password might be 8 chars, a typical hash is 128 or 160 bit, i.e. 32/40 hex chars or 27/22 base 64 chars) but that is a small price to pay, and the difference is unlikely to have substantial diskspace / performance implications unless we're talking about a database the size of Facebook's.

    Also, encrypting everything isn't a bad idea (though usability / performance implications may make it impractical). Lastly, what clown left the backdoor open? It isn't hard to unescape every user passed parameter to guard against mySQL injection. http://uk3.php.net/manual/en/function.mysql-real-escape-string.php
     
    mclean007, 16 Dec 2009
    #10
  11. mclean007

    mclean007 Officious Bystander

    Joined:
    22 May 2003
    Posts:
    2,035
    Likes Received:
    15
    double post
     
    Last edited: 16 Dec 2009
    mclean007, 16 Dec 2009
    #11
  12. bigsharn

    bigsharn Officially demotivated

    Joined:
    9 May 2008
    Posts:
    2,605
    Likes Received:
    83
    I think I've got a Bebo with RockYou Horoscope on it from about 4 years ago with the name Bigsharn Macwartbutt and the address of the whitehouse... so I'm not worried :p
     
    bigsharn, 16 Dec 2009
    #12
  13. 1ad7

    1ad7 What's a Dremel?

    Joined:
    13 Feb 2008
    Posts:
    263
    Likes Received:
    1
    Awesome... wow... that's retarded.
     
    1ad7, 17 Dec 2009
    #13
  14. airchie

    airchie What's a Dremel?

    Joined:
    22 Mar 2005
    Posts:
    2,136
    Likes Received:
    2
    That is some special skills right there...
     
    airchie, 18 Dec 2009
    #14
  15. sub routine

    sub routine Archie Gemel

    Joined:
    27 Sep 2007
    Posts:
    282
    Likes Received:
    2
    pfft no encryption,

    10 days to inform everyone.

    What a bunch of c*Nts
     
    sub routine, 18 Dec 2009
    #15
Tags: Add Tags

Share This Page