bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 16th Dec 2009, 14:30   #1
CardJoe
Freelance Journalist
bit-tech Staff
 
CardJoe's Avatar
 
Join Date: Apr 2007
Posts: 11,339
CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.
RockYou passwords stolen

http://www.bit-tech.net/news/bits/20...words-stolen/1
__________________
----------------

I was Bit-tech's Games Editor. Now I'm freelance. Find me at:

www.joemartinwords.com

@joethreepwood on Twitter
CardJoe is offline   Reply With Quote
Old 16th Dec 2009, 14:46   #2
mi1ez
Game Boy Modder
 
Join Date: Jun 2009
Location: Sydney, Australia
Posts: 1,146
mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!
These people sound like idiots, but I wonder how many other companies have databases that are similarly unsecure...

I'll bet it's more than we'd even like to think about!
__________________
The Angel Delights?
mi1ez is offline   Reply With Quote
Old 16th Dec 2009, 14:49   #3
proxess
Hypermodder
 
Join Date: Nov 2006
Location: Zeist, Netherlands
Posts: 975
proxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for president
Quote:
Originally Posted by mi1ez View Post
These people sound like idiots, but I wonder how many other companies have databases that are similarly unsecure...

I'll bet it's more than we'd even like to think about!
+1
__________________
Laptop: i7 4800MQ 2.7GHz (~3.7GHz); 2x 4GB Kingston HyperX Genesis 1600MHz; Nvidia 780M 4GB; Crucial M4 256GB SSD; Ubuntu 14.04 x64 and Windows 8.1 x64.
Ubuntu #8076 / Linux #429448
proxess is offline   Reply With Quote
Old 16th Dec 2009, 14:50   #4
NickCPC
Multimodder
 
Join Date: Apr 2009
Posts: 169
NickCPC is the Cheesecake. Relix smiles down upon them.NickCPC is the Cheesecake. Relix smiles down upon them.NickCPC is the Cheesecake. Relix smiles down upon them.NickCPC is the Cheesecake. Relix smiles down upon them.NickCPC is the Cheesecake. Relix smiles down upon them.NickCPC is the Cheesecake. Relix smiles down upon them.NickCPC is the Cheesecake. Relix smiles down upon them.NickCPC is the Cheesecake. Relix smiles down upon them.NickCPC is the Cheesecake. Relix smiles down upon them.NickCPC is the Cheesecake. Relix smiles down upon them.NickCPC is the Cheesecake. Relix smiles down upon them.
Most of their "gadgets" are rubbish anyway, I'm glad I don't use their "services".
NickCPC is offline   Reply With Quote
Old 16th Dec 2009, 15:07   #5
NuTech
Mod Master
 
NuTech's Avatar
 
Join Date: Mar 2002
Location: London
Posts: 2,222
NuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run Crysis
Why on earth would they store passwords in their database? That's as irresponsible as it gets.

This quote on their homepage made me laugh too -
Quote:
As you know, RockYou takes our users privacy very seriously. We take a lot of effort to protect user data from security breaches and attacks.
No, obviously we don't 'know'...
__________________
NuTech
NuTech is offline   Reply With Quote
Old 16th Dec 2009, 15:13   #6
BradShort
Familyman - Fraggin when allowed :P
 
BradShort's Avatar
 
Join Date: Apr 2009
Posts: 289
BradShort is the Cheesecake. Relix smiles down upon them.BradShort is the Cheesecake. Relix smiles down upon them.BradShort is the Cheesecake. Relix smiles down upon them.BradShort is the Cheesecake. Relix smiles down upon them.BradShort is the Cheesecake. Relix smiles down upon them.BradShort is the Cheesecake. Relix smiles down upon them.BradShort is the Cheesecake. Relix smiles down upon them.BradShort is the Cheesecake. Relix smiles down upon them.BradShort is the Cheesecake. Relix smiles down upon them.BradShort is the Cheesecake. Relix smiles down upon them.BradShort is the Cheesecake. Relix smiles down upon them.
no need to keep passwords, n00bs. If your data is that insecure i believe you should be able to sue.....
__________________
___
Bradshort - Steve
Antec 900 | 2500K @ 4.1 w/ Corsair H50 | HD7950 Gigabyte Windforce 3GB | 8GB | W8 X64 PRO | Samsung 22" | G19 | G700 | Oneplus One 64GB Sandstone
Twitter=Steam:BradShort
BradShort is offline   Reply With Quote
Old 16th Dec 2009, 16:35   #7
sear
Guest
 
Posts: n/a
This is why you keep your personal information off the Internet as much as you can. Nothing is safe or secure anymore.
  Reply With Quote
Old 16th Dec 2009, 16:42   #8
TomH
Bwahahahahaha
 
TomH's Avatar
 
Join Date: Nov 2002
Location: Manchester
Posts: 751
TomH has yet to learn the way of the Dremel
Quote:
Originally Posted by proxess
Quote:
Originally Posted by mi1ez View Post
These people sound like idiots, but I wonder how many other companies have databases that are similarly unsecure...

I'll bet it's more than we'd even like to think about!
+1
+2^9000
__________________
Blog: full of inspirational geekism. Maybe.
StaffsLUG: Linux users group, Staffordshire.
TomH is offline   Reply With Quote
Old 16th Dec 2009, 16:44   #9
Mr T
4 Left Into Long 3 Right
 
Mr T's Avatar
 
Join Date: Nov 2001
Location: Bradford
Posts: 1,742
Mr T has yet to learn the way of the Dremel
What kind of n00b stores passwords in plaintext >_<
__________________

Intel Core 2 Duo E6600 @ 3.4Ghz - 4Gb Corsair 6400C4 - Abit IP35 - 256mb nVidia 7900GS
Corsair HX 520w PSU - Pioneer DVR-212 DVD-RW - 74Gb Western Digital Raptor - 320Gb Seagate Barracuda 7200.10
Mr T is offline   Reply With Quote
Old 16th Dec 2009, 17:34   #10
mclean007
Officious Bystander
 
mclean007's Avatar
 
Join Date: May 2003
Location: Nodnol
Posts: 2,009
mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.
And that concludes lesson 101 in why you shouldn't rely on SSL alone to secure user data - just because the user session is secure from snooping doesn't mean someone can't extract the data from your database. At an absolute minimum, passwords should be irreversibly hashed before being entered into a database. Preferably use a salt with hmac (http://uk3.php.net/manual/en/function.hash-hmac.php) to prevent simple collision searches on hashed data. Hashing does increase database size (a typical password might be 8 chars, a typical hash is 128 or 160 bit, i.e. 32/40 hex chars or 27/22 base 64 chars) but that is a small price to pay, and the difference is unlikely to have substantial diskspace / performance implications unless we're talking about a database the size of Facebook's.

Also, encrypting everything isn't a bad idea (though usability / performance implications may make it impractical). Lastly, what clown left the backdoor open? It isn't hard to unescape every user passed parameter to guard against mySQL injection. http://uk3.php.net/manual/en/functio...ape-string.php
__________________
mclean007 is offline   Reply With Quote
Old 16th Dec 2009, 17:38   #11
mclean007
Officious Bystander
 
mclean007's Avatar
 
Join Date: May 2003
Location: Nodnol
Posts: 2,009
mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.
double post
__________________

Last edited by mclean007; 16th Dec 2009 at 17:39. Reason: double post
mclean007 is offline   Reply With Quote
Old 16th Dec 2009, 18:20   #12
bigsharn
Officially demotivated
 
bigsharn's Avatar
 
Join Date: May 2008
Location: bit-tech forums... usually
Posts: 2,603
bigsharn can run Crysisbigsharn can run Crysisbigsharn can run Crysisbigsharn can run Crysisbigsharn can run Crysisbigsharn can run Crysisbigsharn can run Crysisbigsharn can run Crysisbigsharn can run Crysis
I think I've got a Bebo with RockYou Horoscope on it from about 4 years ago with the name Bigsharn Macwartbutt and the address of the whitehouse... so I'm not worried
__________________
{Rolling on a 1990s Dawes Galaxy}
{Nikon D80, 18-55 f/3.5-5.6G and 50mm f/1.8}{Lomo Smena 8M}{Olympus OM10, 50mm f/1.8, 28mm f/2 and 135mm f/3.5}
bigsharn is offline   Reply With Quote
Old 17th Dec 2009, 06:31   #13
1ad7
Supermodder
 
Join Date: Feb 2008
Location: Texas, United States
Posts: 263
1ad7 has yet to learn the way of the Dremel
Awesome... wow... that's retarded.
__________________
i7 3930k @ 4.5ghz->ASUS Rampage IV->32gb OCZ quad channel->
2X6970 ->ASUS Xonar STX->Intel 180gb->
HAFX->XFX 1250->Three Dell 2409w In eyefinity
1ad7 is offline   Reply With Quote
Old 18th Dec 2009, 02:27   #14
airchie
Mod Master
 
airchie's Avatar
 
Join Date: Mar 2005
Location: London
Posts: 2,136
airchie has yet to learn the way of the Dremel
That is some special skills right there...
__________________
Laptop:C2D P8600 2.4GHz, 4GB, 9800GTS, 120GB SSD, 15" 1680x1050, Vista64
Projects: 1.2TB Fileserver housed in a cardboard box!|Retro HTPC for my GF.

Quote:
Originally Posted by astralwandrer
Being a legitimate customer of the games industry is increasingly like being in a relationship with an abusive spouse.
airchie is offline   Reply With Quote
Old 18th Dec 2009, 07:42   #15
sub routine
Archie Gemel
 
sub routine's Avatar
 
Join Date: Sep 2007
Posts: 282
sub routine is the Cheesecake. Relix smiles down upon them.sub routine is the Cheesecake. Relix smiles down upon them.sub routine is the Cheesecake. Relix smiles down upon them.sub routine is the Cheesecake. Relix smiles down upon them.sub routine is the Cheesecake. Relix smiles down upon them.sub routine is the Cheesecake. Relix smiles down upon them.sub routine is the Cheesecake. Relix smiles down upon them.sub routine is the Cheesecake. Relix smiles down upon them.sub routine is the Cheesecake. Relix smiles down upon them.sub routine is the Cheesecake. Relix smiles down upon them.sub routine is the Cheesecake. Relix smiles down upon them.
pfft no encryption,

10 days to inform everyone.

What a bunch of c*Nts
sub routine is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 06:44.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.