Think it's time...

Started by Technical Ben, Jun 26, 2012, 11:31:53

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Technical Ben

To use one of those automated email + password programs that gives you very strong and scrambled details for logging into forums.

http://www.theregister.co.uk/2012/06/26/techradar_data_breach/

:slap:
I use to have a signature, then it all changed to chip and pin.

Simon

Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

armadillo

I don't think strong passwords would help, Ben. The hack was most likely a SQL injection, so they simply got access to the entire user database. The article said that encryption was not an obstacle. The only solution is for forum techs to proof the code against SQL injection. SQL injection can exploit forum search features, not just login boxes.

gizmo71

Quote from: armadillo on Jun 26, 2012, 12:00:44
I don't think strong passwords would help, Ben. The hack was most likely a SQL injection, so they simply got access to the entire user database. The article said that encryption was not an obstacle.

The encryption of those passwords is still a vital obstacle to actually cracking the passwords themselves - crucial if you use the same password in lots of places (in which case it really needs to be a strong password).
SimRacing.org.uk Director General | Team Shark Online Racing - on the podium since 1993
Up the Mariners!

Technical Ben

Quote from: armadillo on Jun 26, 2012, 12:00:44
I don't think strong passwords would help, Ben. The hack was most likely a SQL injection, so they simply got access to the entire user database. The article said that encryption was not an obstacle. The only solution is for forum techs to proof the code against SQL injection. SQL injection can exploit forum search features, not just login boxes.

Oh, true, I just mean as in site specific and automatically managed. As managing it by head, and having hundreds of different forum logins is a pain...
I use to have a signature, then it all changed to chip and pin.

armadillo

Quote from: gizmo71 on Jun 26, 2012, 12:16:29
The encryption of those passwords is still a vital obstacle to actually cracking the passwords themselves - crucial if you use the same password in lots of places (in which case it really needs to be a strong password).

Yes, certainly. I do make sure passwords and logins are unique. But that does mean they all have to be written down since I have at least 50 of them. The silliest one I ever had was allocated by a vendor I bought some software from. The password to download from their site was about 500 characters long and contained punctuations, upper and lower case letters and numbers. I doubt anyone could have memorised it :)

Technical Ben

500 chars? Usually some of it is the actual login page address, but 500 chars? Or was it a 256bit key?  :laugh:
I use to have a signature, then it all changed to chip and pin.

nowster

Or use Firefox plugin "password hasher"?

armadillo

Sorry Ben. I wasn't clear. It was indeed 500 charas but it was the "activation key". You entered it in the activation box within the software to activate your licence! Perhaps their £10 measly software had been pirated one too many times. I forget now even what software it was. All I remember about it was its impossible activation key.