EPTGOMTV.net compromised - Page 21
| Forum Index > SC2 General |
|
Probe1
United States17920 Posts
| ||
|
et
Switzerland367 Posts
On August 13 2011 09:38 Lorizean wrote: I really don't understand how somebody can write a website that stores passwords as plain text. It's not like it's hard to encrypt it. It's not that hard to do better than plaintext, but simple hashing (with or without salt) isn't enough anymore. Too many people have bruteforce password cracking devices (commonly called graphic cards) nowadays, so you should do something like Key Stretching to delay that, and that is something you rarely see done. On August 13 2011 09:38 Lorizean wrote: Also, does anybody know if GOM saves some kind of password-change history? I have used another password (which I use for other purposes too) a while back, could the crackers have had access to that? There is a simple guideline: If you don't know, assume the passwords are comprimised. The hole in the page isn't likely to be new, so there could be lots of people with access to the database from lots of dates in the past, there is no need for a "history" database. Your passwords should be considered compromised. | ||
|
Incanus
Canada695 Posts
| ||
|
jcarlson08
United States267 Posts
| ||
|
Integra
Sweden5626 Posts
On August 13 2011 09:38 Lorizean wrote: I really don't understand how somebody can write a website that stores passwords as plain text. It's not like it's hard to encrypt it. Also, does anybody know if GOM saves some kind of password-change history? I have used another password (which I use for other purposes too) a while back, could the crackers have had access to that? I dobut they have a history of earlier passwords, nothing on the page suggests that it exists, what would even be purpose of that, it makes no sense to have one. There is however a chance that the hacker got access to a admin password, That way he could access the database backup rollback function (if such is supported by the table being used). That way he could simply rollback the database to a earlier datapoint and get any previous password you had before you changed it. It's prolly pretty safe though if you changed your password. Not much else you can do anyway. User was warned for this post | ||
|
Pondo
Australia283 Posts
| ||
|
Kon_Artis
United States6 Posts
What if my gom password was different to all my other passwords but only by one character? :S Same thing with me for some of my passwords. I decided to just change everything to make sure it is safe. It only took me 5 minutes to change 3 passwords. | ||
|
grobo
Japan6199 Posts
On August 13 2011 09:59 Pondo wrote: What if my gom password was different to all my other passwords but only by one character? :S Well, for all he knows the difference could be 2903724 different characters or numbers, it won't do him any good. | ||
|
genius_man16
United States749 Posts
Thanks for the info though, changing my password asap... | ||
|
Sanguinarius
United States3427 Posts
:-( At least my gom password is only for that site. | ||
|
DanielxD
Peru52 Posts
ty R1CH | ||
|
ReaperX
Hong Kong1758 Posts
least i use fb to connect  | ||
|
Lmui
Canada6223 Posts
| ||
|
The KY
United Kingdom6252 Posts
| ||
|
mikell
Australia352 Posts
| ||
|
Mawi
Sweden4365 Posts
| ||
|
GreatestThreat
United States631 Posts
| ||
|
Disquiet
Australia628 Posts
| ||
|
stevarius
United States1394 Posts
I just got a password recovery email on my gomtv email. It's a legit WoW website link.... funny part is there was only a WoW trial on said email account. I kept my WoW account and Master's sc2 account on a different email.... *sigh* Good job GOMTV. Now I'm going to be sent spam emails on top of legitimate emails of people trying to get into my email account with the legitimate recovery method. Oh, I'm also lucky that said email password is significantly different than the one I use for GOM. Thank you R1CH for suggesting KeePass in recent history. | ||
|
Voltaire
United States1485 Posts
| ||
| ||
