PLAIN TEXT. Oh man. A bunch of hashes to feed to some rainbow tables is bad enough, but seriously plaintext ?!?!?!?

I guess it is time to change my "I don't really care about it password" on a bunch of sites then, and leave it the same on GOM until I'm happy they have cleaned up whatever bug they had that exposed the information, and if someone wants to freeload of my account in the meantime, well, GOM kinda deserve it.

werynais

Germany1780 Posts

August 12 2011 18:58 GMT

#122

On August 13 2011 03:52 Hurricane Sponge wrote:
This crap is exactly why I prefer finding the 'illegal' user re-streams of the GOM events instead of downloading their precious little player. Ridiculous that TL bans people for posting streams of the events when GOM has zero countermeasures to protect account information in place.

If you have problems with your brain please see your doctor!

RenardDesMers

France76 Posts

August 12 2011 18:58 GMT

#123

Strange GOMTV didn't provide information to its users.
The exploit might be still active, that could be why they don't want to communicate about it
If it's not, every minute they wait is a minute a hacker can use to access a website with the password he retrieved.

Nerski

United States1095 Posts

August 12 2011 18:58 GMT

#124

this is pretty silly that gom was storing the passwords in unencrypted methods. You would think a company that runs TV stations would have better security on a website taking money then that.

Wipples

Canada269 Posts

August 12 2011 18:58 GMT

#125

I have a GOM account but I could never remember the password so i always signed in with twitter

So I should be safe, but just in case ima change the password anyway.

rasnj

United States1959 Posts

August 12 2011 18:59 GMT

#126

On August 13 2011 03:56 adbrl wrote:
Anyone knows when exactly GomTV was hacked, since i changed my PW yesterday to something i never used before, so hopefully it was after this.

I can't believe after everything happening at the moment regarding hacking etc. companies still store passwords in plain text...this should really be illegal by now!

I doubt it's possible to confirm when this first happened. Even if the ones who publicized this did it recently others may have downloaded the whole db months ago and just be waiting for a buyer (to spam mails for instance which is likely the most real risk).

LegionUK

United Kingdom11 Posts

August 12 2011 19:00 GMT

#127

I've never trusted things like Keep Pass, would people actually recommend it?

Redmark

Canada2129 Posts

August 12 2011 19:02 GMT

#128

On August 13 2011 04:00 LegionUK wrote:
I've never trusted things like Keep Pass, would people actually recommend it?

Rich recommended it before.

Baarn

United States2702 Posts

August 12 2011 19:02 GMT

#129

Mr. Chae if you are following this thread use hash from now on. It's easy to setup and you would avert any future embarrassment. This also applies to any budding website developers.

wei2coolman

United States60033 Posts

August 12 2011 19:03 GMT

#130

Did no one learn from Sony's mistake?!!!!?!?!?!?!?!?!?!

LegionUK

United Kingdom11 Posts

August 12 2011 19:03 GMT

#131

On August 13 2011 04:02 Redmark wrote:

Show nested quote +

Rich recommended it before.

Yeah I saw that, just wondered if anyone else has any experience using it though.

Fionn

United States23455 Posts

August 12 2011 19:03 GMT

#132

Luckily that I just use 10minute email and random numbers for whenever I use GOM or any site that requires information.

Hurricane Sponge

868 Posts

August 12 2011 19:03 GMT

#133

On August 13 2011 03:56 JinDesu wrote:

Show nested quote +

Of course. You knew that GOM had zero countermeasures in place before this so that is exactly why you watch illegal restreams. Brilliant argument here.

I had my suspicions, and it looks like I was right. Just because I'm paranoid doesn't mean they're NOT all out to get me.

mav451

United States1596 Posts

August 12 2011 19:04 GMT

#134

I believe the term is "losing face". Translate to language of choice

ChowChillaCharlie

Sweden677 Posts

August 12 2011 19:04 GMT

#135

I can't remember my password nor what i used as a nick, so now i can't even get a mail sent to me with my information...

Infinity Gaming

United States44 Posts

August 12 2011 19:05 GMT

#136

I just sent out about 3000 emails to anyone registered on the Infinity Sites to help spread the word.

Assirra

Belgium4169 Posts

August 12 2011 19:05 GMT

#137

On August 13 2011 03:43 Jank wrote:

Show nested quote +

It's really not surprising. I'm working on my computer science bachelors right now and security is barely ever touched upon. A class that covers databases never even bothered telling students to use prepared statements. I know several of my classmates turned in projects that were completely vulnerable to SQL injection. I doubt half of my classmates know what salting a hash means rofl.

Seriously? i followed a course CCNA (network) and i don't know how much security got drilled into our heads. It went to the point where at least 1/4th of the whole thing was about all possible security methods.

FliedLice

Germany7494 Posts

August 12 2011 19:05 GMT

#138

Good thing I started using KeyPass just earlier this week because I had like 25 failed login attempts on my e-mail account...

Kamikiri

United States1319 Posts

August 12 2011 19:07 GMT

#139

Well this is lovely, taught me a lesson I used the same email and password i used to sign in with gomtv as my msn email which got hacked today, could just be coincidence but meh.

Jank

United States308 Posts

August 12 2011 19:09 GMT

#140

On August 13 2011 04:05 Assirra wrote:

Show nested quote +

Well a course for a cisco cert is a lot more likely to focus on security. Computer science is more theory and math and less practical shit. The problem is the majority of students graduating with a cs degree will go into software development where they will plague the world with their incompetence.