GOMTV.net compromised - Page 5
Forum Index > SC2 General |
Bleak
Turkey3059 Posts
| ||
Chaosvuistje
Netherlands2581 Posts
Come on... why does EVERY website out there seem to be made by a complete security noob! This is first grade database protection people =.= . Sigh... | ||
Crying
Bulgaria778 Posts
I already resetted password and got new but there is one but If GOMTV got SQL'd and database was exported than its pretty fucked up..alot of accounts will be compromised if GOM doesnt fill the gap right now.. | ||
nicknt
185 Posts
| ||
Karakaxe
Sweden585 Posts
| ||
Grettin
42379 Posts
| ||
zeru
8156 Posts
| ||
StimiLant
United States534 Posts
| ||
Jank
United States308 Posts
On August 13 2011 03:41 Chaosvuistje wrote: God damnit, plain text? Come on... why does EVERY website out there seem to be made by a complete security noob! This is first grade database protection people =.= . Sigh... It's really not surprising. I'm working on my computer science bachelors right now and security is barely ever touched upon. A class that covers databases never even bothered telling students to use prepared statements. I know several of my classmates turned in projects that were completely vulnerable to SQL injection. I doubt half of my classmates know what salting a hash means rofl. | ||
Crying
Bulgaria778 Posts
On August 13 2011 03:43 Jank wrote: It's really not surprising. I'm working on my computer science bachelors right now and security is barely ever touched upon. A class that covers databases never even bothered telling students to use prepared statements. I know several of my classmates turned in projects that were completely vulnerable to SQL injection. I doubt half of my classmates know what salting a hash means rofl. O god ,that seems like bad teachers??Salting isnt the only security proof method used. SHA-1 256/512 even an MD5 can take months to crack. And MD5 salted the salt can be isolated ,and thus negated. | ||
Phenny
Australia1435 Posts
| ||
ClysmiC
United States2192 Posts
| ||
Shield
Bulgaria4824 Posts
| ||
Chaosvuistje
Netherlands2581 Posts
On August 13 2011 03:43 Jank wrote: It's really not surprising. I'm working on my computer science bachelors right now and security is barely ever touched upon. A class that covers databases never even bothered telling students to use prepared statements. I know several of my classmates turned in projects that were completely vulnerable to SQL injection. I doubt half of my classmates know what salting a hash means rofl. Which is why I have a big hatred towards IT people. Too many times have I encountered someone with a degree that has absolutely no knowledge of SQL injections or hashes. Too many a times have I been lied to that everything is optimized for speed and all that jazz when all they are doing is tying strings together until the thing starts falling apart. It' s depressing to be someone in the designing industry to have more knowledge of security than some of the people that are actually supposed to know that sort of thing... | ||
JohnnyYen
United States313 Posts
Saved me from worrying about PSN info getting lost, and not my standard password is going to be changed. Thank you thank you thank you. | ||
FairForever
Canada2392 Posts
On August 13 2011 03:43 zeru wrote: I doubt they are trying anything else than just getting paypal accounts from it by using the same email and pw's to log in, on top of that the emails themselves too. Dont think they care enough about the actual GOM accounts. Maybe they really really just wanted to watch the HQ GSL and GSTL streams =P This sucks though............ | ||
Jojo131
Brazil1631 Posts
Also really glad I have different passwords for GOMtv and my actual e-mail. Still, worth making sure that nothing happened. | ||
Termit
Sweden3466 Posts
| ||
rasnj
United States1959 Posts
On August 13 2011 03:41 Crying wrote: I don't know even if we reset password will we be fine I already resetted password and got new but there is one but If GOMTV got SQL'd and database was exported than its pretty fucked up..alot of accounts will be compromised if GOM doesnt fill the gap right now.. Every account is already compromised. As you say someone may have exported their whole user database and no matter how quick GOM acts they can't do much about that. If anyone did use their gomtv password for anything else important they need to change the password to those other things, and in particular if their email account has the same password. Changing your gom password will not necessarily do anything as someone may have your old password on file, and someone said the exploit still works. Storing passwords in plaintext is obviously stupid, but given how badly designed many sites are people experienced with the Internet should have learned rudimentary protective measures (ideally unique passwords via an app like KeePass, but at least unique password for mail and financial management). On August 13 2011 03:45 Phenny wrote: God damnit I like to use the same few pwords for everything because there's too many different sites to keep track of any more, then shit like this happens and I run out As R1CH recommended try using an application like KeePass. You remember one master password that you DO NOT use for anything else, then have it generate complicated unique passwords for all sites. Personally I also regularly write down a hard copy of my passwords in case of HD failure. | ||
HTODethklok
United States221 Posts
On August 13 2011 03:32 ZidaneTribal wrote: lol that must have took a lot of work. how do u change all ur passwords so quickly Opened up all accounts that use the same password as My gom account in different tabs in my browser then go through and change the passwords one at a time. Plus using CTRL+F to find the word Password on each web page helps find the change your password selection. | ||
| ||