GrumpyLinuxGeek Blog

My ramblings on topics I'm interested in.

I've been using computers since the PC was first released.

I decided to learn about networking computers over 15 years ago and found Linux was the best and cheapest way to go.

I have a particularly interest in web application security.

Latest:

JS 2013-04-13 18:43 Breakins - Lack of information

There have been a number of high profile web sites that have had user login details stolen. LinkedIn being one, Blizzard and Gamigo being others.

The technical press have rightly moaned about the pitifull way that LinkedIn stored the passwords, but there has  been little information about how the cracks actually happened.

Once a site has been cracked and the passwords obtained it is only a matter of time before your clear text password is recovered from the encrypted version.

There are some steps you can take:

  1. Make sure you don't reuse passwords
  2. Make your password  long and complicated 

If your password is long enough they may just give up on your password and go on to the next one!

These steps can be made simpler to implement if you use a Password Crypt that provides tools to help you.

However I would like to know how these sites were cracked. Unless the weaknesses or vulnerabilities are disclosed, how do we know that they have been fixed, and how do we avoid falling in to the same trap when developing other sites.

So come on guys - you tech reporters - lets have some facts. 

If you would like to comment you will need to log-in and promise to play nice. Send an email to grumpylinuxgeek at yahoo.co.uk

 
Copyright 2013 GrumpyLinuxGeek