Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Another month another password disclosure breach - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another month another password disclosure breach

Adobe has revealed that apparently a password database from connectusers.com was compromised via a SQL injection attack.[1]   Ars Technica reports that the passwords were hashed using MD5 (not clear whether they were salted or not).[2]  Do we really need to remind you what constitutes a strong password and not to reuse them?

Some previous password diaries that might be of interest:

Potential leak of 6.5+ million LinkedIn password hashes

Critical Control 11: Account Monitoring and Control

Theoretical and Practical Password Entropy

An Impromptu Lesson on Passwords

Password Rules: Change them every 25 years (or when you know the target has been compromised)

References:

[1] https://blogs.adobe.com/adobeconnect/2012/11/connectusers-com-forum-outage-following-database-compromise.html

[2] http://arstechnica.com/security/2012/11/adobe-breach-reportedly-spills-easy-to-crack-password-hashes/

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Jim

402 Posts
ISC Handler
That might well explain the large number of messages claiming to be from LinkedIn which have evil attachments/links.
KBR

63 Posts
Looks like they weren't salted. What year is this again? FAIL!

http://nakedsecurity.sophos.com/2012/11/15/cracked-passwords-from-alleged-egyptian-hacker-adobe-breachegyptian-hacker-allegedly-breached-adobe-leaked/

KBR
1 Posts
If a month goes by without a password dump being posted online, THEN it'll be news.
No Love.

37 Posts

Sign Up for Free or Log In to start participating in the conversation!