Another month another password disclosure breach
Adobe has revealed that apparently a password database from connectusers.com was compromised via a SQL injection attack.[1] Ars Technica reports that the passwords were hashed using MD5 (not clear whether they were salted or not).[2] Do we really need to remind you what constitutes a strong password and not to reuse them?
Some previous password diaries that might be of interest:
Potential leak of 6.5+ million LinkedIn password hashes
Critical Control 11: Account Monitoring and Control
Theoretical and Practical Password Entropy
An Impromptu Lesson on Passwords
Password Rules: Change them every 25 years (or when you know the target has been compromised)
References:
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
LINUX Incident Response and Threat Hunting | Online | Japan Standard Time | Oct 21st - Oct 26th 2024 |
Comments
KBR
Nov 15th 2012
1 decade ago
http://nakedsecurity.sophos.com/2012/11/15/cracked-passwords-from-alleged-egyptian-hacker-adobe-breachegyptian-hacker-allegedly-breached-adobe-leaked/
vidkun
Nov 15th 2012
1 decade ago
No Love.
Nov 19th 2012
1 decade ago