[Nottingham] Ubuntu Forums hacked
Martin
martin at ml1.co.uk
Mon Jul 22 12:54:09 UTC 2013
On 22/07/13 08:58, Jason Irwin wrote:
> In case you didn't know:
> http://arstechnica.com/security/2013/07/hack-exposes-e-mail-addresses-password-data-for-2-million-ubuntu-forum-users/
>
> Site is currently down, if you used the same password on other services
> then you should change that password *now*.
>
> To avoid the headache of trying to remember a bazillion passwords like
> "GjhDQ16!dfgeWYt$", KeePassX has a good reputation (I really need to
> switch to using it).
That brings to mind the very good advice from xkcd:
http://xkcd.com/936/
At least the passwords were encrypted but only with a "fast" encryption
that is easily brute-force attacked. Unfortunately, such use of such as
MD5 encryption is 'common practice' and will be for a long time yet...
Hence, do not repeat the same passphrase across multiple accounts...
Thanks for that,
Cheers,
Martin
--
- ------------------ - ----------------------------------------
- Martin Lomas - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- martin @ ml1 co uk - Import from hkp://subkeys.pgp.net or
- ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg
More information about the Nottingham
mailing list