[Wolves] Ubuntu Forums "There has been a security breach" ??
Dave Morley
davmor2 at davmor2.co.uk
Mon Jul 22 10:45:28 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21/07/13 18:13, Chris Ellis wrote:
> On Sun, Jul 21, 2013 at 10:04 AM, Andy D'Arcy Jewell
> <andy at wild-flower.co.uk <mailto:andy at wild-flower.co.uk>> wrote:
>
> Looks like they didn't employ Mr Morley's testing skillz to the
> forum...
>
> http://ubuntuforums.org/__announce.html
> <http://ubuntuforums.org/announce.html>
>
>
> Unfortunately 'salted hashes' provide minimal protection to modern
> brute forcing, using fast hash algorithms to store passwords is
> weak. Lets hope they move to BCrypt if they weren't already using
> it.
>
>
>
> (Not that he hasn't got enough to do, like).
>
No I don't test Forums, AIUI forums was meant to migrate to SSO ages
ago but I think it stopped being pursued as there was no plugin.
We'll have to see if this helps promote Discourse as an alternative.
Who knows.
- --
You make it, I'll break it!
I love my job :)
http://www.ubuntu.com
http://www.canonical.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlHtDT0ACgkQT5xqyT+h3Oi5RQCfXiXdYZv29bLqdJD4cVJx/qKd
h+QAoKjyI8JB9QbqmiRDDv7M0Mtx4/cP
=trNp
-----END PGP SIGNATURE-----
More information about the Wolves
mailing list