|
H5N1 posted:nothing will happen because nothing ever happens after data breaches like these. it'll be a year of free credit monitoring smh if you haven't been chaining useless spammy free credit monitoring for the past 5 years thanks to breaches.
|
#
?
Feb 7, 2015 03:03
|
|
|
|
| # ? Jun 7, 2024 02:53 |
|
|
Did they still not get the adobe password thing figured out? given all the approaches they can take and all the problems with the protection I'd have figured someone might have made progress.
|
|
#
?
Feb 7, 2015 03:31
|
|
|
EMILY BLUNTS posted:is the info on this site accurate at all?, because lol what am i looking @ here
|
|
#
?
Feb 7, 2015 04:14
|
|
|
EMILY BLUNTS posted:Did they still not get the adobe password thing figured out? given all the approaches they can take and all the problems with the protection I'd have figured someone might have made progress. Are you talking about the breach from a year ago or so? That was the one that finally got me off my rear end and get serious about my passwords (had a CS sub that got snagged).
|
|
#
?
Feb 7, 2015 04:15
|
|
|
fritz posted:what am i looking @ here quote:PHP 4.3.9 Do Not Resuscitate posted:Are you talking about the breach from a year ago or so? That was the one that finally got me off my rear end and get serious about my passwords (had a CS sub that got snagged). yeah
|
|
#
?
Feb 7, 2015 04:17
|
|
|
EMILY BLUNTS posted:yeah and Apache 2.0.52 (87% of sites use a newer version)
|
|
#
?
Feb 7, 2015 04:24
|
|
|
its also suggesting vkontakte is using php 3. 
|
|
#
?
Feb 7, 2015 04:27
|
|
|
EMILY BLUNTS posted:yeah As far as anyone knows the key to decrypt the passwords is unknown and as such we are unlikely to decrypt them anytime soon
|
|
#
?
Feb 7, 2015 05:36
|
|
|
didn't they encrypt them with ECB using a 64-bit block size?
|
|
#
?
Feb 7, 2015 05:37
|
|
|
vOv posted:didn't they encrypt them with ECB using a 64-bit block size? 3DES iirc
|
|
#
?
Feb 7, 2015 09:50
|
|
|
right yeah 3DES in ECB mode, and the hints leaked too didn't they? so you could basically play crosswords
|
|
#
?
Feb 7, 2015 10:02
|
|
|
vOv posted:right yeah 3DES in ECB mode, and the hints leaked too didn't they? so you could basically play crosswords that's right, and unsalted so you could just take all the ones with the same ciphertext and then one of them would have a real easy hint or just the drat password even and then you'd know all the others
|
|
#
?
Feb 7, 2015 10:05
|
|
|
wasn't it taht they may or may not be salted, but they are not different salts, if one was used.
|
|
#
?
Feb 7, 2015 10:09
|
|
|
EMILY BLUNTS posted:wasn't it taht they may or may not be salted, but they are not different salts, if one was used.
|
|
#
?
Feb 7, 2015 10:14
|
|
|
isn't salting usually done with concatenation? so in ECB mode it wouldn't necessarily make much of a difference unless they did some wacky xor thing but i'm p. sure people who use ECB 3DES aren't that smart
|
|
#
?
Feb 7, 2015 10:14
|
|
|
 7-YEAR OLD GIRL HACKS PUBLIC WI-FI IN LESS THAN 11 MINUTES I'm the IE
|
|
#
?
Feb 7, 2015 14:48
|
|
|
stay safe hotspot ghost
|
|
#
?
Feb 7, 2015 15:52
|
|
|
i'm the vga port
|
|
#
?
Feb 7, 2015 16:31
|
|
|
I'm the _NSAKEY that lurks in every non free/libre operating system
|
|
#
?
Feb 7, 2015 17:29
|
|
|
i'm the fact that not only can a child hack your wifi, but a female child can hack your wifi
|
|
#
?
Feb 7, 2015 17:30
|
|
|
infosec barbie's been a bad influence on that kid
|
|
#
?
Feb 7, 2015 18:23
|
|
|
quote:We set the challenge to IT-savvy primary school student Betsy Davies from Dulwich in South London, who was able to hack into a public Wi-Fi hotspot after she searched and watched a video tutorial online which explained how to hack a network. It took 7-year old Betsy just 10 minutes and 54 seconds to hack into a Wi-Fi hotspot. She then set up a Rogue Access Point which is often used by cybercriminals to trigger a ‘man in the middle’ attack allowing her to ‘sniff’ traffic. What part of this is hacking into an ap exactly, as opposed to reading the plaintext your computer shamefully serves up
|
|
#
?
Feb 7, 2015 18:29
|
|
|
Storysmith posted:What part of this is hacking into an ap exactly, as opposed to reading the plaintext your computer shamefully serves up The part that lets them say it was and clickbait, obviously.
|
|
#
?
Feb 7, 2015 18:41
|
|
|
I mean such a well-respected news outlet like hidemyass.com wouldn't just make poo poo up for attention would it???
|
|
#
?
Feb 7, 2015 18:42
|
|
|
Parallel Paraplegic posted:I mean such a well-respected news outlet like hidemyass.com wouldn't just make poo poo up for attention would it??? especially the part where what they made up made a perfect case for the primary product hide my rear end dot com sells
|
|
#
?
Feb 7, 2015 18:48
|
|
|
Storysmith posted:especially the part where what they made up made a perfect case for the primary product hide my rear end dot com sells LOADING CREDIT CARD_
|
|
#
?
Feb 7, 2015 20:20
|
|
|
FCKGW posted:"Now, every Visa card has a Bitcoin address" - SpendBT.com [Launching officially on Monday in Canada, live pre-release this weekend for feedback] (spendbt.com)
|
|
#
?
Feb 7, 2015 20:43
|
|
|
mark karpeles told us this was how you store cc details
|
|
#
?
Feb 7, 2015 20:50
|
|
|
|
|
#
?
Feb 7, 2015 21:20
|
|
|
noooooooo
|
|
#
?
Feb 7, 2015 21:42
|
|
|
they've seen the error of their ways thanks to reddit, they'll have it fixed on monday probably its in the wiki [–]bontchev 19 points 2 hours ago "we store the number in plain text" /facepalm Guys, I strongly recommend that you hire a computer security expert. No, I mean, a real one. Not like those that Target, or Anthem, or... had. [–]SpendBT 2 points 2 hours ago I suspect by the end of this feedback weekend, and before we launch, this will be solved. We totally understand the need for PCI Compliance, but hoped that a card number (primary account number) alone (no expiry, cvc, address, name etc etc) would render the data as valuable as a Public Key. From the comments here, Visa is still allowing charges to go through with just a PAN and an estimated expiry Thanks for the feedback this is what we wanted so keep it coming! Jamie SpendBT Team
|
|
#
?
Feb 7, 2015 23:16
|
|
|
holy poo poo, lol  says they're using some awful hashing function on the raw credit card number to get the keys
|
|
#
?
Feb 7, 2015 23:21
|
|
|
"we knew the numbers would get stolen if we kept them this way, but we figured that'd be fine because you also need a second set of far easier to get numbers"
|
|
#
?
Feb 7, 2015 23:42
|
|
|
Vicas posted:"we knew the numbers would get stolen if we kept them this way, but we figured that'd be fine because you also need a second set of far easier to get numbers" A month and a year is exactly like a cryptographic private key, that's the first thing you learn in cryptoclass 101
|
|
#
?
Feb 7, 2015 23:44
|
|
|
$100 says that after they add expiry date support, the entire system is going to break when your expiry changes on your card e: $key = md5($creditnumber . $expirydate) secure
|
|
#
?
Feb 8, 2015 00:47
|
|
|
Jewel posted:$100 says that after they add expiry date support, the entire system is going to break when your expiry changes on your card The only salt a bitcoiner needs is the kind that goes on their extra-large order of fries.
|
|
#
?
Feb 8, 2015 00:50
|
|
|
Parallel Paraplegic posted:The only salt a bitcoiner needs is the kind that goes on their extra-large order of fries.
|
|
#
?
Feb 8, 2015 02:36
|
|
|
Vicas posted:"we knew the numbers would get stolen if we kept them this way, but we figured that'd be fine because you also need a second set of far easier to get numbers" *puts in credit card number and cycles through next 48 months*
|
|
#
?
Feb 8, 2015 03:16
|
|
|
is there a way to send money to a canadian credit card with just the card number? sounds more like a scam than incompetence... afaik square cash only works with debit cards, and they use a hack where they register the payment as a "refund"
|
|
#
?
Feb 8, 2015 03:35
|
|
|
|
| # ? Jun 7, 2024 02:53 |
|
|
|
|
#
?
Feb 8, 2015 09:11
|
|