-
"If you don't like DNAS, write your own damn system"
So I did
-
how was I disrespectful to you before you told me to STFU (I didn't say you told me, admin did)Originally Posted by Third_of_Five View Post
so why were you told to change them?Originally Posted by Third_of_Five View Post
I'm the one that stole the databaseOriginally Posted by Third_of_Five View Post
useless to me because the passwords are encrypted
- or -
I know a lot more about this forum than johnny come seldoms
sorry, I said encrypted ... but 99% of n00bs wouldn't understand "hashed"code:
$password_hash = md5(md5($password_text) . $user_salt);"If you don't like DNAS, write your own damn system"
So I did
Comment
-
Waste of effort conversing with you as there seems some kind of language barrier, as you continually misinterpret plain English, which as Troll seems to be your primary language is probably not surprising.Originally Posted by jaromanda View PostComment
-
and yet, here you areOriginally Posted by Third_of_Five View Post
let me type it out SLOWLY for youOriginally Posted by Third_of_Five View Post
I never claimed you told me to STFU ... I was not rude or disrespectful to you until you basically told me to stop posting
not ONE admin/mod has corrected any points in any of my posts
why do you think that is?
because it's COMMON SENSE"If you don't like DNAS, write your own damn system"
So I did
Comment
-
ROFL
look at all the users in the control panel
hardly any are bitchin an moanin in this thread"If you don't like DNAS, write your own damn system"
So I did
Comment
-
-
yeah, because it takes HOURS to do thatOriginally Posted by labratofel View Post
"If you don't like DNAS, write your own damn system"
So I did
Comment
-
As I understand it, the MD5 hashes which *MAY* have also been taken in addition to the emails (as written in the security bulletin), could be used to generate a collision (ie. something which has the same hash) and that could be used to login to your Winamp Forums account.
The odds of the collision being your actual password are minimal so your password will most likely be safe on other sites unless they also use MD5 hashes, but to err on the side of caution we've all been advised to change passwords on other sites if it's the same. At the very (very) least your Winamp forum password should be changed.
Hope that helps anyone who's still a bit confused.Request: A little SmartView Query Language love.Comment
-
MD5 Rainbow tables.
Ask google about them.
Says it all really.Comment
-
I'll take "Common Sense on the Internet" for 400, please, AlexOriginally Posted by osmosis View Post"If you don't like DNAS, write your own damn system"
So I did
Comment
-
So, change your password ... rainbows and unicorns can't get you then!!Originally Posted by labratofel View Post
category 5 cyclone in a tea cup averted"If you don't like DNAS, write your own damn system"
So I did
Comment
-
Right, but was the salt compromised as well?Request: A little SmartView Query Language love.Comment
-
it's stored in the user tableOriginally Posted by osmosis View Post
so ... it's not AS secure as if the salt wasn't compromised
by the way ... I'd say if email addresses (stored in the user table) were compromised, hashed passwords and hash salts are also compromised
it's still a bit of work to retrieve A password (maybe not THE password), but far easier having the salt than without"If you don't like DNAS, write your own damn system"
So I did
Comment
-
I recently had to do a full round of password changes after a similar compromise at Gawker Media a few months ago. Now, back at stage one doing it over again... thanks, Winamp.
It is unreasonable to expect people to use a unique password for each and every website. I visit hundreds of websites, and I imagine the average person has a few dozen they regularly go to as well. I do use many passwords, but hundreds?
I would advise others here who don't want to use a separate PW for each site to use password 'sets', where you use 1 PW for a group of similar sites, and spread your PWs out amongst the most important sites you use (example: don't use your online banking PW as the same as your paypal or other very important site, to lessen any possible damage from a breach.)
Regardless, in this day and age it is suicide for a trusted site to not properly protect valuable data like this. I do so hope it doesn't happen again.Comment
-
read the terms of service, and privacy policy before blaming winampOriginally Posted by Zulithe View Post
sure, it may be unreasonable ... but winamp can't be held accountable for poor internet practices by usersOriginally Posted by Zulithe View Post
seriously? it was winamp forum that was compromised. the vulnerability is in the forum software = vBulletin.Originally Posted by Zulithe View Post
I can guarantee there are thousands of chinese and russian spotty teens working on hacking vbulletin one handed whilst I'm typing this
build a more secure forum, someone somewhere will hack it eventually
welcome to the internet, you must be new"If you don't like DNAS, write your own damn system"
So I did
Comment
Tweet
Comment