Click HERE to learn more about classes Jim is teaching for SANS

Another month another password disclosure breach

Published: 2012-11-15. Last Updated: 2012-11-15 04:03:00 UTC
by Jim Clausing (Version: 1)
3 comment(s)

Adobe has revealed that apparently a password database from connectusers.com was compromised via a SQL injection attack.[1]   Ars Technica reports that the passwords were hashed using MD5 (not clear whether they were salted or not).[2]  Do we really need to remind you what constitutes a strong password and not to reuse them?

Some previous password diaries that might be of interest:

Potential leak of 6.5+ million LinkedIn password hashes

Critical Control 11: Account Monitoring and Control

Theoretical and Practical Password Entropy

An Impromptu Lesson on Passwords

Password Rules: Change them every 25 years (or when you know the target has been compromised)

References:

[1] https://blogs.adobe.com/adobeconnect/2012/11/connectusers-com-forum-outage-following-database-compromise.html

[2] http://arstechnica.com/security/2012/11/adobe-breach-reportedly-spills-easy-to-crack-password-hashes/

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Keywords: password disclosure
3 comment(s)
Click HERE to learn more about classes Jim is teaching for SANS

Comments

That might well explain the large number of messages claiming to be from LinkedIn which have evil attachments/links.

KBR

Nov 15th 2012
1 decade ago

Looks like they weren't salted. What year is this again? FAIL!

http://nakedsecurity.sophos.com/2012/11/15/cracked-passwords-from-alleged-egyptian-hacker-adobe-breachegyptian-hacker-allegedly-breached-adobe-leaked/

vidkun

Nov 15th 2012
1 decade ago

If a month goes by without a password dump being posted online, THEN it'll be news.

No Love.

Nov 19th 2012
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives