Did the website get hacked?
-
Hey, I’ll mention it to Bush
-
my went to website maint then i clicked refresh 2 days later and was back in here just fine. I just notice i do not see a chatbox option and i miss that. I am really not concered as far as the password goes as it only goes for a porn website lol so they can enjoy IF it was hacked lol :P
-
[quote name=“DARKANGEL6415” post=“54339” timestamp=“1390490499”]
my went to website maint then i clicked refresh 2 days later and was back in here just fine. I just notice i do not see a chatbox option and i miss that. I am really not concered as far as the password goes as it only goes for a porn website lol so they can enjoy IF it was hacked lol :P
[/quote]The website was hacked, the database is being sold online, no one has been forced to change their passwords, and the forum was downgraded because PHP makes security REALLY hard to do correctly.
Suffice to say, the news isn’t good.
-
[quote name=“Kevlar” post=“54341” timestamp=“1390490692”]
[quote author=DARKANGEL6415 link=topic=7028.msg54339#msg54339 date=1390490499]
my went to website maint then i clicked refresh 2 days later and was back in here just fine. I just notice i do not see a chatbox option and i miss that. I am really not concered as far as the password goes as it only goes for a porn website lol so they can enjoy IF it was hacked lol :P
[/quote]The website was hacked, the database is being sold online, no one has been forced to change their passwords, and the forum was downgraded because PHP makes security REALLY hard to do correctly.
Suffice to say, the news isn’t good.
[/quote]We have a Change Password thread http://forum.feathercoin.com/index.php/topic,7031.msg53495.html#msg53495
As far as I understand attackers can’t just log in using the database entries without bruteforcing the passwords.
-
as long as they wasn’t using md5 i think most of the password should be safe from decryption.
-
[quote name=“chrisj” post=“54348” timestamp=“1390492214”]
[quote author=Kevlar link=topic=7028.msg54341#msg54341 date=1390490692]
[quote author=DARKANGEL6415 link=topic=7028.msg54339#msg54339 date=1390490499]
my went to website maint then i clicked refresh 2 days later and was back in here just fine. I just notice i do not see a chatbox option and i miss that. I am really not concered as far as the password goes as it only goes for a porn website lol so they can enjoy IF it was hacked lol :P
[/quote]The website was hacked, the database is being sold online, no one has been forced to change their passwords, and the forum was downgraded because PHP makes security REALLY hard to do correctly.
Suffice to say, the news isn’t good.
[/quote]We have a Change Password thread http://forum.feathercoin.com/index.php/topic,7031.msg53495.html#msg53495
As far as I understand attackers can’t just log in using the database entries without bruteforcing the passwords.
[/quote]Since the database is now available offline, brute forcing can happen offline, in a distributed environment, unchecked. Weak passwords will crumble in seconds, stronger passwords will take a while, but ultimately all are vulnerable.
GPU Cracking makes this trivial.
For 8 characters of ASCII non-control characters, that’s 1,235,736,291,547,681 possibilities. On a CPU, doing a sha256() of that would take about 195 years. On a GPU, 3.4 days.
You know those GPU mining farms? What do you think they would be REALLY well suited for?
You want to really worry? Three words for you: salted rainbow tables.
-
lol
-
I just looked at the code… you know what the salt for the password is?
The username. It’s right there in the database. You know, the same one with your password in it.
-
Good job I changed my user name?
-
[quote name=“wrapper” post=“54476” timestamp=“1390518039”]
Good job I changed my user name?
[/quote]Well I…
Yes, actually. Since you did that, you don’t need to change your password. ???
-
[quote name=“chrisj” post=“53476” timestamp=“1390171722”]
I will find out what happened. It might just be a simple error or a DDoS, in which case there would be no cause for alarm.Also you should check out password managers, I use this one https://lastpass.com/
[/quote]Nice!
I use this one, it has primitive GUI, is slow as f*** but overall works pretty well:
[img]http://www.publicdomainpictures.net/pictures/20000/nahled/pencil-and-paper.jpg[/img]
