Twitter accounts hacked
-
Just read this: http://www.bbc.co.uk/news/technology-21304049[^] Now I know journalists get confused over techy matters. Surely, Twitter don't store passwords in a stealable form (ie. unhashed/unsalted)?? It amazes me that organisations I assume know what they're doing in terms of security allow this to happen. LinkedIn had a similiar thing recently. Whilst I'm at it, I assume CodeProject have done this properly?
Regards, Rob Philpott.
-
Just read this: http://www.bbc.co.uk/news/technology-21304049[^] Now I know journalists get confused over techy matters. Surely, Twitter don't store passwords in a stealable form (ie. unhashed/unsalted)?? It amazes me that organisations I assume know what they're doing in terms of security allow this to happen. LinkedIn had a similiar thing recently. Whilst I'm at it, I assume CodeProject have done this properly?
Regards, Rob Philpott.
Far, far to many people assume that either their data is "safe" because it is on their server, or that encrypting passwords on their server is a good idea. I think it is largely because the teachers don't have any real world experience so they don't mention it (or more likely don't know about it). The monthly example doesn't seem to sink in - "that doesn't apply to us" - any more than SQL Injection attacks do. :sigh: This is one reason why I use a new password for every system I go to - if any one is compromised, it can't allow access to any others. Of course, this means I can't remember any of them, so I have to have a password encrypted store of passwords... :laugh:
If you get an email telling you that you can catch Swine Flu from tinned pork then just delete it. It's Spam.
-
Far, far to many people assume that either their data is "safe" because it is on their server, or that encrypting passwords on their server is a good idea. I think it is largely because the teachers don't have any real world experience so they don't mention it (or more likely don't know about it). The monthly example doesn't seem to sink in - "that doesn't apply to us" - any more than SQL Injection attacks do. :sigh: This is one reason why I use a new password for every system I go to - if any one is compromised, it can't allow access to any others. Of course, this means I can't remember any of them, so I have to have a password encrypted store of passwords... :laugh:
If you get an email telling you that you can catch Swine Flu from tinned pork then just delete it. It's Spam.
-
Similar - but I wrote my own a few years back because I didn't like the interface! :laugh:
If you get an email telling you that you can catch Swine Flu from tinned pork then just delete it. It's Spam.
-
Similar - but I wrote my own a few years back because I didn't like the interface! :laugh:
If you get an email telling you that you can catch Swine Flu from tinned pork then just delete it. It's Spam.
That's okay. Sometimes you learn a lot about the processes involved when you hand-roll your own. I worked on a document management system and some documents (medical reports, that type of thing) required encryption. One of the company's preferred third-party suppliers of bespoke software quoted something like £5K to develop the assembly, thinking that only they knew how it could be done. My colleague and me chilled out at a coffee shop one lunchtime and we came up with a solution. We presented it to our boss and then to his and we put it together in about a week. Even though we left the company in mid-2009, a support mate whose still there, told me it's still doing its work and has never failed once. It cost the company £1000s to make us redundant back then but the £5K we saved being ripped off left a pleasant taste and it really pissed the salesman off. That'll teach the low-life excrement a lesson.
"I do not have to forgive my enemies, I have had them all shot." — Ramón Maria Narváez (1800-68). "I don't need to shoot my enemies, I don't have any." - Me (2012).
-
That's okay. Sometimes you learn a lot about the processes involved when you hand-roll your own. I worked on a document management system and some documents (medical reports, that type of thing) required encryption. One of the company's preferred third-party suppliers of bespoke software quoted something like £5K to develop the assembly, thinking that only they knew how it could be done. My colleague and me chilled out at a coffee shop one lunchtime and we came up with a solution. We presented it to our boss and then to his and we put it together in about a week. Even though we left the company in mid-2009, a support mate whose still there, told me it's still doing its work and has never failed once. It cost the company £1000s to make us redundant back then but the £5K we saved being ripped off left a pleasant taste and it really pissed the salesman off. That'll teach the low-life excrement a lesson.
"I do not have to forgive my enemies, I have had them all shot." — Ramón Maria Narváez (1800-68). "I don't need to shoot my enemies, I don't have any." - Me (2012).
Indeed. I wanted a "card based" interface, so I could store more than just passwords, so I have a tree structure of cards, and each card is made of rows:
Label Value
Within each card is a minor tree structure to allow things like:
Financial BRANCH
MBNA Bank CARD
Griff Card details
Card number nnnnnnn
Expiry nn/nn
Security code nnn
PIN nnnn
Michelle Card details
Card number nnnnnnn
Expiry nn/nn
Security code nnn
PIN nnnn
Login details
URL https://www.bankcardservices.co.uk/NASApp/NetAccessXX/WelcomeScreen?country=UK&language=en&group=AAAC
User name xxxx
Password xxxx
Site Key xxxxWith insert-able templates and such like so I can easily save website logins, bank / card / paypal and so forth. All encrypted with DES using .NET, with auto logout on timer, and so forth. It was easy to convert to a web version, but it may well get a re-write soon so I can share files and data across to my Android tablet. (When I get round to learning Java and Android, ho hum...) KeePass is good, and there is an Android version, but it just isn't set up for that kind of storage.
If you get an email telling you that you can catch Swine Flu from tinned pork then just delete it. It's Spam.
-
Just read this: http://www.bbc.co.uk/news/technology-21304049[^] Now I know journalists get confused over techy matters. Surely, Twitter don't store passwords in a stealable form (ie. unhashed/unsalted)?? It amazes me that organisations I assume know what they're doing in terms of security allow this to happen. LinkedIn had a similiar thing recently. Whilst I'm at it, I assume CodeProject have done this properly?
Regards, Rob Philpott.
There is a few things one has to get right:OWASP:Development Guide[^], and even then, security is a b**ch ...
Espen Harlinn Principal Architect, Software - Goodtech Projects & Services AS Projects promoting programming in "natural language" are intrinsically doomed to fail. Edsger W.Dijkstra
-
Just read this: http://www.bbc.co.uk/news/technology-21304049[^] Now I know journalists get confused over techy matters. Surely, Twitter don't store passwords in a stealable form (ie. unhashed/unsalted)?? It amazes me that organisations I assume know what they're doing in terms of security allow this to happen. LinkedIn had a similiar thing recently. Whilst I'm at it, I assume CodeProject have done this properly?
Regards, Rob Philpott.
Saw it on the morning news. They called an expert, whose advice was "Switch off java support" Some fruggin' expert. My advice would be "Don't use twatter". That wouldn't screw up every other site you visit.
I wanna be a eunuchs developer! Pass me a bread knife!
-
Just read this: http://www.bbc.co.uk/news/technology-21304049[^] Now I know journalists get confused over techy matters. Surely, Twitter don't store passwords in a stealable form (ie. unhashed/unsalted)?? It amazes me that organisations I assume know what they're doing in terms of security allow this to happen. LinkedIn had a similiar thing recently. Whilst I'm at it, I assume CodeProject have done this properly?
Regards, Rob Philpott.
Why for the love of all things holy would a recently founded web tech company of all things not understand about proper password storage? There is not a :doh: in the world large enough for storing retrievable passwords these days. Being hacked is unfortunate, but it can happen to anyone; every server relies on a whole stack of technology that you aren't in complete control of and you can't guarantee you are unhackable unless you create your own server stack, which is a big waste of money. But you need to ensure that personal information is protected even if you do get hacked, especially passwords which are often reused (because if we have 50 accounts in different places it is hard to remember 50 different ones and what you use them all for!).
-
Indeed. I wanted a "card based" interface, so I could store more than just passwords, so I have a tree structure of cards, and each card is made of rows:
Label Value
Within each card is a minor tree structure to allow things like:
Financial BRANCH
MBNA Bank CARD
Griff Card details
Card number nnnnnnn
Expiry nn/nn
Security code nnn
PIN nnnn
Michelle Card details
Card number nnnnnnn
Expiry nn/nn
Security code nnn
PIN nnnn
Login details
URL https://www.bankcardservices.co.uk/NASApp/NetAccessXX/WelcomeScreen?country=UK&language=en&group=AAAC
User name xxxx
Password xxxx
Site Key xxxxWith insert-able templates and such like so I can easily save website logins, bank / card / paypal and so forth. All encrypted with DES using .NET, with auto logout on timer, and so forth. It was easy to convert to a web version, but it may well get a re-write soon so I can share files and data across to my Android tablet. (When I get round to learning Java and Android, ho hum...) KeePass is good, and there is an Android version, but it just isn't set up for that kind of storage.
If you get an email telling you that you can catch Swine Flu from tinned pork then just delete it. It's Spam.
