>> They used this access to download the ‘user’ table which
>> contained usernames, email addresses and salted and hashed
>> (using md5) passwords for 1.82 million users.
Somewhere, oclHashcat makes room temperature rise.
What I find most sobering about this is that it sounds like were it not for the defacement 6 days after the hack, no one would ever have been any the wiser.
I know that DB-level and web-server-level intrusion detection systems exist - can the HN community comment on what might have detected this particular attack (even if only after-the-fact?).
Later in the page (in the "Hardening" section), they mention that they've switched the forums to use Ubuntu SSO for authentication, instead of needing to store forum passwords.
I always suspected forums that don't have read-only or static mode would prove to be a bad choice as knowledge repository. Google queries returned a lot of ubuntuforums links for many ubuntu problems I encountered or random googling I did these past few days.
9 comments
[ 1.9 ms ] story [ 29.8 ms ] threadI know that DB-level and web-server-level intrusion detection systems exist - can the HN community comment on what might have detected this particular attack (even if only after-the-fact?).
Terrible. Why even allow this. A terrible, horrible cludgy hack.