[Cialug] Change your password on gawker sites

Josh More MoreJ at alliancetechnologies.net
Mon Dec 13 11:59:59 CST 2010


I've found, downloaded and analyzed the database.

First, read this for the technical stuff that I'll not be going into:  http://blogs.forbes.com/firewall/2010/12/13/the-lessons-of-gawkers-security-mess/

Nutshell version:  Gawker was arrogant and did not have the technical chops to back up their arrogance.  They got smacked, hard, and because of that other people's data is at risk.

The database dump contains a bunch of personal data about people that work at Gawker.  That's vendetta stuff that only impacts them, so I won't be getting into it.  The interesting stuff is in the database/ directory.  They have the following files:

dumb_passwords.txt - 2650 accounts with passwords like "password"
parsed_db.txt - 188281 accounts with weak passwords that were decrypted.
full_db.log - 1247893 accounts total.

(For those that like math, look at the orders of magnitude there.)

Now for the fun.  There are 279 people on this mailing list.  Of those people, seven of you are in listed in the Gawker dump... but two of you didn't store your passwords there.  (Logging in with Facebook, hmmm?)  The good news is that none of you showed up on the dumb password list.  The bad news is that three of you were using easily brute-forced passwords and your passwords are in the clear.

I'll be contacting you three separately.  :)

Josh More | Senior Security Consultant - CISSP, GIAC-GSLC, GIAC-GCIH
Alliance Technologies | www.AllianceTechnologies.net<http://www.alliancetechnologies.net>
400 Locust St., Suite 840 | Des Moines, IA 50309
515.245.7701 | 888.387.5670 x7701

Santa is Secure.  Are you?
http://www.alliancetechnologies.net/security/santa-2010

How are we doing? Let us know here:
http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
________________________________
From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Josh More
Sent: Monday, December 13, 2010 10:57
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] Change your password on gawker sites

You can check if your account was compromised here:  http://www.google.com/fusiontables/DataSource?dsrcid=350662

Just do a search on the MD5 of your email address, instructions are in the right column of the spreadsheet.

I'm still looking for the raw dump of the stolen data so I can analyze it.

Josh More | Senior Security Consultant - CISSP, GIAC-GSLC, GIAC-GCIH
Alliance Technologies | www.AllianceTechnologies.net<http://www.alliancetechnologies.net>
400 Locust St., Suite 840 | Des Moines, IA 50309
515.245.7701 | 888.387.5670 x7701

Santa is Secure.  Are you?
http://www.alliancetechnologies.net/security/santa-2010

How are we doing? Let us know here:
http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
________________________________
From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Matthew Nuzum [newz at bearfruit.org]
Sent: Monday, December 13, 2010 09:13
To: Central Iowa Linux Users Group
Subject: [Cialug] Change your password on gawker sites

Hi, if you use lifehacker, gizmodo or one of the other gawker websites your password may have been compromised (along with 1.5M others)

While initially denying the attack, Gawker has issued an apology to its users on all of its sites, urging them to change their passwords because of the attack. [1] If you have ever commented on any of the Gawker sites, we recommend that you go and change your password.

http://www.digitaltrends.com/computing/gawker-hacked-1-5-million-accounts-compromised/


[1] http://lifehacker.com/5712785/


1) How do I know if my password was hacked?
If you've registered an account on any Gawker Media web site (that includes Gawker, Gizmodo, Jalopnik, Jezebel, Kotaku, Lifehacker, Deadspin, io9, or Fleshbot), and you didn't log in using Facebook Connect, then it's best to assume that your username and password were included among the leaked data.

Passwords in our database are encrypted (i.e., not stored in plain text), but they're still potentially vulnerable to hackers. You should immediately change the password on your account, and if you used that password on any other web site, you should change your passwords on all of those accounts<http://lifehacker.com/5712785/#4> as well.

2) What if I logged in using Facebook Connect? Was my password compromised?
No. We never stored passwords of users who logged in using Facebook Connect.

--
Matthew Nuzum
newz2000 on freenode, skype, linkedin, identi.ca<http://identi.ca> and twitter

"An investment in knowledge pays the best interest." -Benjamin Franklin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20101213/940e6073/attachment.htm 


More information about the Cialug mailing list