HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 50 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Incident Responsearrow Sony hack reveals password security is even worse than feared
EH-Net
May 19, 2013, 11:46:41 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Sony hack reveals password security is even worse than feared  (Read 5903 times)
0 Members and 1 Guest are viewing this topic.
geekyone
Full Member
***
Offline Offline

Posts: 180



View Profile
« on: June 08, 2011, 06:33:12 AM »
From The Register: Sony hack reveals password security is even worse than feared

Quote
A million Sony users' password/username IDs and 250,000 Gawker login credentials, each stored in plain text, were exposed via separate hacks.

Quote
Four in five of the passwords in the 37,608 account sample from the Sony hack actually only occurred once. But users are independently making poor passwords choices, Hunt reports. Around 36 per cent of the passwords used appeared in a password dictionary, a factor that would leave them wide open to brute-forcing attacks in instances where the same passwords were used and only a password hash database was exposed by a hack. Hunt reckons more than four in five (82 per cent) of the passwords would have fallen to a basic rainbow table crack.

Maybe it is just me but I think the fact that two companies, who should be using adequate security controls, stored passwords in plain text is a much more important trend then identifying that internet users use insecure passwords on sites without sensitive data.

I mean really the researcher says that 82% of the passwords would fall to a basic rainbow attack, except that the reality of the situation is the hackers didn't have to use a rainbow attack because the companies didn't bother to hash the passwords.

Anyway /rant.
Logged
CISSP, CEH, GPEN, GCIH, GCFA
lorddicranius
Sr. Member
****
Offline Offline

Posts: 447



View Profile WWW
« Reply #1 on: June 08, 2011, 11:41:39 AM »
The companies: they need to take measures to hash/encrypt the passwords stored on their systems.  I find it extremely disturbing that any company, let alone a company as giant and public as Sony, stores their passwords in plain text.  It's 2011 - I thought we were past this.

The users: they still aren't grasping the concept of the need to use stronger passwords and the importance of not using the same passwords across multiple systems.

While the companies storing passwords in plain text is more disturbing, I don't think it should take away from the importance of the users part in all of this.
« Last Edit: June 08, 2011, 11:52:11 AM by lorddicranius » Logged
GSEC, eCPPT, Sec+
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.059 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.