ITsecurity
twitter facebook rss

I love Avast, but…

Posted by Kevin on March 21, 2016

Don’t get me wrong. I love Avast. I use Avast – well, the free version at least. Free software comes with a contract – it usually requires you to give up some or a lot of personal information. It’s your choice to accept or reject this contract. But it’s difficult for a security firm to […]

Avast, there, AV vendors …

Posted by Rob Slade on March 21, 2015

I noticed, recently, that some of my email was going out bearing the message: > This email has been checked for viruses by Avast antivirus software. > http://www.avast.com I use Avast, so I wasn’t too worried.  It’s (generally) a decent product, and has a “turn off temporarily” feature, even in the free version, which I […]

More on the Avast breach and the hash used

Posted by Kevin on May 29, 2014

My understanding is that the hash formula used by Avast to store its forum users’ passwords was $hash = sha1(strtolower($username) . $password); This is the formula built into the SMF open source forum software used by Avast. It is both good and bad. It confirms that the hash was salted (with the user’s username); but […]

Avast forum hack demonstrates we need password storage disclosure

Posted by Kevin on May 29, 2014

A blog post early this morning by Avast Software CEO Vince Steckler announced The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. AVAST forum offline due to attack Avast’s […]