ITsecurity
twitter facebook rss

Pass the password, please

Posted by Kevin on April 26, 2015

We are told to use strong passwords – a long and random mix of uppercase, lowercase, numbers, punctuation and special characters. The reason is to make them difficult to crack. Well, that’s only half true. A password is a password is a password. It doesn’t need to be cracked. It’s what it is – it’s […]

More on the Avast breach and the hash used

Posted by Kevin on May 29, 2014

My understanding is that the hash formula used by Avast to store its forum users’ passwords was $hash = sha1(strtolower($username) . $password); This is the formula built into the SMF open source forum software used by Avast. It is both good and bad. It confirms that the hash was salted (with the user’s username); but […]

Avast forum hack demonstrates we need password storage disclosure

Posted by Kevin on May 29, 2014

A blog post early this morning by Avast Software CEO Vince Steckler announced The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. AVAST forum offline due to attack Avast’s […]

The eBay hack, the loss of 140 million records, and the PR fiasco

Posted by Kevin on May 24, 2014

There are two functions to PR: the first is to shout the good news from the hilltops, while the second is to bury the bad. When bad news hits, PR says very little. Bad news has hit eBay. It admitted Wednesday that it had been hacked – but it actually gives very little information. This […]