All Things Techie With Huge, Unstructured, Intuitive Leaps
Showing posts with label nokia website hacked. Show all posts
Showing posts with label nokia website hacked. Show all posts

How To Crack Passwords

I was reading yesterday how 450,000 passwords on Yahoo were cracked. First LinkedIn and now Yahoo. Obviously a lot of people don't take a lot of precautions when choosing their passwords.

I was particularly intrigued by the numbers. Of the 450,000 passwords, close to a half a million, there were 2,925 instances of "12345" being used for the password. That's 3,000 users who had a guessable password. If I ever became a hacker, and wanted to get into someone's account, I would try 12345 as a password.

But there are other choices. As we saw with the LinkedIn crack, a viable percentage used 'linkedin' as the password. In other words, they use the site that they are accessing as the password. Even more simple, in the Yahoo case, 780 people used the word 'password' as their password.

Lax security measures like this make account hacking very easy.
No comments:
Labels: , , ,

Nokia Site Hacked

I am a registered Nokia Mobile Developer. I got this email from them late last night informing me that my information has been compromised:

You may have seen reports or received an email from us regarding a recent security breach on our developer.nokia.com/community discussion forum.

During our ongoing investigation of the incident we have discovered that a database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack. Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger.

The database table records includes members’ email addresses and, for fewer than 7% who chose to include them in their public profile, either birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo. However, they do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members’ accounts is at risk. Other Nokia accounts are not affected.

We are not aware of any misuse of the accessed data, but we have identified that your email address was in one of the records accessed, though it contained none of the optional information, so we believe that the only potential impact to you may be unsolicited email. Nokia apologizes for this incident.

Though the initial vulnerability was addressed immediately, we have now taken the developer community website offline as a precautionary measure, while we conduct further investigations and security assessments. We hope to get the site back online as soon as possible and will post developments there in the meantime.

If you have any questions on this, please contact Nokia.developer-discussions-support@nokia.com.

The Nokia Developer website team.


Somebody has to do something about security. There has got to be a better way for authentication.

No comments:
Labels: , ,
Subscribe to: Posts (Atom)