On 2011-01-07 18.22, Paul Merlin wrote:
Quoting Rickard Öberg<[email protected]>:
Wow, that's pretty serious. Do we know what they did with the server?
Why hack it? Could they have gotten to passwords and such?
Saying publicly that the server was hacked is a good start in my opinion, thanks
for this. I'll be interested to know what passwords are at risks too.
In my case I had two passwords stored there for :
- SiteVision
- Jira
How& what was stored in each application is the question. Salted multi-
iteration sha256 hashes or non salted md5 hashes for example ? That could tell
us what is the risk of password leak if they got the credentials from databases.
SiteVision uses Apache DS, so I assume it's hashed. Lots of applications
unfortunately don't hash passwords (out of ignorance, I hope), but I'm
not sure about how Jira works.
/Rickard
_______________________________________________
qi4j-dev mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/qi4j-dev
