I'm curious what the community makes of the recent news
http://www.techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/
given SASL's cleartext password storage? It seems like a monster breech.
Are we, as XMPP network operators, headed to a similar compromise as
larger
On 12/16/09 9:03 AM, Simon Tennant (Buddycloud) wrote:
I'm curious what the community makes of the recent news
http://www.techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/
given SASL's cleartext password storage? It seems like a monster breech.
This topic is more
On 17.12.09 00:56, Peter Saint-Andre wrote:
And even if you do have hashed passwords, if someone breaks into your
machine then it's not that much work to de-hash them all. It just looks
scarier if they're in cleartext to start with.
That more or less depends on what you store in your
On Dec 16, 2009, at 4:17 PM, Tobias Markmann wrote:
On 17.12.09 00:56, Peter Saint-Andre wrote:
And even if you do have hashed passwords, if someone breaks into your
machine then it's not that much work to de-hash them all. It just looks
scarier if they're in cleartext to start with.
That
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2009-12-17 01:43, Kurt Zeilenga wrote:
On Dec 16, 2009, at 4:17 PM, Tobias Markmann wrote:
On 17.12.09 00:56, Peter Saint-Andre wrote:
And even if you do have hashed passwords, if someone breaks into your
machine then it's not that much
On 12/16/09 6:12 PM, Mihael Pranjić wrote:
For a start you should really have you server very well secured. Very
restriced access to anything, not letting mysql server or whatever to be
accessed by anything else than localhost. No root ssh login, only
certificate login, and so on and so on...