Jump to content

Gawker's Latest Embarrassment

Bouchart

By Bouchart,
in Off-Topic

 Share

What is worse?  

37 members have voted

  1. 1. Which makes Gawker look worse?

    • Their user passwords were stolen
      19
    • They use this to plug an article about creating strong passwords
      18

Recommended Posts

  • Replies 267
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Mudkip3DS Newbie

Mudkip3DS

Posted
Posted

 

Disposable accounts are similar to the service a pre-paid phone offers to drug dealers…

 

Wait. So Gawker's been selling crack and whores by the pound at the back of their New York offices?

 

All of a sudden, I feel so dirty…

Link to comment
Share on other sites
CorgiShinobi Newbie

CorgiShinobi

Posted
Posted

Right before I "deleted" my account, the writeup mentioned it would delete that information. Perhaps not every bit of information, as I would expect, but from what I see my profile is still 100%.

 

I guess sometime soon I'll simply email Help and tell them what's what. If nothing happens, then they can keep my posts. Yeah, keep them right up inside their anus! :tophat:

Link to comment
Share on other sites
R__ Newbie

R__

Posted
Posted (edited)

Most people put security on the backburner, because it tends to get in the way of productivity... whenever I hear stuff like this I just shake my head. I didn't read the technical details of this, but my personal recommendation (for anyone who is setting up any type of user db) is to use OpenLDAP with salted SHA512 hashes. LDAP traffic should encrypted with SSL/TLS, even if the authentication is being done locally. People overlook OpenLDAP because it's a beast, but anyone who can handle Active Directory at a sysadmin level should be able to handle OpenLDAP (on that note you DO NOT want to have any type of web-facing interface to active directory due to the level of integration it has with Windows domains). OpenLDAP plays nice with other software, and you can adapt it to so many uses... the protocols are open and if you want to interface with it, you can read an RFC. Imagine that, following open standards that are time-proven. Why LDAP over traditional SQL databases? Directories and databases are for different purposes. Directories are more suited to user databases, because they don't include the unneeded complexities that go along with a full relational database. They also aren't vulnerable to SQL injections.

 

Crypt sucks, and I can bruteforce it in about 4 seconds.

 

Of course, nobody will ever listen to what I have to say, because people like me cost too much. Instead, the strategy is to hire run of the mill MCSEs, set up a shitty Windows-based infrastructure, and then throw your arms up when everything fails. Remember, the IT budget has some funds set aside for consultant fees, so when your IT department is too stupid to solve a problem you just call in the consultant to fix it. And that is why if you're in IT you should become a consultant :).

Edited by R__
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...