Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > MacNN Lounge > MacRumors forums hacked

MacRumors forums hacked
Thread Tools
Moderator
Join Date: Aug 2001
Location: North Muncietucky
Status: Offline
Reply With Quote
Nov 13, 2013, 11:52 AM
 
Check this out. Looks like they got ALL of the MacRumors members' passwords, email addresses, etc.
     
Posting Junkie
Join Date: Apr 2007
Location: Iowa, how long can this be? Does it really ruin the left column spacing?
Status: Offline
Reply With Quote
Nov 13, 2013, 11:41 PM
 
Are you reading a different article?

Kim also told Ars that log files examined so far seem to indicate that the intruder "tried to access" the password database. At this early stage, there are no indications that the passwords, either in cryptographically hashed or cracked format, are circulating online. There's also no sign that the hackers were able to access any other data than that belonging to the use forums.
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Nov 15, 2013, 10:20 AM
 
The headline is a bit sensational. The official release is "we believe that at least some user data was exposed in the attack", and they advise everyone to change their password if it has been reused. It could be a lot less than the password hashes, though. We know that they accessed through a mod account, so we know that they had access to all emails (for confirmation emails at registration) and birthdays (required for COPPA compliance, but there's usually no sanity checking on that - I think you can say that you were born in 1492 if you like) without escalating further, but it could easily be nothing more than that.

Password hashes were MD5 with an individual user salt, so no rainbow tables - you have to crack each account individually. Reading through, MD5 is not as broken as it might appear at first. It is possible to find a collision in 2^24 (which is BAD for a 128-bit hash, don't get me wrong), but that only means that you can log in to MacRumors forums - you can't use that to log in to another site where you have reused that password. If you are somehow famous and your email address is known, then yes, they might bother simply brute forcing your password to try to reuse it, but MacRumors has enough accounts that the rest of us are likely to be able to hide in the masses.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 08:57 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2