[quote]Today we learned that the Tuts+ Premium server was compromised, and sensitive data including email addresses and passwords were accessed before we were able to detect and stop the unauthorized intrusion.[/quote]
[quote]Tuts+ Premium is the only Envato service that operates with cleartext passwords, and it was a known internal issue for us, with a plan currently in progress to upgrade away from the current plugin.[/quote]
You'd think a website that A) Makes so much money from premium users and B) Has tutorials of security shit would of never ever stored cleartext passwords in their database, and if so would of changed it by now. Retards
More here: [url]http://notes.envato.com/general/tuts-premium-security/[/url]
[img]http://thisfile.me/ss/1340723541-l.png[/img]
At least they're honest.
So they fully knew the passwords were stored as cleartext and yet they continued to use it.
You morons.
how hard is it to md5 wrap a password? not that hard... md5(password)
Did they hire Sony's web engineers?
I think that's something a developer would get fired off of.
Hnnngh why can't people learn to use safe passwordstorage?
[QUOTE=Uglehs;36498956]how hard is it to md5 wrap a password? not that hard... md5(password)[/QUOTE]
[URL="http://en.wikipedia.org/wiki/MD5#Security"]MD5 is compromised.[/URL]
How does this happen, seriously
Didn't anyone look at the database and say, holy shit, we better get that fixed ASAP
[QUOTE=TGiFallen;36499501][URL="http://en.wikipedia.org/wiki/MD5#Security"]MD5 is compromised.[/URL][/QUOTE]
still better than plain fucking text
[QUOTE=Banana Lord.;36499713]still better than plain fucking text[/QUOTE]
actually it's still the same as md5. even with salt, it still sucks.
md5 shouldn't be used with passwords at all. and they don't use php.
[QUOTE=Uglehs;36498956]how hard is it to md5 wrap a password? not that hard... md5(password)[/QUOTE]
MD5 is an awful choice for hashing.
Goddamnit turb.
good fucking job tuts+
[QUOTE=Banana Lord.;36499713]still better than plain fucking text[/QUOTE]
As jung3o said, MD5 isn't any better than plain text. No matter how you salt it, it's going to get cracked quickly. MD5 is only a minor inconvenience to the hacker.
[QUOTE=TGiFallen;36500829]As jung3o said, MD5 isn't any better than plain text. No matter how you salt it, it's going to get cracked quickly. MD5 is only a minor inconvenience to the hacker.[/QUOTE]
I didn't say that it was amazing, I said it was better than plain text
you said it yourself, it's an inconvenience, versus just opening the database dump and reading it right from there
[QUOTE=Sir Whoopsalot;36498896]So they fully knew the passwords were stored as cleartext and yet they continued to use it.
You morons.[/QUOTE]
From the article:
[quote]Tuts+ Premium is the only Envato service that operates with cleartext passwords, and it was a known internal issue for us, with a plan currently in progress to upgrade away from the current plugin.[/quote]
Legacy systems are painful. It's non-trivial to hack password hashing into a spaghetti mess of legacy code.
if you used php you wouldn't have this issue turb.
[editline]lol[/editline]
hahhaa ya'll mad.
Cool, I have an account there.
[QUOTE=Matt-;36508186]if you used php you wouldn't have this issue turb.[/QUOTE]
fyi tuts+ Premium was run on PHP.
[QUOTE=Matt-;36508186]if you used php you wouldn't have this issue turb.[/QUOTE]
If you don't know what you are talking about, don't post.
[QUOTE=swift and shift;36505174]From the article:
Legacy systems are painful. It's non-trivial to hack password hashing into a spaghetti mess of legacy code.[/QUOTE]
That's very understanding of you turb. If you didn't know Envato personally, I bet you'd be calling them retards too. haha
Sorry, you need to Log In to post a reply to this thread.