- Jan 24, 2011
- 9,378
People who analyzed the recently leaked rootkit.com user database warn that the compromise also has implications for accounts on other sites due to password reuse.
A week ago, the Anonymous collective hacked into the systems of a security firm called HBGary which threatened to expose its high-ranking members.
The group leaked tens of thousands of corporate emails and other confidential information, along with the user database of rootkit.com, a research website maintained by HBGary founder and CEO Greg Hoglund.
Because the passwords in the database were hashed with the vulnerable RC5 algorithm they were relatively trivial to crack.
Dazzlepod managed to recover the passwords for 64,489 accounts out of the nearly 81,000 in the database using the popular John the Ripper password cracking software.
"By randomly putting the passwords to test, many appear to be reused by the same user elsewhere on sites presumably of lower value to the user, e.g. Facebook, Twitter, forum sites, secondary email accounts, etc.," Dazzlepod warns.
More details - link
A week ago, the Anonymous collective hacked into the systems of a security firm called HBGary which threatened to expose its high-ranking members.
The group leaked tens of thousands of corporate emails and other confidential information, along with the user database of rootkit.com, a research website maintained by HBGary founder and CEO Greg Hoglund.
Because the passwords in the database were hashed with the vulnerable RC5 algorithm they were relatively trivial to crack.
Dazzlepod managed to recover the passwords for 64,489 accounts out of the nearly 81,000 in the database using the popular John the Ripper password cracking software.
"By randomly putting the passwords to test, many appear to be reused by the same user elsewhere on sites presumably of lower value to the user, e.g. Facebook, Twitter, forum sites, secondary email accounts, etc.," Dazzlepod warns.
More details - link
