Gawker’s Astounding Arrogance and Security Breach

Forbes has an interesting writeup about the recent hacking of Gawker and other sites. What’s really astounding about this stuff is just the level of arrogance shown by top level people at Gawker regarding security and their user’s data. The user data breach alone is bad, but it sounds like the hackers got in to all sorts of internal Gawker stuff.

[…] analysis of the file released by the crackers themselves indicates that the breach extends to employees of Gawker, includes credentials for internal systems (Google applications, collaboration tools) used at the company, includes a leak of Gawker’s custom source code, includes credentials of Gawker employees for other web sites, includes FTP credentials for other web sites Gawker has worked with, includes access to Gawker’s statistics web site, and includes the e-mails of a number of the users who left comments at Gawker as well as users of lifehacker.com, kotaku.com, and gizmodo.com. Forbes.com

Bad news. Even worse, the evidence seems clear that this attack was going on for quite some time. Lots of fishy things were happening and nobody at Gawker was able to put two and two together. You’d hope that a business as big as Gawker would have their shit together.

Hacking John McCain

This has got to be one of the best pranks I’ve seen in awhile. In short, John McCain’s MySpace page was using a template from Mike Davidson’s. That’s fine, except that McCain’s page was pulling images directly from Davidson’s server, using up Davidson’s bandwidth in the process.

If you’re unfamiliar with the process, let’s just say that it’s a big no-no to use someone else’s image on your site by linking to the image on their site. It means that each time your page is loaded, the image has to get downloaded from their site. If you going to steal someone’s image, at least have the courtesy to upload it to your server first.

Davidson decided to do a little swicheroo with McCain’s MySpace images:

Mccain supports gay marriage

Get the full story at Newsvine.com.

Via Daring Fireball.

Password Cracking

Here are some really interesting charts on how long it would take to crack various types of passwords.



appointive
appointive
appointive
appointive