pain.scene.org password leak from 2004
category: general [glöplog]
Okay so Jesse found a dump of passwords recently that was tagged as "www.scene.org owned" - this is only tangentially true, the db seems to be coming from the old pre-SceneID version of pain.scene.org voting user database which stored passwords in plaintext and had a bunch of old crappy PHP code.
Timeframe-wise, we're talking about up to 2004 here - in that sense, I would say it's fairly innocuous unless you have an abysmal password policy. Still, it's probably best if you have a quick look and see if you're affected. In the meantime I'll be fixing the PHP on the site to make sure this doesn't happen again.
Timeframe-wise, we're talking about up to 2004 here - in that sense, I would say it's fairly innocuous unless you have an abysmal password policy. Still, it's probably best if you have a quick look and see if you're affected. In the meantime I'll be fixing the PHP on the site to make sure this doesn't happen again.
I see that some people I know use abysmal passwords :D
It looks to me that everyone on that list has lame passwords... I guess everyone knew that they were plaintext so they didn't bother making them any stronger?
Yeah, having a lame password for (personally) inconsequential sites is actually good security. Best way to avert damage (in this case further than a few wrong votes).
Fun to see how people's password choices correlate with their character or choice of running jokes tho :)
Fun to see how people's password choices correlate with their character or choice of running jokes tho :)
Interesting, I used the name of a Hungarian town as a password. Vigyázz! A kutya harap!
a lot of those password are kinda... revealing :D
ficksau666 > ficksau
fickenficken > ficken
Some people clearly have stronger passwords than others.
fickenficken > ficken
Some people clearly have stronger passwords than others.
Okay break it up people, this is a security bulletin, not an all-you-can-lulz buffet :D
Fun fact - the first e-mail password I ever had in 1995 or so was "iguana", because I absolutely loved Heartquake back then.
hey everybody - sorry to see this happen. i was not even aware of the fact that the old pain voting website was still online nor that there were plaintext passwords saved anywhere. thanks gargaj to fix things and shutting the leaks. it's been a while .. :)
Nomen est omen
A couple of years ago, there was a leak from LinkedIn. A high-rank Austrian politician from a far-right party was affected by this leak. His password that was revealed in this leak suited what others suspected to be his political views: It was "heilheil".
The funniest part is that they didn't seem to have used a proxy/vpn - pretty sure I have their real IP address here.
Also,
Just think back what your passwords looked like in 2004, when nobody used password managers or generally cared about strong passwords that cannot be cracked by simple dictionary attacks. And yes, plaintext was also still very widespread at that time, too, but it's probably not something site users were aware about.
Quote:
It looks to me that everyone on that list has lame passwords... I guess everyone knew that they were plaintext so they didn't bother making them any stronger?
Just think back what your passwords looked like in 2004, when nobody used password managers or generally cared about strong passwords that cannot be cracked by simple dictionary attacks. And yes, plaintext was also still very widespread at that time, too, but it's probably not something site users were aware about.
lol
Please don't post any of the passwords here.
Before posting a word, make sure it's not on the password list.
Fuck! That's also my csdb password. Changed :P
Quote:
Timeframe-wise, we're talking about up to 2004 here - in that sense, I would say it's fairly innocuous unless you have an abysmal password policy.
cpc128
Heh, funny choice for my password.. and fortunately it's not used anywhere else. Diskmag voting security is less of a concern for me than, say, a bank account or facebook. :)
but at least they didn't revealed my password :)
jobe has nice passwd :)
HRONET aka WSAP? ;-)
phoenix: Nice password!