EEVblog Electronics Community Forum

General => General Chat => Topic started by: JoannaK on September 25, 2012, 11:15:14 pm

Title: Plenty of leaked passwords .. (IEEE, uncrypted)
Post by: JoannaK on September 25, 2012, 11:15:14 pm

Quote
The world's largest professional organization for computer engineers exposed user names, plaintext passwords, and website activity for almost 100,000 of its members, some of whom are employees of Apple, Google, IBM, and other large companies.

The sensitive information was contained in 100 gigabytes worth of website logs that were publicly available for at least a month on servers maintained by the Institute of Electrical and Electronics Engineers, according to a blog post published by a recent graduate and current teaching assistant at the University of Copenhagen.

http://arstechnica.com/security/2012/09/ieee-trade-group-exposes-100000-password-for-google-apple-engineers/ (http://arstechnica.com/security/2012/09/ieee-trade-group-exposes-100000-password-for-google-apple-engineers/)
Title: Re: Plenty of leaked passwords .. (IEEE, uncrypted)
Post by: bullet308 on September 26, 2012, 01:44:29 am
One would have thought they knew better...guess not.   :-/
Title: Re: Plenty of leaked passwords .. (IEEE, uncrypted)
Post by: GeoffS on September 26, 2012, 05:01:56 am
its about how much attention you get. you draw customers attention, you draw enemy attention, thats how the world works.

I'm sorry, I have no idea how this relates to the thread's topic. ???
Title: Re: Plenty of leaked passwords .. (IEEE, uncrypted)
Post by: GeoffS on September 26, 2012, 05:54:24 am
plain text: IE has many users, 100 gigabytes of (cookies?) data? sure it wil be fishing ground for many crackers. what do you think?

Did you actually READ the linked article? It makes no mention of IE.
Title: Re: Plenty of leaked passwords .. (IEEE, uncrypted)
Post by: Monkeh on September 26, 2012, 02:55:43 pm
plain text: IE has many users, 100 gigabytes of (cookies?) data? sure it wil be fishing ground for many crackers. what do you think?

Did you actually READ the linked article? It makes no mention of IE.

He meant IEEE, pretty clearly.
Title: Re: Plenty of leaked passwords .. (IEEE, uncrypted)
Post by: Balaur on September 26, 2012, 03:42:19 pm
plain text: IE has many users, 100 gigabytes of (cookies?) data? sure it wil be fishing ground for many crackers. what do you think?

Did you actually READ the linked article? It makes no mention of IE.

He meant IEEE, pretty clearly.

Nope, he actually meant IE and his following messages (that were removed in the meantime) were really outside the scope of the discussion.

Yep, I've got a mail this morning from IEEE. As most "Woopsie, this is our fault, so here some lovely sand for your eyes", the message is composed as follows:

- 4 lines to explain the security issue
- 34 lines to explain TO ME how important is to select a strong password, to change it often and not to use the same for several websites and so on ...
- 2 lines for actual excuses

Also, the mail says that "IEEE has terminated access to your account under your current password" and that the following login I have to set up a new password. However, I had no troubles logging to myIEEE and IEEEXplore with my old password (that I've since changed). Go figure!

Cheers,
Dan
Title: Re: Plenty of leaked passwords .. (IEEE, uncrypted)
Post by: saturation on September 26, 2012, 03:51:30 pm
The only value of the passwords is to buy IEEE products.  Its not like passwords for putting missiles into launch mode.  I wouldn't be surprised if an IEEE member did use 123456 because they don't care about their account's contents, assuming they did due diligence to protect their personal information that could be stored in there  ;).

I've been with the IEEE since early 1990s.
Title: Re: Plenty of leaked passwords .. (IEEE, uncrypted)
Post by: Monkeh on September 26, 2012, 04:50:56 pm
plain text: IE has many users, 100 gigabytes of (cookies?) data? sure it wil be fishing ground for many crackers. what do you think?

Did you actually READ the linked article? It makes no mention of IE.

He meant IEEE, pretty clearly.

Nope, he actually meant IE and his following messages (that were removed in the meantime) were really outside the scope of the discussion.

Uh.. huh. Well, some people do have trouble staying on topic. Or even understanding the topic.
Title: Re: Plenty of leaked passwords .. (IEEE, uncrypted)
Post by: JoannaK on September 26, 2012, 06:54:00 pm
The only value of the passwords is to buy IEEE products.  Its not like passwords for putting missiles into launch mode.  I wouldn't be surprised if an IEEE member did use 123456 because they don't care about their account's contents, assuming they did due diligence to protect their personal information that could be stored in there  ;).

I've been with the IEEE since early 1990s.

Well.. if someone is so idiot that uses that kind of weak password on any site that has money value, they are obvious and easy targets to on all other sites they are using. And as soon as someone got your apple or google account you'll be in big ****.  With cloud syncing the cracker can erase all info from cloud connected machines.

Real world explanation. Some mistakes he made, but the big ones were by apple and amazon (at his case).
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ (http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/)


Has happened before, is total pita trying to recover accounts & data ,.
Title: Re: Plenty of leaked passwords .. (IEEE, uncrypted)
Post by: GeoffS on September 26, 2012, 10:01:14 pm
plain text: IE has many users, 100 gigabytes of (cookies?) data? sure it wil be fishing ground for many crackers. what do you think?

Did you actually READ the linked article? It makes no mention of IE.

He meant IEEE, pretty clearly.

Nope, he actually meant IE and his following messages (that were removed in the meantime) were really outside the scope of the discussion.


The poster must have agreed as he was the one who removed the posts.
I realise that this post is outside the discussion but I'm a moderator, what's the use of having power if you can't abuse it?