Hacker News new | past | comments | ask | show | jobs | submit login

With the password hashes being unsalted MD5 and estimates of password reuse averaging from 12% this is valuable information that could be used to gain access to more sensitive systems. Sure it may be as simple as running an automated scan, but if a script kiddie could do that and get this information it's likely this information may well have been compromised before now, we just haven't heard of it.

[1] "A large-scale study of web password habits" http://portal.acm.org/citation.cfm?id=1242572.1242661 via http://www.lightbluetouchpaper.org/2011/02/09/measuring-pass...




but if a script kiddie could do that and get this information it's likely this information may well have been compromised before now, we just haven't heard of it.

Hi. This happens all the time. There is evidence of far more significant data breeches nearly every day in the press - Byzantine Hades, RSA, Aurora, Night dragon, the list goes on and on. Probably the best argument for why this specific sql database with web app passwords hasn't been compromised in the past is that it's of very questionable value.

The people holding up convenience stores aren't revolutionaries. And that's true even if you try to spin a yarn where removing the funds from a tax paying business might lead to an eventual budget shortfall.


For what it's worth, I just started a service based on the high password reuse you mentioned: http://www.emailambush.com

I figure finding out the moment your email account is compromised is worth investing in, especially in these most recent days of hackers running wild.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: