Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Another month another password disclosure breach SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another month another password disclosure breach

Adobe has revealed that apparently a password database from was compromised via a SQL injection attack.[1]   Ars Technica reports that the passwords were hashed using MD5 (not clear whether they were salted or not).[2]  Do we really need to remind you what constitutes a strong password and not to reuse them?

Some previous password diaries that might be of interest:

Potential leak of 6.5+ million LinkedIn password hashes

Critical Control 11: Account Monitoring and Control

Theoretical and Practical Password Entropy

An Impromptu Lesson on Passwords

Password Rules: Change them every 25 years (or when you know the target has been compromised)




Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Northern VA - Fairfax 2020


412 Posts
ISC Handler
That might well explain the large number of messages claiming to be from LinkedIn which have evil attachments/links.

63 Posts
Looks like they weren't salted. What year is this again? FAIL!

1 Posts
If a month goes by without a password dump being posted online, THEN it'll be news.
No Love.

37 Posts

Sign Up for Free or Log In to start participating in the conversation!