[outages] eBay password changes -- were they attacked?
Joey Kelly
joey at joeykelly.net
Tue Apr 5 12:26:19 EDT 2016
On 04/05/2016 11:21 AM, Chris Swingler wrote:
> Possibly, though I'd lean more toward the password list coming from a phishing site, in which case everything would be in the clear, and testing it against their own properly salted, hashed password database would be trivial.
That does make sense, and I have no objection to that scenario.
--Joey Kelly
>
>> On Apr 5, 2016, at 11:18 AM, Joey Kelly via Outages <outages at outages.org> wrote:
>>
>> On 04/05/2016 10:51 AM, DJ Anderson via Outages wrote:
>>> I got one of those a few weeks ago.
>>>
>>> When I inquired about it I was told that the password I was using was found on some leaked password list and due to that they had set a temporary password to protect my account.
>>>
>>> -DJ
>>
>>
>>
>> Does that not imply they are not using salted hashes, but storing the
>> passwords in plaintext? Or maybe they're intercepting the passwords and
>> testing them against a dictionary? I might be OK with the latter, maybe
>> (but who appointed them to be the world's password police?)
>>
>> --Joey Kelly
>>
>>
>> <snip>
--
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550
More information about the Outages
mailing list