Another month another password disclosure breach
Adobe has revealed that apparently a password database from connectusers.com was compromised via a SQL injection attack.[1] Ars Technica reports that the passwords were hashed using MD5 (not clear whether they were salted or not).[2] Do we really need to remind you what constitutes a strong password and not to reuse them?
Some previous password diaries that might be of interest:
Potential leak of 6.5+ million LinkedIn password hashes
Critical Control 11: Account Monitoring and Control
Theoretical and Practical Password Entropy
An Impromptu Lesson on Passwords
Password Rules: Change them every 25 years (or when you know the target has been compromised)
References:
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
Comments