Yikes!it could be that Plesk was a version older than v11, in which case passwords are stored in PLAIN TEXT.
Google "identity theft" real quickly for me. See if you can work out how easy it is for someone to get credit in your name, entirely without your permission. The information they need is very easily obtained. It is even more easily obtained if you happen to be reusing passwords and they obtain it. This isn't paranoia. Password integrity is a simple, sensible concept with which more people should be familiar. You need to be more vigilant than you seem to be.LOL @ the paranoid hysteria!
Drink a beer, relax. Address and phone numbers are hardly sensitive personal information, unless your in witness protection?
I imagine that you're incorrect, but (I presume like you) I have no knowledge how the site/server is setup, other than the web server is running Plesk.I imagine it was all built using Plesk tools as the host now shows the default Plesk web page when viewing craftbrewer
Yikes!
Google "identity theft" real quickly for me. See if you can work out how easy it is for someone to get credit in your name, entirely without your permission. The information they need is very easily obtained. It is even more easily obtained if you happen to be reusing passwords and they obtain it. This isn't paranoia. Password integrity is a simple, sensible concept with which more people should be familiar. You need to be more vigilant than you seem to be.
Anyone who wants to understand more of the dangers (without the technical details) have a look at this article: http://www.wired.com/gadgetlab/2012/08/app...-honan-hacking/ While you're reading it, try to remember this was done by some bored kids. Absolute tip of the iceberg stuff.
Yep, scary stuff indeed. Also, consider that every rant I and others have had about password strength, length and hashing type, is all worthless in the context of what happened to Mat. It was entirely social engineering (loopholes at Amazon and Apple allowed this), not a single password was stolen or cracked to gain access to any of the accounts, and yet they were able to cause so much havok. There is other lessons to be learned from Mat's story, but they're mostly outside the scope of this thread.Google "identity theft" real quickly for me. See if you can work out how easy it is for someone to get credit in your name, entirely without your permission. The information they need is very easily obtained. It is even more easily obtained if you happen to be reusing passwords and they obtain it. This isn't paranoia. Password integrity is a simple, sensible concept with which more people should be familiar. You need to be more vigilant than you seem to be.
Anyone who wants to understand more of the dangers (without the technical details) have a look at this article: http://www.wired.com/gadgetlab/2012/08/app...-honan-hacking/ While you're reading it, try to remember this was done by some bored kids. Absolute tip of the iceberg stuff.
Yikes!
Google "identity theft" real quickly for me. See if you can work out how easy it is for someone to get credit in your name, entirely without your permission. The information they need is very easily obtained. It is even more easily obtained if you happen to be reusing passwords and they obtain it. This isn't paranoia. Password integrity is a simple, sensible concept with which more people should be familiar. You need to be more vigilant than you seem to be.
I disagree. Giving people your (reused) passwords makes the whole thing easier and worse.but they're mostly outside the scope of this thread.
Absolutely important,and every person who clicked that link should do a thorough AV scan,NOW ! Clickjacking and drive by downloads are still common.A keystroke logger check would also be advised,if you get one imbedded and don't realise ,it's big trouble.A good one is KLDetector,just search for it.And make sure all your AV is up to date,the interweb is the wild west,be protected.Yep, scary stuff indeed. Also, consider that every rant I and others have had about password strength, length and hashing type, is all worthless in the context of what happened to Mat. It was entirely social engineering (loopholes at Amazon and Apple allowed this), not a single password was stolen or cracked to gain access to any of the accounts, and yet they were able to cause so much havok. There is other lessons to be learned from Mat's story, but they're mostly outside the scope of this thread.
That said, what has been said about passwords previously is still incredibly important!
Absolutely important,and every person who clicked that link should do a thorough AV scan,NOW ! Clickjacking and drive by downloads are still common.A keystroke logger check would also be advised,if you get one imbedded and don't realise ,it's big trouble.A good one is KLDetector,just search for it.And make sure all your AV is up to date,the interweb is the wild west,be protected.
Or use Linux
I certainly do,Ubuntu,and as far as I'm concerned ,it walks all over Windows,but I still realise the risk with ANY operating system,they can all get malware and none are bullet proof,as Mac users have started to find out lately.And just to emphasise the point again,NEVER click on suspect links ! NEVER !Or use Linux
This is an excellent tool for checking the safety of any website before clicking,please bookmark it and use http://www.urlvoid.com/
That was just a test Grasshopper ,always search for the site yourself , you are learning wellHow do I know that link is trustworthy :lol:
If you've gained root level access to the server then the reality is the passwords area moot point (since they can reset them anyway)!The passwords are actually only encrypted in Plesk v11 and even then it is very poorly done - if you have access to the server, you have access to the encryption key, which means you can easily decrypt the passwords. The other method employed by Plesk v11 is a hashed password....but once again this is useless as its per server, not per user, which means if you have access to the server you can decrypt the passwords very easily.
There's no way you could tell. As someone who manages a large number of Plesk servers, the recent vulnerabilities didn't have anything to do with how the passwords were stored (it was a SQL injection). Given the way that Craftbrewer have been specifically targeted, they may have tried any number of methods to find an exploit.Finally, it looks like this server had some vulnerbailities - it could be that Plesk was a version older than v11, in which case passwords are stored in PLAIN TEXT.
Enter your email address to join: