Re: It's Time for Everyone to Change Passwords!

Replies are listed 'Best First'.
Re^2: It's Time for Everyone to Change Passwords! by m0ve (Scribe) on Jul 29, 2009 at 12:19 UTC
the site is 404 now and i found only one public mirror so far. however the hack is a few months old already ~~: `Fri Apr 15 13:34:52 2005`~~ btw interesting new user : 784161 update: while the date was wrong (can't believe i misread this) the hack is still a few months old	[reply] [d/l]
Re^3: It's Time for Everyone to Change Passwords! by OverlordQ (Hermit) on Jul 29, 2009 at 18:05 UTC
that particular output of uname is the kernel version, IE when it was compiled. uname doesn't output the current date.	[reply]
Re^3: It's Time for Everyone to Change Passwords! by ELISHEVA (Prior) on Jul 29, 2009 at 17:29 UTC
Please note: The April 15, 2005 date is the output of a `uname` command. The list of saints includes users who did not exist in 2005 and/or people who were only added to the Saints list at the end of April, 2009. This is a recent hack. Best, beth	[reply] [d/l]
Re^3: It's Time for Everyone to Change Passwords! by tirwhan (Abbot) on Jul 29, 2009 at 12:27 UTC
however the hack ia few month old already : Fri Apr 15 I'm guessing, but from comments in the CB I've gathered that the server that was hacked was an old machine, which is still up but no longer in active use. So the hack might very well be more recent, with only older information being disclosed. All dogma is stupid.	[reply] [d/l]
Re^4: It's Time for Everyone to Change Passwords! by m0ve (Scribe) on Jul 29, 2009 at 12:35 UTC
the info might be old but i guess most people don't change their passwords every few months so most of those passwords might be working.	[reply]
Re^5: It's Time for Everyone to Change Passwords! by tirwhan (Abbot) on Jul 29, 2009 at 12:42 UTC
Re^6: It's Time for Everyone to Change Passwords! by m0ve (Scribe) on Jul 29, 2009 at 12:49 UTC
Some notes below your chosen depth have not been shown here
Re^3: It's Time for Everyone to Change Passwords! by clintp (Curate) on Jul 30, 2009 at 16:32 UTC
It's still out there, now mirrored in several places (not by me, but others). Since PerlMonks is still up and running, some must think there's no risks remaining. In the interest of full disclosure here's the TEXT ONLY of the posting: There is a really simple reason we owned PerlMonks: we couldn't resist more than 50,000 unencrypted programmer passwords. That's right, unhashed. Just sitting in the database. From which they save convenient backups for us. Believe it or not, there is actually debate at perlmonks about whether or not this is a good idea. Let's just settle the argument right now and say it was an idea that children with mental disabilities would be smart enough to scoff at. We considered patching this for you but we were just too busy and lazy. I'm sure you can figure it out yourselves. This isn't a bad set of passwords, either. Programmers have access to interesting things. These Perl guys are alright, just a little dumb apparently. A lot of them reuse. You can explore them yourselves, I really do not want to point out anyone in particular. ... In case you guys are worried, we did NOT backdoor dozens of your public Perl projects. Honest. Why would we want to do that? Not worth our time ;)	[reply]


Think about Loose Coupling
	PerlMonks