devin
Yoshi
i'm mima irl
Level: 112
   
Posts: 1688/3519
EXP: 14932632
For next: 405573
Since: 04-29-08
Pronouns: any
From: FL
Since last post: 306 days
Last activity: 3 days
|
| Posted on 12-13-10 06:42:35 PM (last edited by devin at 12-13-10 03:48 PM) |
Link | Quote
| |
tl;dr: If you have an account registered on Gawker.com, Gizmodo, Valleywag, Fleshbot, Defamer, Kotaku, Jalopnik, Lifehacker, Deadspin, Jezebel, or io9, and the password for that account is the same as a password that you use anywhere else, then you need to change some passwords ASAP.
This Forbes article covers it pretty well. Read it.
Highlights:
- "The data dump supplied has some 1,048,476 lines of records, many with e-mail addresses", including Gawker staff members. "The attackers reported being able to crack 200,000 passwords already."
- 405 MB of Gawker source code leaked, plus "credentials of Gawker employees for other web sites, includes FTP credentials for other web sites Gawker has worked with, includes access to Gawker’s statistics web site, and includes the e-mails of a number of the users who left comments at Gawker as well as users of lifehacker.com, kotaku.com, and gizmodo.com"
- User information was apparently stored using DES, which was made a U.S. federal standard in 1976 and was publicly broken in 1998
- Gawker staff noticed warning signs prior to the breach and completely failed to act on them
- This stunning display of compassion and competence from Gawker staff:
____________________
Photo by Luc Viatour |
Rick
M'Lord, there's a knife in your head!
Level: 152
Posts: 1745/7540
EXP: 43724122
For next: 577538
Since: 02-15-10
From: Maine
Since last post: 7 days
Last activity: 6 days
|
|
Yeah, that's about what I expect from a bunch of egotistical smart-ass staff of a great big thing. That would be, like, really great if they could get massively sued.
Thankfully, I have no passwords or anything there so I don't need to change anything.
____________________
 |
Lyskar
12210    
-The Chaos within trumps the Chaos without-
Level: 192
Posts: 7360/12211
EXP: 99325402
For next: 548169
Since: 07-03-07
From: 52-2-88-7
Since last post: 7.4 years
Last activity: 7.3 years
|
|
| Stats | Time/Date
12-13-10 02:36:36 PM
Posts
7360
Days Here
1259
Level
125
|
| | Metal_Man88's Post | This is why I store my passwords and data with known unbroken ciphers that are really huge.
____________________
|
| |
|
Danika
6230
Level: 141
Posts: 5074/6235
EXP: 33299817
For next: 820197
Since: 10-23-09
Since last post: 1.2 years
Last activity: 1.2 years
|
|
| 00:00:00 | Illumina Prevue Guide Emulator | POST #
5074 | At least I haven't bothered to register at any of those sites... probably for the better, though 
____________________
Twitter • YouTube • DeviantArt • The Left Mouse Button
"From all of us at WKBE-FM, good night." ~WKBE-FM signoff, 1981 |
|
FieryIce
Luigi
Level: 119
Posts: 1293/4161
EXP: 18759150
For next: 170141
Since: 12-18-08
From: Chicago
Since last post: 189 days
Last activity: 3 days
|
| Posted on 12-13-10 10:37:04 PM (last edited by FieryIce at 12-13-10 07:37 PM) |
Link | Quote
| |
I'm not registered in any of those sites although I do go to some of them from time to time (usually linked from other sites)... whew 
While I do use the same password in some sites, those sites are usually places I only register to download something and leave, not any place of importance |
Nicole
Disk-kun
Level: 146
Posts: 1799/6469
EXP: 38286423
For next: 226871
Since: 07-07-07
Pronouns: she/her
From: Boston, MA
Since last post: 78 days
Last activity: 1 day
|
|
|
This goes to show that there are more consequences than just being a bother for sites that require registration constantly... I mean, plenty of sites manage to get by with anonymous commenting, Gawker is one of the largest blog network thingies on the internet, I'm sure they could have figured it out if they wanted to...
Recently boston.com started bugging me to register, so recently I stopped visiting boston.com...
____________________
|
|  |
|
krutomisi
2480 
Level: 94
Posts: 1143/2481
EXP: 8265906
For next: 90751
Since: 02-01-10
Since last post: 241 days
Last activity: 181 days
|
|
Originally posted by Maxwell
tl;dr Gawker people insulting Anonymous. Anonymous strikes back.
Originally posted by the linked article
They do state clearly that they have no affiliation with Anonymous or the board 4chan (...)
____________________
| | | |
1143 / 59 / 315 |
Maxwell
Level: 47
Posts: 476/500
EXP: 727475
For next: 38728
Since: 09-30-10
Since last post: 11.2 years
Last activity: 11.1 years
|
| Posted on 12-14-10 05:27:15 AM (last edited by Maxwell at 12-14-10 06:43 PM) |
Link | Quote
| |
Originally posted by krutomisi
Originally posted by the linked article
They do state clearly that they have no affiliation with Anonymous or the board 4chan (...)
Continuing that quote...
Originally posted by Article
which I suppose every group of defacers, crackers, and so forth will have to do for a while until the Wikileaks brouhaha and resultant Operation Payback dies down.
I guess you could call it, "Gawker people insulting Anonymous. Gnosis (which is most likely filled with people from /b/) strikes back."
Also...
Originally posted by Article
Motivation
The web site Mediaite corresponded briefly with a member of Gnosis, who explained the reasoning behind their attack this way:
“We went after Gawker because of their outright arrogance. It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database.
We found an interesting quote in their Campfire logs:
Hamilton N.: Nick Denton Says Bring It On 4Chan, Right to My Home Address (After
The Jump)
Ryan T.: We Are Not Scared of 4chan Here at 210 Elizabeth St NY NY 10012”
And here is one of the documents released about this, and a quote from it.
Originally posted by Doc
Let's start with our good friend Nick!
You would think someone like Nick Denton who likes to run his mouth
and taunts such an unforgiving mass like Anonymous, would use a more
secure password than "24862486". The sad thing is he probably
believes this password is "secure" because he likes to use it everywhere!
Here's a really nice quote from Nick:
"And if any of you sad 4chaners have a problem with that, you know how to reach me
(my email address is spelled n-i-c-k at g-a-w-k-e-r dot com)."
tl;dr Maybe not Anon but they had a part to play in this.
Edit: Fixed document link. My bad. ____________________ This text fades out because it can... |
Orlandu
Holy SwordsMan
Level: 137
Posts: 3766/5913
EXP: 30480326
For next: 392529
Since: 01-12-10
From: Las Vegas, NV
Since last post: 4.0 years
Last activity: 208 days
|
| Posted on 12-14-10 01:28:28 PM (last edited by Orlandu at 12-14-10 04:30 PM) |
Link | Quote
| |
 |  |  |  | This is the email I received about it:
Originally posted by Gawker Email
This weekend we discovered that Gawker Media's servers were compromised,
resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel,
io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. As a result, the user name
and password associated with your comment account were released on the
internet. If you're a commenter on any of our sites, you probably have
several questions.
We understand how important trust is on the internet, and we're deeply
sorry for and embarrassed about this breach of security. Right now we
are working around the clock to improve security moving forward. We're
also committed to communicating openly and frequently with you to make
sure you understand what has happened, how it may or may not affect you,
and what we're doing to fix things.
This is what you should do immediately: Try to change your password in
the Gawker Media Commenting System. If you used your Gawker Media
password on any other web site, you should change the password on those
sites as well, particularly if you used the same username or email with
that site. To be safe, however, you should change the password on those
accounts whether or not you were using the same username.
We're continually updating an FAQ (http://lifehac.kr/eUBjVf) with more
information and will continue to do so in the coming days and weeks.
Gawker Media
I'm not too concerned about it but I changed a few passwords anyway. I think it was more for retribution on Gawker than anything. The only problem is if they sell that information.
edit: according to Slate's widget, my username/email was not included in the leaked data. ____________________ |  |  |  |  |
| |
|
|
