VN Boards Archive

[VN Boards Archive]

Welcome to the Vault Network forum archive.

This is not a complete archive, time didn't allot us the opportunity to properly backup the majority of the boards deemed "expendable". Most boards on this list have at least 20-40 pages archived (non-logged in pages, 15 topics per page).

Popular boards may have as many as 250 pages archived at 50 topics per page, while others deemed of historical signifigance may be archived in their entirety.

We may not agree with how the board shutdown was managed, but we've done what we could to preserve some of its history in lieu of that.

Please enjoy the archive.
~ Managers, Moderators, VIP's, and regular posters.

Author

Topic: Dreamhost resets all FTP / Shell passwords due to compromised security

Marzuk Posts: 12,545 Registered: Oct 21, '02 Extended Info (if available) Real Post Cnt: 12,348 User ID: 729,742	Subject: Dreamhost resets all FTP / Shell passwords due to compromised security
	http://www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-security-issue/ At this point, I honestly find myself in awe at how bad password storage is in general. Apparently when you go through the "forgot password" process, you're emailed a plain-text password instead of being put through a proper password reset process. IMO I want a company that can stand up and say "Yep, our user database was compromised, but no worries the way the passwords were stored was bulletproof. You can change them if you want though!" (or ideally a company that doesn't get compromised at all, but I'm "dreaming" there har har!) I know someone who always had a flippant attitude towards this sort of thing. "Oh, setting up a webserver? Thats easy right? Oh, configuring email is easy too, it shouldn't take more than 15 minutes." Showing this person a postfix diagram was not at all daunting, and this person had never so much as set up a LAMP stack. In other words, a professional bullsh****. IMO this is the problem - we have far too many cocksure people who for some reason just don't associate the complexity of properly setting up a webserver and keeping it secure. Of course these same people end up finding out that they have been turned into a spam relay because someone hijacked their oh so finely tuned Postfix installation. I think the only thing saving the average person is security through obscurity. Go ahead, install and configure all of your own stuff. If you are blog #280,000,012 chances are you are going to be fine - not because you know what you're doing, but simply because you are irrelevant and invisible. I could easily set up a basic LAMP stack, but what stops me from doing it is knowing enough to fear how much I truly don't know. Just because I can #sudo tasksel does not a linux admin make. I try to learn as much as I can, but at the end of the day I rely on hopefully* more knowledgeable people to do the heavy lifting, expecting their experience to translate into stability and security. In the end though, I'm just left wondering if that was just a delusion on my part. At the end, I wonder if the jobs just go to the people who are outright liars and if my cautious / honest statements rule me out for jobs that less qualified people end up taking based on the strength of their exaggerations. /rant -----signature----- (none)
	Link to this post
Steelwind_Oo Title: Lurking Oo Posts: 32,879 Registered: Sep 30, '00 Extended Info (if available) Real Post Cnt: 31,007 User ID: 46,829	Subject: Dreamhost resets all FTP / Shell passwords due to compromised security
	Even with systems where passwords are properly salted and hashed if the db is taken they broadcast it to anyone in the database and request they change their password... it is legal CYA. I agree though there are way too many systems that get compromised with no data security whatsoever and when that happens things get ugly fast. -----signature----- 'God is an imaginary friend for grownups.', Walter Crewes (Morgan Freeman), The Big Bounce Don't be afraid to ask dumb questions they're easier to handle than dumb mistakes! Xbox 360 Gamer Tag: SteelwindOo e93% a53% s33% k13%
	Link to this post
Marzuk Posts: 12,545 Registered: Oct 21, '02 Extended Info (if available) Real Post Cnt: 12,348 User ID: 729,742	Subject: Dreamhost resets all FTP / Shell passwords due to compromised security
	Oh I understand the legal CYA aspect. With a properly stored password I'd not be too concerned, its just that in this case there is good reason to think that is not the case. -----signature----- (none)
	Link to this post
Seffrid Title: Ancient One Posts: 13,210 Registered: Dec 21, '01 Extended Info (if available) Real Post Cnt: 12,930 User ID: 567,791	Subject: Dreamhost resets all FTP / Shell passwords due to compromised security
	Once again we're reminded that strong passwords are only as strong as the database on which they're held. -----signature----- (none)
	Link to this post
Marzuk Posts: 12,545 Registered: Oct 21, '02 Extended Info (if available) Real Post Cnt: 12,348 User ID: 729,742	Subject: Dreamhost resets all FTP / Shell passwords due to compromised security
	Seffrid posted: Once again we're reminded that strong passwords are only as strong as the database on which they're held. Absolutely. Also: Dreamhost CEO posted: Zachary:- some more detail â€“ our systems have stored and used encrypted passwords for a number of years, however the hacker found a legacy pool of unencrypted FTP/shell passwords in a database table that we had not previously deleted. Weâ€™ve now confirmed that there are no more legacy unencrypted passwords in our systems. Source: http://blog.dreamhost.com/2012/01/21/security-update/ -----signature----- (none)
	Link to this post