“The group that hacked MacRumors‘ forums and made off with password data for more than 860,000 users has no plans to use it to mass compromise the accounts of people who use the same login credentials on other sites,” Dan Goodin reports for Ars Technica. “”
“The pledge was made in this post by a user who supplied confidential password details that weren’t publicly available,” Goodin reports. “Among other things, that information included partial cryptographic hash corresponding to the password of MacRumors Editorial Director Arnold Kim, as well as the cryptographic salt used to increase the time required to crack it.”
“Kim told Ars that those and other confidential details included in the post were ‘legit.’ The user went on to defend the hack as a benign undertaking designed to sharpen the skills of both the hacker and the MacRumors administrators.,” Goodin reports. “‘We’re not logging in to your gmails, apple accounts, or even your yahoo accounts (unless we target you specifically for some unrelated reason),’ the user known simply as Lol wrote. ‘We’re not terrorists. Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place.'”
Read more in the full article here.
My MR password “was” unique… and no longer in the possession of the hackers.
Gee. What a relief. I guess since they’re not terrorists everything is just swell!
The headline is misleading. Shame on your MDN!
The hacker took password *hashes*, not plain-text passwords.
I fully agree with the supposed hacker, “lol”. Any compromising of accounts on other sites using the same password is entirely the fault of the users. There’s more than enough password solutions these days to have unique and strong passwords for each services or site. No excuse for using the same password across several sites.
Bullshit. Theft is theft no matter how you try to paint it. By your reasoning any type of theft is justified if the victim is somehow ignorant or naive. I guess when banks or other businesses are hacked and ripped off it’s okay because they should have known better. Fools like you are a criminals best friend.
Well, yes as far as taking steps to protect themselves the victim is being ignorant and naive. I don’t think coolfactor is trying to say that hacking is OK, but just like you wouldn’t walk down a street alone in a bad part of a big city (do we agree that is ignorant and naive?), you have to be savvy with the internet or you are purposely putting yourself at risk. I still have to nag people to make more secure passwords too. “password” and “12345” are ridiculous and more common than you’d think. And it’s not just common people. I work with a PC tech who uses the department name as the Admin passwords here—it doesn’t get much dumber than that.
Tosser
These terrorists deserve to be sent to the gas chamber. Lethal injection is too good for them.
There is a reason I use MULTIPLE email addresses with multiple passwords.
Even if they did hack me, good luck getting any of my professional stuff. 🙂 Suckas!
Hey! Just because we were stealing stuff doesn’t mean we were stealing stuff. These creeps need to be disembowled!
Not all thieves are terrorists; not all terrorists are thieves.
What’s that got to do with the immorality of breaking into a web server?
What’s that got to do with taking information from that website that the administrators had not made public?
Wake up, children: In the real world companies pay penetration experts to “sharpen the skills of the web administrators.”
Notice the difference? As a *thief* there is no agreement between you and the website other than those set down by the society you choose to live in (which probably specifically make this a crime). As a penetration expert customer there is a binding legal agreement between you and the company setting forth what you can and cannot do, and what financial reward for your time and talent will be remitted upon completion of the work.
Were I to break into your house I would not crow on about how I’m not a terrorist.
Grow up. Man up for your crimes. Take the punishment due to you. Come back to society better for the experience.
I spoke to relative by marriage from India who was studying architecture in New York. She was astounded that we build houses with hollow outer walls (just plywood, drywall and some thin siding or stucco). She said anyone could just almost reach their hand through the walls and break in. In India, the walls are made of brick, stone or concrete over a foot thick and up to two feet thick. They all have iron bars over the windows and keep their chest of drawers and cupboard under lock and key. The yards are surrounded by tall, thick brick fences lined with shards of glass or razor wire on top. That is how they keep the thieves out.
We need more people to ‘test’ our locks so that we too can start to build thick stone walls and install locks on our cupboards. We could live like convicts while the thieves run wild.
Rich people in the US live in houses like that, too.
“You left your door unlocked. It’s your fault we came in and stole all your stuff.”
This is the reasoning of a 6 year old. Ridiculous.
While you are stringing these guys up for their break in could you kindly take care of some of the parasites that are filling my mailbox with spam. Thanks, much appreciated.
Yes, you are/ AND GITMO should be your next stop. AND you don’t get out.
Legends in their own minds.
Were I myself a member of an underground confederacy dedicated to ferreting out secrets for the good of mankind, or to shore up the eroding dikes of privacy by providing stark object lessons, there would need to be more knit to the fabric.
Unconstrained by a mission statement I would find myself drawn to a rich body of stolen data as a vein of precious metal to be mapped and distilled into intelligence. The temptation, for an analyst, would be excruciating, Jim Hawkins staring at Captain Kidd’s treasure.
For a rogue operation, on the other hand, it would be one of only two things: bragging rights is the goal, mission accomplished, crow amongst your peers and wag your finger publicly; or fail in your attempt to sell the useless data to a cartel, and save face with a lame public statement.
I spoke to relative by marriage from India who was studying architecture in New York. She was astounded that we build houses with hollow outer walls (just plywood, drywall and some thin siding or stucco). She said anyone could just almost reach their hand through the walls and break in. In India, the walls are made of brick, stone or concrete over a foot thick and up to two feet thick. They all have iron bars over the windows and keep their chest of drawers and cupboard under lock and key. The yards are surrounded by tall, thick brick fences lined with shards of glass or razor wire on top. That is how they keep the thieves out.
We need more people to ‘test’ our locks so that we too can start to build thick stone walls and install locks on our cupboards. We could live like convicts while the thieves run wild.
(I accidentally posted this reply to ‘Jim’ above instead of to you.
Anyone who makes their forum password the same as one for any important site, well, I don’t feel sorry for them. The internet has been around long enough that they should know better.
The Federal Government has been doing it for years. No news here.