Old 16th February 2011, 11:24   #41
jaromanda
Forum King
 
Join Date: Jun 2007
Location: Under the bridge
Posts: 2,273
Quote:
Originally Posted by labratofel View Post
MD5 Rainbow tables.
Ask google about them.

Says it all really.
So, change your password ... rainbows and unicorns can't get you then!!

category 5 cyclone in a tea cup averted

Is it just me or are shoutcast users getting dumber?
jaromanda is offline   Reply With Quote
Old 16th February 2011, 11:25   #42
osmosis
Major Dude
 
osmosis's Avatar
 
Join Date: Jan 2006
Location: Cananada
Posts: 838
Right, but was the salt compromised as well?

Request: A little SmartView Query Language love.
osmosis is offline   Reply With Quote
Old 16th February 2011, 11:30   #43
jaromanda
Forum King
 
Join Date: Jun 2007
Location: Under the bridge
Posts: 2,273
Quote:
Originally Posted by osmosis View Post
Right, but was the salt compromised as well?
it's stored in the user table


so ... it's not AS secure as if the salt wasn't compromised

by the way ... I'd say if email addresses (stored in the user table) were compromised, hashed passwords and hash salts are also compromised

it's still a bit of work to retrieve A password (maybe not THE password), but far easier having the salt than without

Is it just me or are shoutcast users getting dumber?
jaromanda is offline   Reply With Quote
Old 16th February 2011, 12:17   #44
Zulithe
Member
 
Join Date: Jul 2001
Posts: 62
I recently had to do a full round of password changes after a similar compromise at Gawker Media a few months ago. Now, back at stage one doing it over again... thanks, Winamp.

It is unreasonable to expect people to use a unique password for each and every website. I visit hundreds of websites, and I imagine the average person has a few dozen they regularly go to as well. I do use many passwords, but hundreds?

I would advise others here who don't want to use a separate PW for each site to use password 'sets', where you use 1 PW for a group of similar sites, and spread your PWs out amongst the most important sites you use (example: don't use your online banking PW as the same as your paypal or other very important site, to lessen any possible damage from a breach.)

Regardless, in this day and age it is suicide for a trusted site to not properly protect valuable data like this. I do so hope it doesn't happen again.
Zulithe is offline   Reply With Quote
Old 16th February 2011, 12:29   #45
jaromanda
Forum King
 
Join Date: Jun 2007
Location: Under the bridge
Posts: 2,273
Quote:
Originally Posted by Zulithe View Post
I recently had to do a full round of password changes after a similar compromise at Gawker Media a few months ago. Now, back at stage one doing it over again... thanks, Winamp.
read the terms of service, and privacy policy before blaming winamp

Quote:
Originally Posted by Zulithe View Post
It is unreasonable to expect people to use a unique password for each and every website.
sure, it may be unreasonable ... but winamp can't be held accountable for poor internet practices by users

Quote:
Originally Posted by Zulithe View Post
Regardless, in this day and age it is suicide for a trusted site to not properly protect valuable data like this. I do so hope it doesn't happen again.
seriously? it was winamp forum that was compromised. the vulnerability is in the forum software = vBulletin.

I can guarantee there are thousands of chinese and russian spotty teens working on hacking vbulletin one handed whilst I'm typing this

build a more secure forum, someone somewhere will hack it eventually

welcome to the internet, you must be new

Is it just me or are shoutcast users getting dumber?
jaromanda is offline   Reply With Quote
Old 16th February 2011, 12:34   #46
CJPR
Member
 
Join Date: May 2007
Posts: 76
Please correct me if I am wrong but could all of this been avoided if the forum software was updated in the first place ?

Not accusing, just asking.
CJPR is offline   Reply With Quote
Old 16th February 2011, 12:34   #47
Kaminari
Junior Member
 
Kaminari's Avatar
 
Join Date: Mar 2003
Location: Paris, France
Posts: 49
@Jaromanda

Next occurrence of you calling people morons and retards will get you permanently banned.

Capice?
Kaminari is offline   Reply With Quote
Old 16th February 2011, 12:36   #48
jaromanda
Forum King
 
Join Date: Jun 2007
Location: Under the bridge
Posts: 2,273
I have to apologise to admin for sticking my beak in here about this national security breach. I'm sure my glib comments haven't helped allay the fears of the Chicken Little's on the forum

I've also made a lot of assumptions about the nature of the breach

Feel free to remove any posts that inaccurately address the nature of the breach ... last thing I want to do is spread more FUD

look up ... the sky is still where it should be

Is it just me or are shoutcast users getting dumber?
jaromanda is offline   Reply With Quote
Old 16th February 2011, 12:38   #49
Fabrick
Junior Member
 
Join Date: Jul 2001
Location: Helsinki, Finland
Posts: 3
Must say I'm slightly disappointed with the FAQ too and understand the posts on this thread. If you get your users compromised, it is polite not only to tell them exactly what got stolen, but to also assure them that no passwords were stolen if that's the case. Right now, I can't be sure.

ps. Where do these Major Dude jaromandas come from?? I had a good laugh reading his arrogant and totally irrelevant posts. Sure, it's nice that there's internet and Winamp forum to fulfill the need for recognition, but it makes sensible forum threads an obscurity.
Fabrick is offline   Reply With Quote
Old 16th February 2011, 12:42   #50
jaromanda
Forum King
 
Join Date: Jun 2007
Location: Under the bridge
Posts: 2,273
Quote:
Originally Posted by Kaminari View Post
@Jaromanda

Next occurrence of you calling people morons and retards will get you permanently banned.

Capice?
I never called anyone specifically a retarded moron

I merely pointed out that you'd have to be a retarded moron to use the same password in multiple places

That's Common Sense on the Internet 101

Si la chaussure s'adapte

P.S. I just checked http://forums.winamp.com/showgroups.php - you don't seem to be there, I'm just wondering, on whose authority are you making that unwarranted threat?

Is it just me or are shoutcast users getting dumber?
jaromanda is offline   Reply With Quote
Old 16th February 2011, 12:43   #51
jaromanda
Forum King
 
Join Date: Jun 2007
Location: Under the bridge
Posts: 2,273
Quote:
Originally Posted by Fabrick View Post
totally irrelevant posts
moo

Is it just me or are shoutcast users getting dumber?
jaromanda is offline   Reply With Quote
Old 16th February 2011, 12:47   #52
labratofel
Junior Member
 
Join Date: Apr 2007
Posts: 12
Hey

This is my thread where *I* asked for answers. You can't give me answers, just your best guess.

S something U or G something O
labratofel is offline   Reply With Quote
Old 16th February 2011, 12:50   #53
CJPR
Member
 
Join Date: May 2007
Posts: 76
The same common sense Internet 101 that did not update the forum software ?


Not for nothing Jaromanda but you are very condecending towards some posters in this thread. Why dont you take some of your own advice and go enjoy your day. As you said it does not bother you about the breach. Seems like you are bothered that others have some concerns though. Makes you come across as a bit of a cock, just saying.
CJPR is offline   Reply With Quote
Old 16th February 2011, 12:51   #54
labratofel
Junior Member
 
Join Date: Apr 2007
Posts: 12
Hey

This is *my* thread where *I* asked for answers from the forum Administration. I didn't ask for some passing Antipodean to speculate.

Seriously, unless you are here in an official capacity with official answers and the title "Site Admin", "Admin" or "Moderator" please S.U. and G.O.

I refuse to let your banal antics derail my thread.

Last edited by labratofel; 16th February 2011 at 12:53. Reason: Forum stuttered and I didn't think my above post had gone through
labratofel is offline   Reply With Quote
Old 16th February 2011, 12:55   #55
jaromanda
Forum King
 
Join Date: Jun 2007
Location: Under the bridge
Posts: 2,273
Quote:
Originally Posted by CJPR View Post
The same common sense Internet 101 that did not update the forum software ?.
assuming it wasn't up to date ... remember, 1000's of chinese and russian teens are h4x0ring away as you type


Quote:
Originally Posted by CJPR View Post
Not for nothing Jaromanda but you are very condecending towards some posters in this thread.
it's called RETALIATION - you're not French, so you should know the meaning

Quote:
Originally Posted by CJPR View Post
Why dont you take some of your own advice and go enjoy your day.
it's 1 A.M. ... and I am enjoying it very much, thanks
Quote:
Originally Posted by CJPR View Post
a bit of a cock
DAMN!! I was hoping to come across as a WHOLE cock

Is it just me or are shoutcast users getting dumber?
jaromanda is offline   Reply With Quote
Old 16th February 2011, 12:57   #56
jaromanda
Forum King
 
Join Date: Jun 2007
Location: Under the bridge
Posts: 2,273
Quote:
Originally Posted by labratofel View Post
passing Antipodean
passing with 1040 posts, all of them factual and helpful, compared to your 2 before today ... hmmm ...

Quote:
Originally Posted by labratofel View Post
Hey

This is my thread where *I* asked for answers. You can't give me answers, just your best guess.

S something U or G something O
You had me at "Hey"

you lost me at S something U or G something O

but ... go outside, look up, the sky is securely in place

Jaromanda, OUT

Is it just me or are shoutcast users getting dumber?
jaromanda is offline   Reply With Quote
Old 16th February 2011, 12:57   #57
CJPR
Member
 
Join Date: May 2007
Posts: 76
Quote:
DAMN!! I was hoping to come across as a WHOLE cock
Your wish just came true. Headcheese and all....
CJPR is offline   Reply With Quote
Old 16th February 2011, 13:23   #58
joebloggscity
Senior Member
 
Join Date: Sep 2008
Posts: 148
nothign is full proof, and I respect that Winamp has notified us all of the situation, hopefully in time before someone posts on here with our usernames and spams etc...

As for sending us spam emails? Already happens with others, just empty span bin regularly.

Hope you can sort out further protection in time.
joebloggscity is offline   Reply With Quote
Old 16th February 2011, 14:22   #59
NiceguyRK
Junior Member
 
Join Date: Apr 2003
Posts: 30
LOL haven't used my winamp forum account in YEARS last login was 2007 :P
even my password was 1234567
Why on earth would someone bother stealing it is beyond me
NiceguyRK is offline   Reply With Quote
Old 16th February 2011, 14:38   #60
heytud
Guest
 
Posts: n/a
Quote:
Originally Posted by jaromanda View Post
did you read the FAQ link posted in the email?
Tried but got: This webpage is not available
The webpage at http://forums.winamp.com/showthread.php?t=327366 might be temporarily down or it may have moved permanently to a new web address.
Error 101 (net::ERR_CONNECTION_RESET): Unknown error.
  Reply With Quote
Old 16th February 2011, 14:43   #61
labratofel
Junior Member
 
Join Date: Apr 2007
Posts: 12
Quote:
Originally Posted by heytud View Post
Tried but got: This webpage is not available
The webpage at http://forums.winamp.com/showthread.php?t=327366 might be temporarily down or it may have moved permanently to a new web address.
Error 101 (net::ERR_CONNECTION_RESET): Unknown error.
The site has been doing that to me all day.

As an extremely regular member of the site (twice in my life) I cannot say if this is a recurring problem.
labratofel is offline   Reply With Quote
Old 16th February 2011, 14:51   #62
DrO
 
Join Date: Sep 2003
Posts: 27,876
it's due to all of the hits on the forum server.

-daz
DrO is offline   Reply With Quote
Old 16th February 2011, 19:44   #63
Tsuyo
Junior Member
 
Join Date: Dec 2009
Posts: 37
Well, it's in fact not the best what ever could happen.
I changed my passwords except this here on winamp.com. I don't care about someone who is using my account here. If you see some posts like "Blahblah penis blahalbhablahb", remove the post
Anyway. It teached all of us, that we should NOT use the same passwords on every website.
Every software does have some safety failures. The best example would be Windows, Mac and Linux. Deal with it.
Tsuyo is offline   Reply With Quote
Old 16th February 2011, 19:48   #64
Batter Pudding
Major Dude
 
Batter Pudding's Avatar
 
Join Date: Jun 2008
Posts: 1,665
I think it is just a clever way to get all the old users to come back and visit the forum.
Batter Pudding is offline   Reply With Quote
Old 17th February 2011, 17:03   #65
VonZipper
Junior Member
 
Join Date: Apr 2009
Posts: 3
I'm fairly certain that my email has been compromised by the security breach, since I got a large spike in spam since the breach. I'd kept this email account largely spam-free until now.
VonZipper is offline   Reply With Quote
Old 18th February 2011, 08:15   #66
bur2000
Junior Member
 
Join Date: Mar 2010
Posts: 7
haha jaromanda, before I even looked at this thread I knew thered be a sorry sod who'd fight to death for "his" precious company. Winamp messed up on this one period. Now maybe you should stop crying and accusing others of being chickens while you are a company loving sheep...

PS: I just saw you're from AU. That sheep comment was't meant racist...
bur2000 is offline   Reply With Quote
Old 18th February 2011, 08:41   #67
labratofel
Junior Member
 
Join Date: Apr 2007
Posts: 12
Why worry about accidental racist connotations when his signature is completely racist anyway?
labratofel is offline   Reply With Quote
Old 18th February 2011, 09:07   #68
osmosis
Major Dude
 
osmosis's Avatar
 
Join Date: Jan 2006
Location: Cananada
Posts: 838
labratofel: French people aren't a race, but you're right, it is offensive, and was clearly changed to goad Kaminari (who is from Paris).

bur2000: Llamas aren't sheep.

Request: A little SmartView Query Language love.
osmosis is offline   Reply With Quote
Old 18th February 2011, 20:13   #69
jaromanda
Forum King
 
Join Date: Jun 2007
Location: Under the bridge
Posts: 2,273
Quote:
Originally Posted by bur2000 View Post
haha jaromanda, before I even looked at this thread I knew thered be a sorry sod who'd fight to death for "his" precious company. Winamp messed up on this one period. Now maybe you should stop crying and accusing others of being chickens while you are a company loving sheep...

PS: I just saw you're from AU. That sheep comment was't meant racist...
Sheep thing is New Zealand and I aint fighting to the death for winamp ... I'm fighting to the death for common sense
Quote:
Originally Posted by labratofel View Post
Why worry about accidental racist connotations when his signature is completely racist anyway?
My signature is factual
Quote:
Originally Posted by osmosis View Post
labratofel: French people aren't a race, but you're right, it is offensive, and was clearly changed to goad Kaminari (who is from Paris).

bur2000: Llamas aren't sheep.
goad Kaminari? the french knuckle made threats beyond his station ... he should expect a little fun at his expense

Is it just me or are shoutcast users getting dumber?
jaromanda is offline   Reply With Quote
Old 21st February 2011, 10:07   #70
JolietJake
Junior Member
 
Join Date: Feb 2008
Posts: 6
FAQ...

7) What happened?

Quote:
As a result of our continuous security monitoring, we identified and blocked this attack. Additionally, new security measures have been deployed to help keep this type of breach from happening in the future.
Does that suggest they weren't employing a full range before they were hacked?
JolietJake is offline   Reply With Quote
Old 21st May 2011, 17:47   #71
onlyquality2011
Junior Member
 
Join Date: May 2011
Posts: 2
Quote:
Originally Posted by JolietJake View Post
FAQ...

7) What happened?



Does that suggest they weren't employing a full range before they were hacked?
You can say nobody is perfect. How many staff do you need to have? 1? 2? 1000?
onlyquality2011 is offline   Reply With Quote
Old 21st May 2011, 22:38   #72
timewarptickers
Junior Member
 
timewarptickers's Avatar
 
Join Date: May 2011
Location: Jacksonsutt, FL
Posts: 23
Hmm, guess I won't store vital personal information like social security number in my Winamp Forums profile
timewarptickers is offline   Reply With Quote
Reply
Go Back   Winamp & SHOUTcast Forums > Winamp > Winamp Site Design

Tags
angry, breach, security, winamp

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump