[conspire] Password storage (was: Conspire Hey!)
rick at linuxmafia.com
Thu Nov 15 16:16:38 PST 2012
> Report: Half a Million Yahoo User Accounts Exposed in Breach
> By Kim Zetter
> 07.12.12, 12:19 PM
Looking closer, one sees: Article claims that intruders stole a set of
0.5M passwords all at once, via a SQL injection against a back-end
database server against Internet blog site 'Yahoo Voices' (formerly
named 'Yahoo Associated Content'), which permitted retrieving a huge
SQL table of Yahoo username/password pairs.
There are a couple of interesting parts of that.
1. Yahoo wasn't bothering to do input sanitising. If random stranger can
hit your Web site with funny-looking HTTP queries from the public
Internet containing SQL commands _and_ the Web site moronically accepts
those commands and passes them along to a security-sensitive back-end
database _and_ the SQL Web site then cheerfully sends back sensitive
information to nobody-in-particular, then, as the saying goes, You're
Doing It Wrong.
2. (worse) Yahoo was storing sensitive passwords in _plaintext_.
You never, never, ever do that. That's a chump error. (If you are able
to get security-sensitive passwords looked up and mailed to you, for
example, then somebody is making a chump error with your data.)
In Unix, we store password hashes generated with strong symmetric
encryption. And, because that's not good enough, the passwords use
'salting' to hinder bulk-decrypting.
Yahoo said it responded to news of that _particular_ password breach
by resetting all of the revealed passwords and notifying users (last
July). _However_, the point is that the company has obviously been
having problems and has made at least one serious security-design
 No, your subscription password on a Mailman mailing list is not a
security-sensitive password -- and you are advised of this when you
join and any time you change it.
More information about the conspire