Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Android Forums Hacked: 1 Million User Credentials Stolen

samzenpus posted more than 2 years ago | from the protect-ya-neck dept.

Cloud 93

An anonymous reader writes "Phandroid's AndroidForums.com has been hacked. The database that powers the site was compromised and more than one million user account details were stolen. If you use the forum, make sure to change your password ASAP. From the article: 'Phandroid has revealed that its Android Forums website was hacked this week using a known exploit. The data that was accessed includes usernames, e-mail addresses, hashed passwords, registration IP addresses, and other less-critical forum-related information. At the time of writing, the forum listed 1,034,235 members.'"

cancel ×

93 comments

Sorry! There are no comments related to the filter you selected.

lol linux (4, Funny)

Anonymous Coward | more than 2 years ago | (#40633151)

Was it run on... Linux? BWAHAHAHAHAHAH!

Linux = FAIL.
Windows or OS X are the only secure solutions.

Re:lol linux (-1)

Anonymous Coward | more than 2 years ago | (#40633303)

MOD PARENT UP

Re:lol linux (1, Offtopic)

multiben (1916126) | more than 2 years ago | (#40633313)

Oh come on whoever modded this down. Get a sense of humour!

Re:lol linux (0, Informative)

Anonymous Coward | more than 2 years ago | (#40633371)

It wasn't funny. Damn sure wasn't insightful or informative. Maybe inciteful.

Re:lol linux (4, Funny)

multiben (1916126) | more than 2 years ago | (#40633457)

You're right. I'm sorry, now back to work everyone! These are serious times. Linux is the best operating system that has every existed and nothing will ever be better than it. It is perfect and nobody should ever laugh at it. You know why? Because it's not funny! That's why. In fact, nothing is funny. Somebody told me a joke once back in 1972 and frankly I just didn't see the point. It distracted me from being serious.

Re:lol linux (0)

Anonymous Coward | more than 2 years ago | (#40633495)

No need to be serious all the time. But it still wasn't funny, insightful, or informative.

Re:lol linux (1)

multiben (1916126) | more than 2 years ago | (#40633579)

I know, I am totally agreeing with you.

Re:lol linux (0)

Anonymous Coward | more than 2 years ago | (#40636497)

Not sure if retard or just stupid.

Re:lol linux (0)

Anonymous Coward | more than 2 years ago | (#40633605)

It wasn't funny to you, probably because you're a Lintard. To some though, it was funny. You're not funny at all. In fact, you're rather sad.

Re:lol linux (0, Offtopic)

Anonymous Coward | more than 2 years ago | (#40633653)

OS LIMITATIONS

1. No true multitasking for 3rd party apps - they re frozen in the background.

2. No Divx/Xvid video codec support. Zune will convert with loss of quality.

3. No mass storage mode.

4. No micro-SD card support.

5. Only support up to 16GB storage .

6. No filemanager. Directory system is totally opaque.

7. Need Zune to transfer files. Zune will only transfer photos, videos & music. All other files need to email/upload to yourself.

8. Your contact details are automatically uploaded to cloud service whether you like it or not.

9. Limited to 800x480 resolution.

10. Voice search is hardwired to Bing.

11. Cannot use any MP3 file as ringtone except those with strict constraints.

12. Cannot set static IP address so no connection to ad-hoc networks.

13. No VPN support for this âoecorporate enterpriseâ phone.

14. Cannot sync directly with Outlook without syncing to Cloud

15. Totally closed OS, cannot sideload apps outside MS Marketplace.

16. System font size cannot be changed.

17. Images and photos cannot be renamed in the phone.

18. Windows Live ID account cannot change country once set.

19. No centralized notification page.

20. Alarm clock cannot work when phone is turned off. All Nokia Symbian and Meego phones can do this.

21. The idle screen is completely blank and cannot display time or notifications.

22. Only photos allowed as email attachments, documents not allowed.

23. No way to stream audio to the majority of car audio systems as the most common Bluetooth rSAP profile is not implemented.

24. Cannot stream audio from video playback to Bluetooth devices as A2DP profile is not implemented.

25. No support for full on-device encryption required for secure applications like mobile banking and online payment.

26. Cannot use Bluetooth keyboard (no HID profile)

27. Cannot silence ringtone or alarm by flipping the phone.

28. Very limited customization option.

29. Cannot be upgraded to WP8 (Apollo)

USABILITY ISSUES

30. No always visible status bar for battery life, signal strength, carrier ID, 2G/3G wi-fi, Bluetooth on.

31. Taskmanager has no option to shut down apps you donâ(TM)t want running in the background.

32. Search and Back button cannot be de-activated in apps or games and easily touched by accident which interrupt your user experience.

33. Lockscreen need to be activated to show missed call/sms notification.

34. No way to close an app except pressing back button all the way to the first screen.

35. Tiny fonts in messages is very hard to read for those over 45.

36. Cannot create and save playlists on the phone.

37. Playlist can only be edited when you are playing it.

38. Cannot search your music collection on the phone, only in the Marketplace.

39. Cannot close music player, can only pause. Music player on lockscreen will stay until you reboot. Be careful not to touch it in a meeting.

40. No draggable progress bar for current track playing and no indication which track in an album is currently playing

41. Cannot lock screen orientation.

42. Online and phone contacts are mixed together with no ability to filter.

43. Search button in dialer does not search contacts for dialing, but search call history.

44. Cannot save draft sms messages.

45. Call history only show phone number type. If a contact has multiple phone nos. for a type the number used is unknown.

46. Cannot recognize phone numbers in sms or email to save or use as calling number.

47. Text messages can only be deleted one by one or the whole thread.

48. Cannot select multiple pictures for deleting, sending or uploading. They must be done one at a time.

49. No way to see photo details - dimension, date/time taken, file size, etc

50. Apps are listed alphabetically with no way to group by category. Can be hard to find if you donâ(TM)t remember the name.

51. Calendar scheduler has no weekly view and monthly view is non-zoomable.

52. No peak time/off-peak time scheduling for email downloads to prevent unnecessary email downloads at overnight.

53. If both wi-fi and data connection are available which one it chooses to use is unpredictable. User experiences donâ(TM)t agree with Microsoft that it âoetypicallyâ choose wi-fi over 3G.

FEATURE LIMITATIONS

54. No live wallpaper, no widgets, no themes

55. No haptic feedback for keyboard.

56. No Swype.

57. No flashplayer support.

58. No support for Java apps.

59. No call recording or app to do it.

60. No call blocking or app to do it.

61. No screenshots or app to do it.

62. No auto wallpaper changer and no app to do it.

63. Totally locked down os means apps which interact directly with hardware not allowed. This excludes a whole range of useful apps

64. No equalizer for Zune music player.

65. No data traffic counter and no app to do it.

66. IE browser has no text reflow, no download capability and no offline reading.

67. No 3rd party browsers allowed except those based on IE.

68. Volume up/down buttons cannot be used to zoom in camera (sign of an immature os)

69. Cannot open zip or rar files received as email attachment.

70. Cannot send or receive video by MMS.

71. Office Mobile has much less features than 3rd party Office editors like SmartOffice, QuickOffice and Polaris. Shame on you, Microsoft!

72. No native Google maps and Bing maps is useless for most countries outside U.S.

73. Email time stamp does not show the year.

74. Wide difference in apps availability in different markets and users locked to one market.

75. Not all Bing features available outside U.S. especially Local Scout

DUMB AND DUMBER

76. One volume control for all functions including media playback, ringtones, alarms, notifications.

77. Wi-fi disconnects when screen sleeps. If 3G is available background updates will use 3G and use up your data plan.

78. If you receive a text message when talking on the phone an audio alert will blast your ear at the full volume set. All other phones will give a soft beep.

79. Can only enter one mobile phone no. for each contact. Mobile nos. entered in other fields will not accept sms.

80. Cannot send/receive MMS without enabling 3G data connection. MMS does not use 3G data.

81. Phone cannot be charged when off.

82. Need to be plugged in to wall charger to sync wirelessly (a funny definition of wireless).

83. Oversized fonts for headings waste screen space and result in low information density

84. Phone will wake up and display sms content on lockscreen when locked â" a privacy violation.

85. Phone can be rebooted without entering security code.

FEATURES EVEN DUMB PHONES HAVE BUT WP7.5 DOESNâ(TM)T

86. No bluetooth file transfer.

87. Cannot handle USSD codes necessary for prepaid users to obtain services.

88. Cannot filter call history into Missed Calls, Received Calls, Dialled Calls, Recent Calls, etc

89. No way to backup or export call history

90. Cannot show call duration in call history.

91. No way to edit MMS profile to work with a carrier in the OS. Need an app which is not available in all markets.

92. Call history does not group calls by contact.

93. Call history does not show the time of call for calls older than current day.

94. Cannot set custom sounds for different types of notifications.

95. No ringer profiles.

96. No silent option (no vibrate and no ring) from ringer menu. Need a trip to settings and another trip to revert.

97. Cannot send/receive contact as a csv file.

98. Cannot backup your contacts or sms to PC.

99. Cannot save contact to SIM card.

100. Cannot change alarm ring tone or use a MP3 file.

101. Cannot set alarm snooze interval.

BONUS SHORTCOMINGS

102. Unable to read long names in audio and video playlist as they get cut off

103. Zune does not allow user to add or update podcasts directly from the phone

104. Zune can only be installed if you have an internet connection

105. Alarm does not revert to speaker if headphones are plugged in.

106. Forwarded emails cannot be edited

107. OS does not reduce volume of text message alerts when using headphones

108. Generally force users to use IE, Bing and SkyDrive by shutting out competitors or tying OS features to them.

109. Wifi- hotspot and internet tethering not integral features in the OS but need to be provided by manufacturer on a case by case basis.

110. Internet Explorer has no forward button for page views.

111. Mobile Office cannot edit Office 97-2003 documents which competing Office editors and WP7 can. Typical Microsoft strategy to force users to upgrade.

112. Embedded images in emails do not download

113. Bing maps need to tap to get voice direction for next turn.

114. No Silverlight support.

115. Compass gives wrong reading in the Southern hemisphere due to bad API in the OS.

116. 3rd party apps cannot put notifications on the lockscreen

117. Cannot be charged up when battery is completely dead. (Lumia specific)

118. No support for lossless audio format like FLAC and WMA lossless

119. No HDMI output (Lumia specific).

120. No data usage monitor and no app to do it.

121. No over the air (OTA) firmware upgrade. All upgrades must be via PC installed Zune.

Re:lol linux (0)

Anonymous Coward | more than 2 years ago | (#40635177)

Huh?

Re:lol linux (2)

ColdWetDog (752185) | more than 2 years ago | (#40635539)

Huh?

Whatever the hell he's going on about, he sure is upset with it.

Re:lol linux (1)

Anonymous Coward | more than 2 years ago | (#40637809)

Hey, stop speaking like a '00s guy. Here in the '10s we shortened that to a concise "he mad".

Re:lol linux (1)

Kalriath (849904) | more than 2 years ago | (#40638803)

He's either complaining about Windows Phone, or complaining about iOS. Presumably he needs to get out more.

Re:lol linux (1)

Anonymous Coward | more than 2 years ago | (#40633805)

It wasn't funny to you, probably because you're a Lintard. To some though, it was funny. You're not funny at all. In fact, you're rather sad.

Yeah sure. It's like George Carlin's rules of the road. Anybody who drives slower than you is STUPID. Anybody who drives faster than you is CRAZY.

It's like that with insecure people and humor too. Anybody who didn't think the joke was funny was obviously too stupid to get it. Oh, if only they were graced with your wit and your sense of humor!

Clearly they are some kind of *tard. Oh was it about Linux? Yes, Lintard. That's what they are.

Course the difference between a comedian and a +5 Funny slashdot post is that the comedian actually has to be funny. Slashdot seems to really hate it when you put any kind of wit or creativity into a joke. They'd rather hear for the ten thousandth time how awesome it would be if we got some sharks and put lasers on their heads. It's just that "Linux = FAIL" hasn't become an official Slashdot meme yet, so people are willing to give it the moderation it deserves instead of pretending to like it.

Why does it work this way? Why can't mods just honestly vote for what they like and dislike? Why do they adhere to this pattern even when moderations are anonymous?

They are desperate to feel like one of the group, a member of a shared culture, an insider. All they had to sacrifice was any sense of taste or regard for quality. That's all. That's why the tired old memes don't get the -1 Redundant they deserve - it's a bunch of Aspies and insecure geeks desperately trying to feel like they belong to something. Ever been in a group and seen one of those people who can't just laugh at the movie, he has to turn and look all around the room to make sure somebody else is laughing too - and quickly shuts up if no one else is? That's because he's not really an individual. That's what most Slashdot mods are like. It's why they follow the pattern like good little programmed bots even when no one is looking.

Those of us with real friends and family understand this. We have a frame of reference with which we can compare it.

Re:lol linux (0)

Anonymous Coward | more than 2 years ago | (#40635519)

Successful troll is successful.

And funny.

Re:lol linux (1)

broggyr (924379) | more than 2 years ago | (#40637455)

Anybody who drives faster than you is CRAZY.

Anybody who drives faster than you is a MANIAC!

FTFY

Re:lol linux (0)

Anonymous Coward | more than 2 years ago | (#40634093)

No love for either of you guys. But if you thought that was funny, you're in no position to call anyone's situation "sad". Didn't really look like he was trying to be funny anyway, so your observation that he's "not funny at all" is really without any evidence.

Re:lol linux (2)

Tourney3p0 (772619) | more than 2 years ago | (#40634113)

If you thought that was funny, you're going to *love* this new comedian Dane Cook that's making the rounds. Not sure what operating system he uses, though.

Re:lol linux (0)

Anonymous Coward | more than 2 years ago | (#40648185)

Umm... Dane Cook isn't new. He also isn't funny. None of his material, if you can call it that, is as funny as the joke above that pisses off Linux devotees. I'm sure he uses Ubuntu because he thinks it's "edgy." He seems like that kinda guy.

Re:lol linux (0)

Anonymous Coward | more than 2 years ago | (#40635133)

Your post makes me want to kill myself. I hooked my wagon to the wrong OS. OhNoes!
Time to go back to programming PDP11's in assembly

Re:lol linux (2)

Flere Imsaho (786612) | more than 2 years ago | (#40635917)

People laughed when I said I wanted to be a comedian. Well, they're not laughing now.

Re:lol linux (0)

Anonymous Coward | more than 2 years ago | (#40636723)

Hey,
Why should Linux be spared? According to most Apple users, everything else sux, and Apple invented everything... Linux fans will not be spared from Apple acolytes' unbiased opinions ;)

Now get off-a my lawn.

Re:lol linux (0)

Anonymous Coward | more than 2 years ago | (#40633505)

Jesus christ, it's a fucking operating system. Get a life, nerd-linger.

Re:lol linux (-1)

Anonymous Coward | more than 2 years ago | (#40633595)

I gotta tell him, I gotta be a man and handle my business
I know he's gonna hate me, I gotta call'em what up dawg, what you been up to
Oh yeah, well that's cool, check it out me and you, we been down for a while right
we been here and there, we been pretty tight somethin happened last night that you might get upset about
but hear me out, I didn't mean nothing buy it, I'm gonna make this quick

I gave your momma this dick I dunno how it happened
I just know my nuts and her itch was slappin I was over there mowin' the grass
and I could feel her eyes all up on my ass and then I went inside to make a phone call
and there she was with a tittie hanging out her bra one thing just led to another
next thing you know I'm butt-fucking your mother

Please don't hate me but I been fucking your mom loose lately please don't hate me
I never said I loved the hoe please don't hate me
but I been fucking your mom loose lately please don't hate me
you never should have trusted a juggalo

Don't hang up, I still got more your momma gives head like a heroin whore
I wasn't thinking about you as my bud
when she spread my but cheeks and went for the milkdud
we broke out with your grandpa's gin
and got drunk, I fucked her with a bowling pin
she's freaky, her nipples look like peanuts
your mommas one of my favorite sluts
she likes licking from the back of my balls
to the tip of my dick with one big lick
she calls me her big teddy bear
I chase her around in my underwear
I admit I like spanking her but
I used your sock though to catch my nut
don't worry, I put it back, I knew I better
that's probably why your toes been sticking together

Please don't hate me
but I been fucking your mom loose lately please don't hate me
I never said I loved the hoe
please don't hate me
but I been fucking your mom loose lately please don't hate me
you never should have trusted a juggalo

maybe they call you a termihater
if this was a swamp you'd be a allihater
you could use a cold glass of hatred
sure come on up, take the elehater
your moms ass looks like oatmeal yo
its bumpy and grainy, I like the feel though
and I ain't trying to diss her either
I'm only sayin' that I wish you would trim her beaver some
every hair is like a foot long
bitch looks like a werewolf wearing a thong sometimes
its allright with me though
I don't mind as long as I can locate the b-hole
and your dad so dumb he's knowing nothing
here I am stuffing her muffin
not to mention the pickle buffing
and I hope me and you are still cool
I'm spending the night so she can drive me to school tomorrow
and we plan on fucking again, allright, I'll talk to you later
Peace
(Jesus someone got fucked up nigga)

Please don't hate me
but I been fucking your mom loose lately please don't hate me
I never said I loved the hoe
please don't hate me
but I been fucking your mom loose lately please don't hate me
you never should have trusted a juggalo Please don't hate me
but I been fucking your mom loose lately please don't hate me

I never said I loved the hoe
please don't hate me
but I been fucking your mom loose lately please don't hate me
you never should have trusted a juggalo

Re:lol linux (1)

MobileTatsu-NJG (946591) | more than 2 years ago | (#40635545)

It wasn't funny. Damn sure wasn't insightful or informative. Maybe inciteful.

It was both funny and insightful, you just haven't accepted the way it applies to you.

Re:lol linux (1)

Jawnn (445279) | more than 2 years ago | (#40637223)

It wasn't funny.

I disagree. I'm certain that scores of 12-year-olds found it hilarious.

Re:lol linux (1)

nhat11 (1608159) | more than 2 years ago | (#40637569)

I thought it was funny, lol

Those Poor Pitiful Poor - Politicians love em! (-1)

Anonymous Coward | more than 2 years ago | (#40633391)

According to the Brookings Institute, if you follow 3 simple (stupid simple) rules you will have a 98% chance of never living in poverty.
The rules are:

1. Complete at least a high school education. No-charge public schooling means you CAN do this, no excuses.

2. After your education, get a job, any job. Stay at the job until a better one comes along. Harder to do these days but easier when you're not too proud to do service work or manual labor. If it comes down to it, you won't be the first to take a job you didn't like to put food on the table.

3. Don't get pregnant or become a father until you are married and at least 21 years old. No excuses there. We all know how babies happen. You can choose not to have them or not to have them yet. Ladies, get a bungee cord and put it around you knees if you just can't control yourself. Or take some goddamned responsibility, find one of the 14 forms of non-surgical birth control available to women that you like, and USE IT. Gentlemen, they're called rubbers, USE THEM. Or abstain if you think you can but have a fucking back-up plan if this is your main plan because shit happens and this is important. Not being in a shitty situation wondering what the fuck you're going to do is MUCH BETTER than having a million excuses trying to convince yourself (because nobody else is buying it) that it's not your fault.

People who do these things are adults, proper adults in every sense of the word. They're doing it the right way. The 2% of them who wind up in poverty anyway are what you call "down on your luck". Sometimes you do everything right and things still don't work out for you due to circumstances that are truly beyond your control. It makes perfect sense to have a safety net for those. It is the right and compassionate thing to do for our fellow man.

There are more than 2% of people in poverty and that's because they make terrible decisions. Why is it so "offensive" to say so? You gotta grow up, get over that and face a few unpleasant realities if you want to actually get more people out of poverty. If you can't do that you are part of the problem. They should also receive a safety net, mostly because the alternative is getting mugged by them. What we should not do is pretend like they're innocent victims. We should not try to make them feel better. We should tell them how and why they failed and uphold them as an example of mistakes that should not be made. Young people should have both postiive role models and negative examples of what happens when you are irresponsible. If you want them to grow up into responsible adults that is. If never offending anyone is more important then it is the youth who will pay the price for your squeemishness.

See if something really is your own fault and you don't want to accept that it is your fault, you will never change anything. You'll waste your time solving problems you don't have while neglecting problems you do have. It's a nation of crybabies that so many people think not "being offended" is more important for adult people than being able to deal with reality. That's why this nation is rotting and collapsing, because we no longer deserve the prosperity it once had. The people who built that prosperity weren't whiners, they didn't cry about how offensive reality was, and they understood the concept of making your bed and lying in it. We can do that too. Adults who have the emotional maturity of the average 2-year-old is not desirable, hate to break it to ya.

Re:lol linux (1)

AmberBlackCat (829689) | more than 2 years ago | (#40638315)

I would have modded it insightful. It illustrates the point that every time a security problem happens on a Windows system, the problem is blamed on Windows, even if that's an unfair accusation.

Re:lol linux (0)

Anonymous Coward | more than 2 years ago | (#40635579)

"+1, Troll" should be a thing that exists.

Re:lol linux (0)

Anonymous Coward | more than 2 years ago | (#40636805)

You said Passport?

Re:lol linux (1)

sl4shd0rk (755837) | more than 2 years ago | (#40638193)

I thought you were introducing a new linux distro.

Re:lol linux (1)

fluffythedestroyer (2586259) | more than 2 years ago | (#40639581)

No reason to blame Linux, the OS has nothing to do with this problem. It was the administrator who was too stupid to put more security in it's database. So please next time, like always, USE YOUR FUCKING HEAD when you read. It's getting annoying... and why arent you banned. seriously, every time you write, nothing is good. only trolling

Woo Hoo, big news! (5, Funny)

Grayhand (2610049) | more than 2 years ago | (#40633169)

Androids forums had a million users!!!!! Take that Apple!

Re:Woo Hoo, big news! (0)

Anonymous Coward | more than 2 years ago | (#40633421)

The anti-Linux joke above gets down-modded, but yours up-modded. No, there's no bias amongst the moderators!

Re:Woo Hoo, big news! (0)

Anonymous Coward | more than 2 years ago | (#40633453)

This one's actually relevant...

Re:Woo Hoo, big news! (1)

BronsCon (927697) | more than 2 years ago | (#40633473)

There's really not, go look at some of my comments pointing out Apples recent fuckups (not anti-Apple, just pointing out where they went wrong and pleading for improvement). Those mostly were modded down, just like the Linux joke.

Re:Woo Hoo, big news! (1)

MobileTatsu-NJG (946591) | more than 2 years ago | (#40635549)

Androids forums had a million users!!!!! Take that Apple!

To go to StarBucks and work on our screenplays we have to go outside!! Take that, Linux basement dwellers!

Re:Woo Hoo, big news! (0)

Anonymous Coward | more than 2 years ago | (#40640139)

Your one-line attempt-at-humor posts are *never* funny. Please leave if you're not going to contribute anything worthwhile.

Re:Woo Hoo, big news! (0)

Anonymous Coward | more than 2 years ago | (#40636747)

>Take that Apple!
Yeah, but a break-in would never have happened to an Apple discussion website ... you know Apple IS the best. Oh, and Jobsy used to shit marble (shamelessly stolen from Amadeus the movie)

Re:Woo Hoo, big news! (1)

tehcyder (746570) | more than 2 years ago | (#40638787)

Androids forums had a million users!!!!! Take that Apple!

Yeah, where's the forums app on my iToy?

Somebody's rushing... (2)

war4peace (1628283) | more than 2 years ago | (#40633187)

It's the third major hack in two days. Summer break boosts hacking?
My knee-jerk reaction was that there's a new, unknown exploit out there but from the summary I see there's a "known exploit".
At least I don't have an account there and now I am sure I never will...

Re:Somebody's rushing... (0)

Anonymous Coward | more than 2 years ago | (#40633307)

I would bet it is the script kiddies trying to notch up before the security cons. ( Hope, BsidesLV, blackhat, and Defcon) . I mean really what use are logins in an android forum. the Yahoo Voice hack maybe has some value but I do not see what info is valuable from this hack.

Re:Somebody's rushing... (0)

Anonymous Coward | more than 2 years ago | (#40633621)

Because many^H^H^H^H^H most users have same password/login everywhere? I dont do that personally, but if you hack a couple of accounts of mine then you can figure out my system of generating them.

Re:Somebody's rushing... (1)

SomePgmr (2021234) | more than 2 years ago | (#40635111)

At least this site hashed the users' passwords.

Re:Somebody's rushing... (1)

zaphod777 (1755922) | more than 2 years ago | (#40636411)

hashed with a random salt, although this can still be brute forced it is just much more expensive for all passwords not just the complex ones.

Re:Somebody's rushing... (0)

Anonymous Coward | more than 2 years ago | (#40637343)

Another hack today is the NVIDIA Developer Zone.
Quote: "NVIDIA suspended operations today of the NVIDIA Developer Zone website. We did this in response to attacks on the site by unauthorized third parties who may have gained access to hashed passwords."

It's open season obviously.

Low expectations (0)

Anonymous Coward | more than 2 years ago | (#40633273)

What's sad is that I'm quite surprised that they had a million members, but not at all surprised that they were hacked via a known (and most likely trivial) exploit.

I really have low expectations when it comes to online security... especially when it comes to forums.

Re:Low expectations (2)

Anubis IV (1279820) | more than 2 years ago | (#40633311)

This serves as yet another reminder of the value of using a password manager that can generate unique passwords for each and every site and then store them securely. That way, when the inevitable happens, as it did here, only that one password is compromised, and it comes at no hassle to you.

I've been using 1Password [agilebits.com] for years, but a number of folks here seem to like KeePass [keepass.info] , and I'm sure a few kind folks will reply with more suggestions below.

Re:Low expectations (2, Funny)

Anonymous Coward | more than 2 years ago | (#40633497)

i'd love to use keepass, but i am too fucking stupid. i am going to try again right now. fucking complicated shit.

Re:Low expectations (0)

Anonymous Coward | more than 2 years ago | (#40633567)

Or you can do something even more secure:

Over the years, I have developed a very secure palace. As needed, it only takes a few moments to create an entire new addition to this palace. In the different rooms, I can hold many different things. All of my passwords are hidden within this palace in cryptic ways that really only mean anything to me. You would have to know me very very well to be able to interpret these, and it is never hidden the same way or in the same room as another password. The only risk is that if I die or something happens to me, all of those passwords will be completely impossible to retrieve. However, someone has to get to me in person and break through the walls of my palace (there are no doors, and these walls cannot be easily broken through ordinary means) in order to access any of these passwords. Your passwords managers are inferior to this design.

Re:Low expectations (1)

Anubis IV (1279820) | more than 2 years ago | (#40633675)

That sounds less secure to me, since a simple rubber hose and some pliers applied to you can result in the recovery of those passwords. In contrast, I don't even know the vast majority of mine, offering me plausible deniability. You'd have to not only gain access to me, but also my encrypted database of passwords in order to get access to mine (and since the company behind 1Password has demonstrated a willingness to update and improve their encryption in the past, I expect that they'll continue to keep up with the times, such that no one will be able to simply crack the encryption and gain access to my passwords).

Re:Low expectations (1)

Serious Callers Only (1022605) | more than 2 years ago | (#40636221)

That's great, but who remembers the one password to your encrypted database of passwords?

Re:Low expectations (1)

Anubis IV (1279820) | more than 2 years ago | (#40638501)

I do, of course, but as I said, they'd have to grab both me and the database in order to use the rubber hose method, whereas AC's technique requires no database, since the palace he's talking about is a memory retention technique, meaning that grabbing him would mean grabbing the database at the same time. I'm not suggesting mine is immune to rubber-hosing, just that it requires one more step to be possible, making it a bit more secure.

Re:Low expectations (1)

tehcyder (746570) | more than 2 years ago | (#40639029)

That sounds less secure to me, since a simple rubber hose and some pliers applied to you can result in the recovery of those passwords. In contrast, I don't even know the vast majority of mine, offering me plausible deniability.

"Plausible deniability" is a piece of legal weaselling, not a way of stopping someone slicing your balls off with a cheesewire..

Re:Low expectations (1)

Anubis IV (1279820) | more than 2 years ago | (#40639311)

Sure...but it keeps my passwords secure! ;)

Re:Low expectations (0)

Anonymous Coward | more than 2 years ago | (#40633689)

That is a memory palace, a very effective way to memorize stuff for short term. I wouldnt use a memory palace for simple passwords, for the simple reason that it is tough to maintain multiple memory palaces, and that they dont work well for long term.

Re:Low expectations (1)

KernelMuncher (989766) | more than 2 years ago | (#40638363)

The best passwords are those hiding in plain sight. I like to keep a few pictures of things at my desk that instantly remind me of the password. For example it could be a picture of a big fat guy for password 300#FatGuy. That way you're unlikely to forget and still nobody would ever guess the actual password.

Re:Low expectations (2)

Ded Bob (67043) | more than 2 years ago | (#40634477)

I just wanted to mention that KeePassX [keepassx.org] runs on UNIX systems.

Re:Low expectations (1)

AmbushBug (71207) | more than 2 years ago | (#40640405)

Yep, and KeePassDroid [google.com] on Android.

Who cares? (2)

dynamo52 (890601) | more than 2 years ago | (#40633299)

I use a unique email address and randomly generated password for every single website to which I register. I don't know if I am a member on this forum but even if I am, I'm not going to bother with changing credentials because frankly, if somebody wants to impersonate me on a forum I may have joined simply for advice on a particular product I say go for it.

Re:Who cares? (1)

plutoXL (1314421) | more than 2 years ago | (#40633583)

Well, apparently you don't care. But I am sure many other people do care.

Hack Life (-1)

Anonymous Coward | more than 2 years ago | (#40633363)

this Is a Nice and excellent post.. I like this post.. I have some post like this .. go to www.djapna.com

Link... (1)

uniquename72 (1169497) | more than 2 years ago | (#40633395)

Link to forums... [androidforums.com] (Thanks for making me add more than just the link, /.)

Forums (4, Insightful)

Archangel Michael (180766) | more than 2 years ago | (#40633399)

Most websites are "NOT SECURE" enough, so pretending that they are is simply dangerous. Wanna know how secure that website is? The Login is not on a SSL connection. Nuff Said!

Re:Forums (2)

Kozz (7764) | more than 2 years ago | (#40635625)

Most websites are "NOT SECURE" enough, so pretending that they are is simply dangerous. Wanna know how secure that website is? The Login is not on a SSL connection. Nuff Said!

Grabbing credentials going over the wire of a non-SSL site is not at the top of my worries, but having SSL certainly gives people a false sense of security. Any idiot (well, almost) can obtain and install an SSL certificate for their webserver, but that doesn't mean said idiot remembered to lock down phpMyAdmin [google.com] or any other number of stupid things.

Re:Forums (0)

Anonymous Coward | more than 2 years ago | (#40636785)

having SSL certainly gives people a false sense of security

At an interview earlier this year where the panel consisted of a project manager and a developer, I was asked by the developer whether having SSL made a website secure. I answered no, and the project manager made that "snorting" sound that suggested he found my answer funny. The developer gave him a disdainfule look and then spent a few minutes telling the project manager - his boss - why I was right. I found it quite amusing.

Re:Forums (1)

Robert Zenz (1680268) | more than 2 years ago | (#40636583)

So, how exactly does SSL help with, say, SQL injection or a buffer overflow?

Just because a website is using SSL, doesn't mean that the webmaster has a clue what it's doing.

Screw websites that *require* a login (0)

Anonymous Coward | more than 2 years ago | (#40633437)

If a website requires you to sign up to post a comment... Don't post there. Just don't go there. Seriously.

Re:Screw websites that *require* a login (2)

BronsCon (927697) | more than 2 years ago | (#40633501)

You hear that, Slashdot? Now you know how to get rid of this guy!

Re:Screw websites that *require* a login (1)

Setsquare (746802) | more than 2 years ago | (#40633593)

Shouldn't forums just need a digital signature?

This is news? (4, Funny)

thetoadwarrior (1268702) | more than 2 years ago | (#40633571)

Some low budget Android site gets hacked and we feel the need to talk about it? It's a fucking PHP based site. I'm surprised not being hacked in between each restart to recover from memory leaks.

Re:This is news? (0)

Anonymous Coward | more than 2 years ago | (#40636701)

So why are you commenting?

The known exploit (3, Funny)

wbr1 (2538558) | more than 2 years ago | (#40633623)

androidforums.com runs on a cluster of old phones. A simple android root program injected into the php was all that was needed :P

And, To Fulfil the Irony.... (2)

rueger (210566) | more than 2 years ago | (#40633713)

It appears that the change password page [androidforums.com] is Slashdotted - I can't get more than one character into the form before it freezes up.

Good thing it's still using the old password that I used for forums before the great LinkedIn password crisis!

Re:And, To Fulfil the Irony.... (2)

cerberusss (660701) | more than 2 years ago | (#40636883)

It appears that the change password page [androidforums.com] is Slashdotted

It's the password that I only use for all my forum accounts, so I don't really care if it's hacked or not. Should I post stupid stuff, then it's just the silly Android Forums hacker.

Re:And, To Fulfil the Irony.... (5, Funny)

cerberusss (660701) | more than 2 years ago | (#40636951)

It's the password that I only use for all my forum accounts, so I don't really care if it's hacked or not. Should I post stupid stuff, then it's just the silly Android Forums hacker.

HAHAHA DISREGARD THAT, I SUCK COCKS

Re:And, To Fulfil the Irony.... (1)

coinreturn (617535) | more than 2 years ago | (#40637451)

+5, Funny as hell

Re:And, To Fulfil the Irony.... (0)

Anonymous Coward | more than 2 years ago | (#40637887)

AND sexy!

Therefore, +6!

Is this the new hype? (1)

Lord Lode (1290856) | more than 2 years ago | (#40633945)

Hacking sites to leak 100 thousands of passwords? This is the fourth recent case I know of.

Please use OpenID (2)

Galestar (1473827) | more than 2 years ago | (#40634793)

That is all.

Original Source (4, Informative)

izomiac (815208) | more than 2 years ago | (#40634819)

Here [androidforums.com] is the original source, with more information and less sensationalism. They aren't sure if any user information was downloaded, but are treating this as a full breach. To their credit, they at least hashed the passwords, and chose to inform their userbase rather than sit on it until they figured out if any user data was actually stolen or not.

Re:Original Source (2)

DaScribbler (701492) | more than 2 years ago | (#40638797)

Here [androidforums.com] is the original source, with more information and less sensationalism. They aren't sure if any user information was downloaded, but are treating this as a full breach. To their credit, they at least hashed the passwords, and chose to inform their userbase rather than sit on it until they figured out if any user data was actually stolen or not.

No, they only informed those who actively frequent their sire, since all they did was post a warning at the top of the forums page. They took no steps beyond that. They didn't bother to send out a mass email to their registered users. I didn't learn about it until yesterday, 3 days after the breach, and that's only because I read it here on slashdot. If I hadn't read about it here, it would probably have been another 5 or 6 days before I learned about it, since that's about how often I frequent their site.

So? I mean, it's a forum. (0)

Anonymous Coward | more than 2 years ago | (#40635053)

What kind of idiot uses anything but an easy-to-remember throw-away password for an internet forum? Shouldn't you always assume they're insecure hobby sites?
If it's not critical data, don't waste a good password on it.

I mean... Oh noes! Someone stole my android forums password. Now they can use it to make me look stupid on the forums for other products I own!

Fuck It (1)

Ryanrule (1657199) | more than 2 years ago | (#40635341)

Lets just make everything public.

Re:Fuck It (1)

DarwinSurvivor (1752106) | more than 2 years ago | (#40660587)

I would love it if we could get rid of all this password nonsense and just append pgp signatures to everything. Whole-site encryption (unless it's a private site) would be pointless, you wouldn't need to give them an e-mail account and there would be NOTHING to protect on the websites.

Note: The above only applies to forum/blog style sites and not private (bank, corporate, etc) sites that hold *confidential* information.

The Gentleman's Guide To Forum Spies (spooks, feds (-1)

Anonymous Coward | more than 2 years ago | (#40635477)

http://cryptome.org/2012/07/gent-forum-spies.htm [cryptome.org]
http://pastebin.com/irj4Fyd5 [pastebin.com]

Sections Overview:

1. COINTELPRO Techniques for dilution, misdirection and control of a internet forum
2. Twenty-Five Rules of Disinformation
3. Eight Traits of the Disinformationalist
4. How to Spot a Spy (Cointelpro Agent)
5. Seventeen Techniques for Truth Suppression

Only an idiot... (0)

Anonymous Coward | more than 2 years ago | (#40636657)

... would log in to change passwords on that site. Why do they register IPs for example? The only reason to log in there would be to remove all personal data and erase the account just in case they are going to sell the data once more. Lucky for them the world is full of idiots.

Does this mean.. (4, Funny)

0ld_d0g (923931) | more than 2 years ago | (#40636709)

They open sourced the passwords? :-P

Re:Does this mean.. (1)

vanaeken (162529) | more than 2 years ago | (#40640447)

Passwords want to be free!

Will they become... (3)

juanfgs (922455) | more than 2 years ago | (#40637589)

Paranoid Androids?

AGAIN WITH THE SCARE TACTIC HEADLINE! (0)

Anonymous Coward | more than 2 years ago | (#40637857)

The headline should have read AndroidForums.com hacked, the way it reads now one would think an official forum by Google for Android was hacked.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>