LulzSec set sights on Brink?

onoez! not my precious forum profile?! They’re gonna know my etqw forum password, too! :o

heh

This is all just a pain in the ass.

well the stats site doesn’t hash the passwords. I just sent myself a password reminder and it gave me my password in plaintext. So I deleted my stats account but it’s probably too late. Luckily I don’t use the same password for xbox and email as I used for the stat site. But I used to use that pw for forums. So I started changing them.

Lets see what they dump out. I wonder how many people entered their same xbox password as their stat site password.

meh

How are your password reminders usually sent to you?

Intelligently designed authentication systems will reset your password and send you a new one rather than sending you your original password. If the system is properly designed they can’t (as in, it’s physically impossible for them to) send you your original plaintext password.

Any damage they can do to Splash Damage will be no less than what they deserve.

it depends on what the site has serverside to use, php function to cypher text are weak, and no cannot reverse the string unless you have a set math from user info detail values, so most sites will md5 the password and store it in the database

if everything is through through, the data in the cook will be cyphered and then base64 so nobody can steal you password if they take your cookie off of your HDD

kind of like the future of portals http://sourceforge.net/projects/nullnuke/files/

If you hate splash damage so much then gtfo these forums.

I think their point was that Bethesda had “betrayed” hardcore fps fans. Douchebags.

they should target activision, the world needed a power ballad guitar hero game before they killed it off

Man, some guys come out of the woodwork to throw gas on any fire. Why not just let us play the game if we like it?

1)Can someone please summarize this for me. (tl;dr version).

2)They should attack other games and all of them wil be forced to play Brink

Passwords are usually one way hashed so that people can’t decrypt them if they get compromised. The fact that they sent me my original one means that they either saved it as plaintext or used an encryption algorithm that allows for encryp/decrypt.

If the key gets compromised and they know what kind of password encryption they used then they can decrypt the data and make things public.

If they one way hashed it with a random salt then the idea is that they don’t store the actual password. They store a value that when hashed it matches.

So everytime you log in they take your password hash it and compare it to the hash one on the server. That is a bit more secure than an encrypted value with a possible compromised key.

[QUOTE=kamikazee;337803]Let’s try that again.

When a user registers, a salt is generated, this gets padded to the password and the padded result is hashed and stored.

When a hacker wants to retrieve an un-salted password from the hash, he could look it up in a rainbow table because such a table contains all possible hashes for passwords up to a given number of characters. However, longer passwords or salted passwords cannot be reliably deduced from this table because the hashes would overlap or might not occur at all in the table. He would thus need to start a new brute force attack using longer inputs.

So, any salt worth it’s salt is long enough to pad the user’s password until rainbow tables become inpractical. Here’s what wikipedia says about this:

Obviously, once you would calculate such a table (similar to a table for passwords up to 20 characters or so) you are out of luck. But if you choose the salt well, a cracker might just need so much time to crack a password that it doesn’t matter if he knows the hash and salt, it just becomes too much effort, which is what modern cryptography is all about.[/QUOTE]

You are quite correct, however do factor in:

• Systems which, even though they can be secured, are still using abysmal techniques for storing your password securely.
• Better algorithms.
• Access to practically infinite resources in both CPU time and storage through public and private clouds and botnets.

There are plenty of important systems (even here in the Netherlands), which store your password:

• Not encrypted or hashed
• Just encrypted (if you have access to both the database and the decryption algorithm retrieving the password is easy)
• Hashed with an MD5 (rainbow tables, perhaps with a collision attack to lower the size of your rainbow table)
• Hashed with an MD5, salted, but using a very simple salt (“double” rainbow table as I described)
• Hashed with a better algorithm but not salted (hard to decrypt, but easy to retrieve using a rainbow table)

And as it turns out, Bethesda doesn’t even hash the passwords

[QUOTE=BioSnark;337832]onoez! not my precious forum profile?! They’re gonna know my etqw forum password, too! :o

heh[/QUOTE]Hah, that one took me a moment. Good one!

It must be hard to be filled with hate, frustration and resent. Go out, there are many nice things in life to do instead of hanging around here and making yourself more mad.

Take windsurf lessons, learn saxophon… don’t waste your time with remorse.

Anything interesting happen yet? Seems like this “eta within 24 hours” thing might happen whilst I’m asleep, I’m dreading yet excited for what I’ll wake up to.

[QUOTE=Stormchild;337987]It must be hard to be filled with hate, frustration and resent. Go out, there are many nice things in life to do instead of hanging around here and making yourself more mad.

Take windsurf lessons, learn saxophon… don’t waste your time with remorse.[/QUOTE]
+1

Check this.

These guys are awacome.
They hacked into FBI :>
Thats pretty impressive,noone hasn’t done that so perfectly.
Maybe they hack into Area51 database I could be so happy…
Anyway,don’t think that they are gonna hack BRINK,I think they take something bigger,like Steam or Valve.

They hacked into the FBI? Haven’t heard anything of this