WARNING: 33.000 SMF password stolen and on the loose in Finland

Started by Surferbird, October 13, 2007, 04:35:18 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 All
User actions

niko

#20
October 14, 2007, 08:01:52 AM
Quote from: H on October 14, 2007, 07:37:10 AM
Quote from: Tony on October 14, 2007, 05:39:01 AM
Only really old versions of SMF used MD5 hashing which is crackable. Many forum systems and other web applications still use MD5.

Current versions of SMF use SHA1 and as far as I know are not directly crackable,



I wasn't aroun
d for the SMF 1.0 series but if the MD5 uses the username as a salt (like 1.1 with sha1) then I imagine getting actual passwords from these hashes still takes quite a bit of time


function md5_hmac($data, $key)
{
 $key = str_pad(strlen($key) <= 64 ? $key : pack('H*', md5($key)), 64, chr(0x00));
 return md5(($key ^ str_repeat(chr(0x5c), 64)) . pack('H*', md5(($key ^ str_repeat(chr(0x36), 64)) . $data)));
}


Not standard md5 at least. $data = password, $key = username
Websites: Madjoki || (2 links retracted by team, links out of date and taken over.)
Mods: SMF Arcade, Related topics, SMF Project Tools, Post History

WIP Mods: Bittorrent Tracker || SMF Wiki

voyager1337

#21
October 14, 2007, 08:08:34 AM
You can find anything on those sites but most of it is pure rubbish and designed just to make you download it.  I know of an XBOX Live Keygen that's also on those turrents but it's nothing but a virus

Surferbird

#22
October 14, 2007, 08:15:12 AM Last Edit: October 14, 2007, 08:18:13 AM by Surferbird
Latest news, sorry for bad translation (originally in finnish)
Central Criminal Police investigate the hijack and distribution of passwords. Police has ask help
from other outside finland countries to cach the authors.

The file that has been publiced in net contains specially discussion
forum and different communityservice information. No bank netpasswords is within these.
Identifications from IRC-Gallerys has not leake out, as believed yesterday.

Virus defend company F-Secure advice forum and community services to change passwords.
Also Cert-fi has given this advicer when warned people. Same time Cert-fi thold people to use
long words containing many special characters in passwords is needed.

Never before has so many passwords (80,000) been exposed in Finland.
.:: Always something to ask - always grateful for assistance ::.

Surferbird

#23
October 15, 2007, 05:07:54 PM
Quote from: voyager1337 on October 14, 2007, 08:08:34 AM
You can find anything on those sites but most of it is pure rubbish and designed just to make you download it.  I know of an XBOX Live Keygen that's also on those turrents but it's nothing but a virus

No, it's not true at all. There is really good stuff, seems you cant find or use torrents ;)
.:: Always something to ask - always grateful for assistance ::.
Print
Go Up Pages 1 2 All
User actions
Advertisement: