[Jim_Westergren]

Mest skrämmande är nog hur name.com kunde köra vanliga osaltade hash för kundernas lösenord. Och nu är de crackade och hela databasen i händerna hos HTP (+ flera?).

Citat:

The name.com sample data HTP showed in their log by querying the database was real. Source: I work for one of the companies they used as sample rows when querying the name.com DB. Our head of ops confirmed that the hash in the HTP log was indeed the MySQL 4.1 PASSWORD() unsalted hash of our password at the time. name.com is kind of generous with the term "encrypted" in their email. - https://news.ycombinator.com/item?id=5677550