Comments on: Boards.ie Forums have been hacked – don’t panic!

By: James Beckett

James Beckett — Fri, 22 Jan 2010 12:08:39 +0000

@m4rkiz vBulletin salts are generated randomly per user at registration time, so that won’t help them in a bulk attack.

By: m4rkiz

m4rkiz — Fri, 22 Jan 2010 00:18:05 +0000

@James Beckett

or if they created some accounts prior to hack they may have a known password with proper hash so finding a salt can be done if it is same for all (or some) passwords in database

By: James Beckett

James Beckett — Thu, 21 Jan 2010 21:46:30 +0000

If the attackers were after the passwords (rather than other useful things in the user database) you have to assume that they also managed to snag a copy of the salt in use.

However, the only likely attack on the password database is brute force, so it might be reasonable to consider only weak passwords to be at risk – if you used digits only, a dictionary word, a name, or some minor perturbation thereof, you’d be first in the firing line.

By: Darragh @ Boards.ie

Darragh @ Boards.ie — Thu, 21 Jan 2010 20:14:36 +0000

Thanks very much for this post. Just want to confirm that Boards.ie will NOT be sending out emails with passwords or links. If you receive an email from Boards.ie that asks you to do anything like click a link, log into a website or any other action, please forward it to hello@boards.ie.

DO NOT CLICK IT!

If there’s anything we can help you with, please contact us at hello@boards.ie

Thanks very much

Darragh

By: Tweets that mention Boards.ie Forums have been hacked – don’t panic! -- Topsy.com

Thu, 21 Jan 2010 18:05:59 +0000

[...] This post was mentioned on Twitter by thumped.com, Stotti. Stotti said: Article on the security implications of the @boards_ie hack: http://bit.ly/7jcqZ4 Please RT! @basquille @davidcochrane @thumped and others [...]