[Owasp-Malaysia] gawker password leak: Friendly reminder to encrypt *and* salt your stored passwords.

Mohd Fazli Azran mfazliazran at gmail.com
Wed Dec 15 11:07:39 EST 2010


Hi Ang,

Nice to see you in this mailing list. long time no see. Thank for the
complete info. Have been busy now day. What i learn from this incident is

1) Dont use same password if have different email or website or etc.
2) Update your encryption use latest technology
3) Always changing password (Yeah we are lazy to change also same with me)
4) Update any latest security announce or app

>From OWASP point of view. OWASP have some guide line to system admin, we
developer or security engineer regarding web application security

1) OWASP Enterprise Security
API<http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API>
2) OWASP Application Security Verification Standard
Project<http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#tab=Home>
3) OWASP Web Application
Firewall<http://www.owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Application_Firewalls>
(Already
presented by Alex Tan - Extol Malaysia on 4th OWASP Meetup)

Hope it may help. Just pray to god to get lucky :)

On Wed, Dec 15, 2010 at 7:56 PM, Ang Chin Han <ang.chin.han at gmail.com>wrote:

> Surprised not posted yet, but plenty of lessons to be learnt:
>
> http://www.codinghorror.com/blog/gawker-hack-release-notes.html
>
> http://en.wikipedia.org/wiki/Salt_(cryptography)
>
> See also
> http://www.reddit.com/r/programming/comments/ekpr3/gawkergizmodo_does_not_salt_their_passwords_uses/
>
> Salt your passwords, I'm looking at you Drupal 6! :(
>
> /me hypocrite
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
 Regards,
Mohd Fazli Azran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20101216/173aa8f6/attachment.html 


More information about the Owasp-Malaysia mailing list