JoeTech.com
 



### Contact | About Joe Tech | Advertise | Get Reviewed | Disclosure | Tools
Search:

Gawker Media Hack Is A Password Reminder

Posted in Computers,web by Joe Colburn on the December 14th, 2010

Over the weekend, Gawker Media was hacked, providing an encrypted password list (among other things) to the hackers. A group calling themselves Gnosis has taken credit for the hack and released a package full of server information, notes on the hack, Gawker Media site source code and worst, everyone’s passwords.

Gnosis hack on Gawker Media

Judging by the statement made by the hackers, it looks like someone at Gawker pissed them off. I was actually planning another post about web security before this happened, but that will wait for another day as it has to do with different perils of having online accounts.

Here’s the email Gawker Media sent out today:

This weekend we discovered that Gawker Media’s servers were compromised,
resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel,
io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. As a result, the user name
and password associated with your comment account were released on the
internet. If you’re a commenter on any of our sites, you probably have
several questions.

We understand how important trust is on the internet, and we’re deeply
sorry for and embarrassed about this breach of security. Right now we
are working around the clock to improve security moving forward. We’re
also committed to communicating openly and frequently with you to make
sure you understand what has happened, how it may or may not affect you,
and what we’re doing to fix things.

This is what you should do immediately: Try to change your password in
the Gawker Media Commenting System. If you used your Gawker Media
password on any other web site, you should change the password on those
sites as well, particularly if you used the same username or email with
that site. To be safe, however, you should change the password on those
accounts whether or not you were using the same username.

We’re continually updating an FAQ (http://lifehac.kr/eUBjVf) with more
information and will continue to do so in the coming days and weeks.

Gawker Media

How Does This Affect You?

If you’ve never commented on a web property in the Gawker Media network, you may not have anything to worry about. If you have, on the other hand, your password on that site has been compromised and you should think about where else you used that password and change it on all sites. In the quoted text above, Gawker points us to a post on Life Hacker full of answers. Of course, to minimize the effects of future hacks on Gawker or any site, it’s best to have a strong password (see below) and use different passwords for different sites. As an example, you wouldn’t want to use the same password on Gawker that you use for online banking.

Is Your Password Strong Enough

Surprisingly, too many people have passwords that are easy enough to crack or even just guessable. Without a doubt, the absolutely worst password you can use for any account is the word, “password”. Regardless, of the nearly 1.3 million accounts compromised, 1,959 had “password” as their passwords. Even if it’s not guessed by a hacker, the simplest brute force attack can crack this password in no time. So how do you know if your password is strong enough?

Is my Password Strong

I built a quick and easy password strength test site to help you test your password. This may be helpful but you can also get by with some quick password tips. To understand them, you should know a little about how a brute force attack works. Typically a script runs that tries one password after another until one works. A simple script might first try every word in a dictionary file. This is just a file full of known real words like “gamer”, “puppy”, or maybe, “password”. Failing that, it would start going through every character combination from aaa, aab, aac, for example, through to larger guesses like 9999999. A more time-consuming attack might make use of characters like $%!, etc. but this takes far longer. Having to check for upper vs lower case takes a lot longer as well. From this, we can assume that you can make your password stronger by making it longer and including numbers, mixed case, and special characters. By this logic, “Chr1Stm@s!!%” is a far more secure password than “christmas”.

Even if you were not affected directly by this, take this as a reminder to audit your password habits and make changes if needed. A little effort now can save you a lot of future headache.

About the author

Joe Colburn Joe Colburn is a software engineer specializing in PHP and a technology enthusiast. Always eager to dive into new and exciting things, Joe writes about anything technology related news and products that he thinks you will also be excited about. Find Joe Colburn on Google+ or by any of the links below.

If you liked this Joe Tech article, subscribe to the RSS feed for daily updates.

Submit this story to:

Trackbacks

  1. [...] Gawker Media Hack Is A Password Reminder
    (joetech.com) [...]

Sponsors




Events

Find me at any of the following events.

No upcoming events

Sponsors

Dedicated server hosting by Codero

led lighting

Get Your #PurpleTicket - Sign up for IZEA

Need Help


Friends and Sponsors

 
Popular Posts
 • How to Crack the Account Password on Any Operating System
 • How To Send An Anonymous Text Or MMS Message
 • How To Replace A Dell Inspiron Laptop Heat Sink And Fan Assembly
 
More Popular Posts
 • 5 Geeky Ways to Say “I Love You” on Valentine’s Day
 • My Sony Vaio VGN-SZ430N Hard Drive Crashed and How I Fixed It
 • Swiss Mini Gun is Tiny, Lethal, and Expensive
 
© 2006 - 2014

Joe Colburn