Subscribe:

Blog:
Videos:
Podcast:


PaulDotCom Español


Hack Naked TV


Hack Naked At Night


Stogie Geeks


Training:


Offensive Countermeasures: Defensive Techniques That Actually Work:


SANSFIRE 2012 (July 7-8)


Blackhat 2012 (July 21-22 & 23-24)


Sponsored By:


www.coresecurity.com


www.tenablesecurity.com



Follow Us On:


twitter.com/pauldotcom

PaulDotCom YouTube Channel


Visit PaulDotCom Insider


Groupon passwords in the clear? No. Way.

By
John Strand
on June 29, 2011 6:57 AM |

I am getting a bit sick of sites either storing passwords in the clear or as simple MD5 hashes (which is different than the crypt3 function using MD5 BTW).

There are a series of stories about how Groupon India was storing Passwords in the clear, but also accessible via Google Searches. Apparently, the magic query was “filetype:sql” “password” and “gmail".

What the hell? Honestly, though I am not that surprised. Simply go to a site or two that have a link for lost or forgotten passwords and have them send you a reminder. And by reminder I mean, a number of them will send you your actual password.

Either way you should be checking https://shouldichangemypassword.com/ on almost a daily basis.

-strandjs

PaulDotCom will be teaching Offensive Countermeasures at Black Hat July 30-31

Categories: