Courses:

Offensive Countermeasures: The Art Of Active Defense: SANSFIRE June 15-16, Blackhat USA July 27-28 & 29-30


Defensive Countermeasures: Foundations for Becoming A Devious Defender: Blackhat USA July 27-28 & 29-30


Conferences:

Check out the entire PaulDotCom crew at BsidesRI June 14-15th!



Subscribe:

Blog:
Videos:
Podcast:


PaulDotCom Español


Hack Naked TV


Hack Naked At Night


Stogie Geeks


Sponsored By:


www.coresecurity.com


www.tenablesecurity.com


www.sans.org



Follow Us On:


twitter.com/pauldotcom

PaulDotCom YouTube Channel


Groupon passwords in the clear? No. Way.

By
John Strand
on June 29, 2011 6:57 AM |

I am getting a bit sick of sites either storing passwords in the clear or as simple MD5 hashes (which is different than the crypt3 function using MD5 BTW).

There are a series of stories about how Groupon India was storing Passwords in the clear, but also accessible via Google Searches. Apparently, the magic query was “filetype:sql” “password” and “gmail".

What the hell? Honestly, though I am not that surprised. Simply go to a site or two that have a link for lost or forgotten passwords and have them send you a reminder. And by reminder I mean, a number of them will send you your actual password.

Either way you should be checking https://shouldichangemypassword.com/ on almost a daily basis.

-strandjs

PaulDotCom will be teaching Offensive Countermeasures at Black Hat July 30-31

Categories: