I am getting a bit sick of sites either storing passwords in the clear or as simple MD5 hashes (which is different than the crypt3 function using MD5 BTW).
There are a series of stories about how Groupon India was storing Passwords in the clear, but also accessible via Google Searches. Apparently, the magic query was “filetype:sql” “password” and “gmail”.
What the hell? Honestly, though I am not that surprised. Simply go to a site or two that have a link for lost or forgotten passwords and have them send you a reminder. And by reminder I mean, a number of them will send you your actual password.
Either way you should be checking https://shouldichangemypassword.com/ on almost a daily basis.
-strandjs
PaulDotCom will be teaching Offensive Countermeasures at Black Hat July 30-31

About the author