3
   

Facebook have store millions of passwords in plain text!!!!!

 
 
BillRM
 
Reply Thu 21 Mar, 2019 12:45 pm
How dare facebook one of the largest sites on the internet not hash hundreds of millions of their users password keeping them in plain text.

Hashing passwords had been the default for well over ten years for all internet sites that used passwords.

If they can be that careless how can anyone trust them in any way or in any manner?
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 3 • Views: 875 • Replies: 23

 
izzythepush
 
  1  
Reply Thu 21 Mar, 2019 01:54 pm
@BillRM,
you should really cite a source when you claim something like that. I'm not saying you're wrong but a link would help. Hopefully to a piece that explains what hash passwords are and why they're important.
BillRM
 
  1  
Reply Thu 21 Mar, 2019 02:28 pm
@izzythepush,
izzythepush wrote:

you should really cite a source when you claim something like that. I'm not saying you're wrong but a link would help. Hopefully to a piece that explains what hash passwords are and why they're important.


As that information was on many many news sites I did not see the need to quote any one of them.

I do not remember any of the sites explaining hashes so perhaps the reporters felt like I did that in this day an age hashings and even salting passwords would be widely understood concepts.

In any case, to hash a password you just enter the plain text password that the site does not store into a one way function that give you the hash key to used on the site. You do not used the plain text for anything but for generating the key.

Oh and a one way function means in this case that it is hard very hard to recover the text from having the hash key of that text.

You can therefore have someone hacking and downloading all your users hashes an they still can not just log into the site as the user or hacker for that matter need to enter the plain text password an then the site generate the hash key by way of the one way function.
izzythepush
 
  1  
Reply Thu 21 Mar, 2019 02:37 pm
@BillRM,
Please no, my idea of hell is you explaining something to me, sorry. Language isn't your friend.

This is the first I've heard of it so a link would still be nice.
PUNKEY
 
  1  
Reply Thu 21 Mar, 2019 02:51 pm
My Amazon account just got hacked. I got 2 notices, minutes apart, that I had changed the email assigned to my account. I did no such thing. I don't know how that was done without them knowing my password.

Now I can't get into my Amazon account.

So - there is another person with an Amazon account that has all my info attached.

Maybe the "big boys" - FB and Amazon - are getting messed around.


0 Replies
 
jespah
 
  3  
Reply Thu 21 Mar, 2019 03:17 pm
https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/
izzythepush
 
  1  
Reply Thu 21 Mar, 2019 03:20 pm
@jespah,
Thank you.
0 Replies
 
BillRM
 
  1  
Reply Thu 21 Mar, 2019 03:25 pm
@izzythepush,
izzythepush wrote:

Please no, my idea of hell is you explaining something to me, sorry. Language isn't your friend.

This is the first I've heard of it so a link would still be nice.


By the way perhaps you could return the favor by explaining what the hell your nation is doing with this Brexit nonsense.

At least the US voters was not dumb enough to give Trump the majority of the popular votes.

I still can remember being in a London pub in the early 1970s an being told that now that England had join the EU England would end up ruling the EU.
I can still remember asking the gentleman what Germany would be doing while you are taking over the EU,

Ok if you think I am hard for you to understand here is a in complete nut to bolt explaining of hashes and salting an attacks on both.......good luck

\\https://crackstation.net/hashing-security.htm

Next here is one of a millions or so stories on facebook storing passwords in plain text.

Quote:


https://www.wired.com/story/facebook-passwords-plaintext-change-yours/


BY NOW, IT’S difficult to summarize all of Facebook’s privacy, misuse, and security missteps in one neat description. It just got even harder: On Thursday, following a report by Krebs on Security, Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite, and Instagram to be stored as plaintext in an internal platform. This means that thousands of Facebook employees could have searched for and found them. Krebs reports that the passwords stretched back to those created in 2012.

Organizations can store account passwords securely by scrambling them with a cryptographic process known as hashing before saving them to their servers. This way, even if someone compromises those passwords, they won't be able to read them, and a computer would find it difficult—even functionally impossible—to unscramble them. As a prominent company with billions of users, Facebook knows that it would be a jackpot for hackers, and invests heavily to avoid the liability and embarrassment of security mishaps. Unfortunately, though, one open window negates all the padlocks, bolts, and booby traps money can buy.

“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems,” Pedro Canahuati, Facebook’s vice president of engineering, security, and privacy wrote in a statement. “Our login systems are designed to mask passwords using techniques that make them unreadable. To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.”

Canahuati says that Facebook has now corrected the password logging bug, and that the company will notify hundreds of millions of Facebook Lite users, tens of millions of Facebook users, and tens of thousands of Instagram users that their passwords may have been exposed. Facebook does not plan to reset those users’ passwords.

"In some ways that’s the most sensitive data they hold, because it’s raw and unmanaged."
KENN WHITE, OPEN CRYPTO AUDIT PROJECT
For
izzythepush
 
  1  
Reply Thu 21 Mar, 2019 03:32 pm
@BillRM,
I'm sorry, I wasn't trying to be rude. I find your phrasing and spelling somewhat troublesome.

I voted against Brexit and I've just signed the petition to stop it, currently at 1552836.

It's been a cock up from day one. Paxman puts it best.

BillRM
 
  1  
Reply Thu 21 Mar, 2019 04:04 pm
@izzythepush,
izzythepush wrote:

I'm sorry, I wasn't trying to be rude. I find your phrasing and spelling somewhat troublesome.

I voted against Brexit and I've just signed the petition to stop it, currently at 1552836.

It's been a cock up from day one. Paxman puts it best.

[youtube]https://www.youtube.com/watch?v=ek3l9iaByro[/youtube]


I love English humor on the whole an it nice to know that you guys are still mad at Lord North for losing the colonies.

Perhaps if you would promise to resettle Trump in Australia without an internet connection and or re-burn the white house down with him still in it we could reach a deal to reunite with your empire.

footnote please do not burn the library of congress down this time.
izzythepush
 
  1  
Reply Thu 21 Mar, 2019 04:16 pm
@BillRM,
Jeremy Paxman is one man, and if you'd watched the clip you would have heard Frank Skinner say it was the first mention of Lord North on the programme.

Most people have never heard of him.

I don't believe in empires I believe in International Socialism.
izzythepush
 
  1  
Reply Thu 21 Mar, 2019 04:23 pm
@izzythepush,
izzythepush wrote:

I voted against Brexit and I've just signed the petition to stop it, currently at 1552836.



Since I last posted it's currently 1,941,699
0 Replies
 
BillRM
 
  1  
Reply Thu 21 Mar, 2019 04:43 pm
@izzythepush,
izzythepush wrote:

Jeremy Paxman is one man, and if you'd watched the clip you would have heard Frank Skinner say it was the first mention of Lord North on the programme.

Most people have never heard of him.

I don't believe in empires I believe in International Socialism.


As my DNA test indicate that I am almost 50/50 between English blood and the friendly Vikings I can now understand why I am in tune with Empires along with why when I go sailing with a friend and after I had have a few rums and coke the reason that I feel like ramming and boarding other nearby crafts.
izzythepush
 
  1  
Reply Thu 21 Mar, 2019 04:57 pm
@BillRM,
Friendly Vikings is an oxymoron. The Vikings were the ones who did the raiding. Not all Norsemen raided, some traded, they weren't called Vikings.

The Danes settled in England and would have taken over completely were it not for Alfred the Great. The thing is pretty much all English people have some Danish blood in them along with a host of other nationalities. We're the original mongrel nation.

When I visited Copenhagen with my son who is a linguist, he thought his knowledge of other languages would help. The language that was of most use was English. I tried to imagine the Danes were speaking Geordie or Broad Yorkshire instead of a foreign language and it did help a bit.
BillRM
 
  1  
Reply Thu 21 Mar, 2019 05:30 pm
@izzythepush,
izzythepush wrote:

Friendly Vikings is an oxymoron. The Vikings were the ones who did the raiding. Not all Norsemen raided, some traded, they weren't called Vikings.

The Danes settled in England and would have taken over completely were it not for Alfred the Great. The thing is pretty much all English people have some Danish blood in them along with a host of other nationalities. We're the original mongrel nation.

When I visited Copenhagen with my son who is a linguist, he thought his knowledge of other languages would help. The language that was of most use was English. I tried to imagine the Danes were speaking Geordie or Broad Yorkshire instead of a foreign language and it did help a bit.


The Vikings took so must of Europe total gold supply north that gold was for a time in very short supply.

I did figure that my half and half DNA results was from both Viking raiders and traders settling in England and raising families with the local women.

Interesting history indeed an finding that I seems to have a personal and family connection to that history is amazing also to me.
izzythepush
 
  1  
Reply Thu 21 Mar, 2019 05:36 pm
@BillRM,
Everybody has to come from somewhere. In the end we're all African.

Over here History starts off as myth. London was founded by Brutus fleeing the Trojan war, like Rome was founded by Aeneas' son Romulus, and Aeneas was also fleeing the Trojan war.

Don't know if there's any truth in it, but it's reported almost as fact.
BillRM
 
  1  
Reply Thu 21 Mar, 2019 06:31 pm
@izzythepush,
I need to do another visit to England as there are a whole list of places I would yet love to see.

By the way had you ever read the book title 'The Wizard War' by Dr.R V Jones?
Jones was the head of scientific intelligence on Britain's Air Staff and scientific adviser to MI6. England more then held her own in the areas of scientific warfare during the war even compare to the US or Germany.

To me it was only some bad luck such as the Comet passengers jet having a bad windows design that cause them to blow out and the general lack of resources compare to the US that kept England from being able to successfully compete with the US in the post WW2 era in high tech areas such as computers an aviation and becoming at least a strong secondary leader of the free world.
oralloy
 
  0  
Reply Thu 21 Mar, 2019 11:43 pm
@izzythepush,
izzythepush wrote:
Hopefully to a piece that explains what hash passwords are and why they're important.

Hashing means encoding passwords and personal information (typically with a level of encoding that would take a couple hundred years for a supercomputer to decrypt) so that if some hacker were to manage to steal the data, the hacker would then be faced with the daunting task of decoding it before they could actually do any harm.
oralloy
 
  0  
Reply Thu 21 Mar, 2019 11:46 pm
@BillRM,
BillRM wrote:
How dare facebook one of the largest sites on the internet not hash hundreds of millions of their users password keeping them in plain text.
Could Facebook be the breach that led to that inept blackmail attempt against you?

http://able2know.org/topic/493253-1
izzythepush
 
  1  
Reply Fri 22 Mar, 2019 01:30 am
@BillRM,
I have not read that. I just bought a book about the occult battles going on. Not started it because I'm wading through the Decamaron right now which is hard going.

My favourite books set around WW2 are the Bernie Gunther books by Phillip Kerr. He's the archetypal good German, but one who is constantly compromised.

https://berniegunther.com/
0 Replies
 
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Facebook have store millions of passwords in plain text!!!!!
Copyright © 2019 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 08/19/2019 at 12:50:46