Today I hacked a site where people upload pictures and other people rate’s them. The site has a 100 000 users and for a Swedish site’s it’s big. The problem is it had stored the passwords in the database in plain text. Obviously this is good news for me but for the users it’s really bad. Sites that big should take better care of their users. The point here is webmaster should really think more about encryption and to use the right one. Do not use MD5, SHA-1 or MYSQL(4), they are way too easy to crack with too days GPU cards . If I would encrypt I would use phpass or whirlpool, they are hard nuts to crack. But I’am happy there are ignorant webmasters out there to make my life easy. How would I otherwise get my kickass wordlists?

This entry was posted on Monday, November 30th, 2009 at 10:42 am and is filed under Adventure. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.