<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-AU link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>OT, but hacking the ABC site (essentially attacking freedom of speech via threatening the media through mass abuse of Australian website members) seems a fairly full on approach... And one that is likely to lead to hostility from the victims towards the rather than empathy. Did anyone see the show - I’m curious how full on this guy is?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> ausnog-bounces@lists.ausnog.net [mailto:ausnog-bounces@lists.ausnog.net] <b>On Behalf Of </b>Giles Pollock<br><b>Sent:</b> Wednesday, 27 February 2013 14:43<br><b>To:</b> ausnog@lists.ausnog.net<br><b>Subject:</b> Re: [AusNOG] ABC Website Hacked<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'>Looks like SHA1, some of the hashes match SHA1 rainbow tables if you do a quick google search... Hope ABC is locking down and letting people know to change their passwords on other services...<o:p></o:p></p><div><p class=MsoNormal>On Wed, Feb 27, 2013 at 2:40 PM, Damian Guppy <<a href="mailto:the.damo@gmail.com" target="_blank">the.damo@gmail.com</a>> wrote:<o:p></o:p></p><div><p class=MsoNormal>However if they are using a common unsalted hash like MD5 then it is trivial to use a rainbow table to get the passwords in seconds.<span class=hoenzb><span style='color:#888888'><o:p></o:p></span></span></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='color:#888888'>--Damian<o:p></o:p></span></p></div></div><div><div><div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal>On Wed, Feb 27, 2013 at 11:39 AM, Noon Silk <<a href="mailto:noonslists@gmail.com" target="_blank">noonslists@gmail.com</a>> wrote:<o:p></o:p></p><p class=MsoNormal>On Wed, Feb 27, 2013 at 2:18 PM, Tim March <<a href="mailto:march.tim@gmail.com" target="_blank">march.tim@gmail.com</a>> wrote:<br>><br>> [...]<o:p></o:p></p><div><p class=MsoNormal style='margin-bottom:12.0pt'>><br>> I haven't looked at the dump but I won't be surprised if the passwords are<br>> trivially decryptable if they're encrypted at all. 1Password is your friend.<o:p></o:p></p></div><p class=MsoNormal>So-as to prevent continued mis-use of language here; hashed passwords<br>can't be "decrypted". It is only possible to find another string which<br>hashes to the same value.<br><br><br>> T.<br><span style='color:#888888'><br>--<br>Noon Silk<br><br>Fancy a quantum lunch? <a href="https://sites.google.com/site/quantumlunch/" target="_blank">https://sites.google.com/site/quantumlunch/</a><br><br>"Every morning when I wake up, I experience an exquisite joy — the joy<br>of being this signature."</span><o:p></o:p></p><div><div><p class=MsoNormal>_______________________________________________<br>AusNOG mailing list<br><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></p></div></div></div><p class=MsoNormal><o:p> </o:p></p></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>AusNOG mailing list<br><a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></body></html>