<div dir="ltr">I personally think this attack is gaining the guy more attention than the original interview on ABC itself, the first i heard of this dutch guy was from the attack. Seems kind of counter-productive of what the attacker was going after...<div>
<br></div><div style>--Damian</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 27, 2013 at 2:09 PM, Aqius <span dir="ltr"><<a href="mailto:aqius@lavabit.com" target="_blank">aqius@lavabit.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-AU" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">OT, but hacking the ABC site (essentially attacking freedom of speech via threatening the media through mass abuse of Australian website members) seems a fairly full on approach... And one that is likely to lead to hostility from the victims towards the rather than empathy. Did anyone see the show - I’m curious how full on this guy is?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.ausnog.net</a> [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.ausnog.net</a>] <b>On Behalf Of </b>Giles Pollock<br>
<b>Sent:</b> Wednesday, 27 February 2013 14:43<br><b>To:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br><b>Subject:</b> Re: [AusNOG] ABC Website Hacked<u></u><u></u></span></p>
<div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal" style="margin-bottom:12.0pt">Looks like SHA1, some of the hashes match SHA1 rainbow tables if you do a quick google search... Hope ABC is locking down and letting people know to change their passwords on other services...<u></u><u></u></p>
<div><p class="MsoNormal">On Wed, Feb 27, 2013 at 2:40 PM, Damian Guppy <<a href="mailto:the.damo@gmail.com" target="_blank">the.damo@gmail.com</a>> wrote:<u></u><u></u></p><div><p class="MsoNormal">However if they are using a common unsalted hash like MD5 then it is trivial to use a rainbow table to get the passwords in seconds.<span><span style="color:#888888"><u></u><u></u></span></span></p>
<div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><span style="color:#888888">--Damian<u></u><u></u></span></p></div></div><div><div><div><p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
<div><p class="MsoNormal">On Wed, Feb 27, 2013 at 11:39 AM, Noon Silk <<a href="mailto:noonslists@gmail.com" target="_blank">noonslists@gmail.com</a>> wrote:<u></u><u></u></p><p class="MsoNormal">On Wed, Feb 27, 2013 at 2:18 PM, Tim March <<a href="mailto:march.tim@gmail.com" target="_blank">march.tim@gmail.com</a>> wrote:<br>
><br>> [...]<u></u><u></u></p><div><p class="MsoNormal" style="margin-bottom:12.0pt">><br>> I haven't looked at the dump but I won't be surprised if the passwords are<br>> trivially decryptable if they're encrypted at all. 1Password is your friend.<u></u><u></u></p>
</div><p class="MsoNormal">So-as to prevent continued mis-use of language here; hashed passwords<br>can't be "decrypted". It is only possible to find another string which<br>hashes to the same value.<br><br>
<br>> T.<br><span style="color:#888888"><br>--<br>Noon Silk<br><br>Fancy a quantum lunch? <a href="https://sites.google.com/site/quantumlunch/" target="_blank">https://sites.google.com/site/quantumlunch/</a><br><br>"Every morning when I wake up, I experience an exquisite joy — the joy<br>
of being this signature."</span><u></u><u></u></p><div><div><p class="MsoNormal">_______________________________________________<br>AusNOG mailing list<br><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><u></u><u></u></p></div></div></div><p class="MsoNormal"><u></u> <u></u></p></div></div></div><p class="MsoNormal" style="margin-bottom:12.0pt">
<br>_______________________________________________<br>AusNOG mailing list<br><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><u></u><u></u></p>
</div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div><br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>