| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Apr 2014 17:36:39 -0500 From: Brandon Perry <bperry.volatile@...il.com> To: noloader@...il.com Cc: Daniel Hadfield <dan@...gsweep.co.uk>, Full Disclosure List <fulldisclosure@...lists.org> Subject: Re: [FD] AOL confirms compromise Best practice is PCI compliance. Duh. On Tue, Apr 29, 2014 at 5:21 PM, Jeffrey Walton <noloader@...il.com> wrote: > On Tue, Apr 29, 2014 at 11:30 AM, Daniel Hadfield <dan@...gsweep.co.uk> > wrote: > > http://blog.aol.com/2014/04/28/aol-security-update/ > > > Ouch... Have any details of the "encryption" been analyzed or > discussed? Its always interesting to see what a company considers > "best practice". > > Jeff > > <quote> > AOL's investigation is still underway, however, we have determined > that there was unauthorized access to information regarding a > significant number of user accounts. This information included AOL > users' email addresses, postal addresses, address book contact > information, encrypted passwords and encrypted answers to security > questions that we ask when a user resets his or her password, as well > as certain employee information... > </quote> > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists