Paetenians Home on the Net


please read before posting

Discussion Forums for the people of Paete, Laguna, Philippines
 FAQFAQ   SearchSearch    UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

phpBB hacked - Usap Paete runs on phpBB

Post new topic   Reply to topic   printer-friendly view    USAP PAETE Forum Index -> Usap Paete
View previous topic :: View next topic  
Author Message
Site Admin

Joined: 06 Jul 2005
Posts: 286

PostPosted: Mon Feb 09, 2009 6:16 pm    Post subject: phpBB hacked - Usap Paete runs on phpBB Reply with quote


We are sorry to report that we have been attacked through a 0-day-exploit in our PHPList installation (responsible for the mailing list about new releases). will remain unavailable while we work to recover. No vulnerabilities have been found in the phpBB software itself.


Hacked password list offers security insights
Mon Feb 9, 2009 1:34AM EST
Christopher Null: The Working Guy
Buzz up!on Yahoo!

Recently a niche programming-oriented website called had its user database hacked into and the passwords for 20,000 members stolen. The hacker who broke in then posted the account info and passwords online for the world to see. And while this is really bad news for those 20,000 unlucky souls, it offers an instructive lesson on password security for the rest of us.

InformationWeek analyzed the hacked password list and found a number of interesting trends in the data, primarily revolving around the fact that most people do exactly what they've been told not to do since passwords were first invented.

Author/analyst Robert Graham has tons of analysis on offer. I'm ordering my favorite/most enlightening data points from the piece here, starting with the most interesting. On thing to remember: These passwords are from a group of people interested in computer programming, so if anyone should know better, it's these guys.

The most popular password (3.03% of the 20,000) was "123456." It's also generally considered the most common password used today.

4 percent used some variant of the word "password." Seriously, people, there's no excuse for this one. "password" was the 2nd most popular password used, also in keeping with historical trends.

16 percent of passwords were a person's first name. No word on if it was their first name, but someone's. Joshua is the most commonly used first-name password, a likely reference to the movie WarGames.

Patterns abound. In addition to "123456," other pattens like "12345, "qwerty," and "abc123" were common, comprising 14 percent of the passwords used.

35 percent of passwords were six characters long. 0.34 percent were only one character long.

For reasons no one can explain, "dragon," "master," and "killer" all crack the top 20 passwords. (On the top 500 password list linked above, "dragon" is #7.)

One thing Graham doesn't discuss is that is really just a message board, and many users may simply have not cared about the security of their passwords here (unlike, say, with a bank account). In other words, they may very well have intentionally chosen something simplistic here to avoid re-using a password they save for an important login, just in case this site got hacked. Which, it turns out, it did.

I could go on, but Graham's post has way more detail than I can digest here and it's easy-reading too. Worth a close look for any citizen of the web.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic   printer-friendly view    USAP PAETE Forum Index -> Usap Paete All times are GMT - 5 Hours
Page 1 of 1

Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB © 2001, 2005 phpBB Group