The Lotus Cars Community banner

41 - 47 of 47 Posts

Registered
Joined
7,027 Posts
So I just read the Security and Databreach Notification. I do seem to understand VScopes thinking a bit better, maybe.

Seems that the horse got out the gate so if we have a better gate (for now) then the people who have the horse now won't, well, won't what?

How in heck will changing the site passwords now will affect anything about the passwords etc that have become more public? Isn't this just a distraction to make it look like something is being done?

Seems to me this could have all been handled by them just simply saying:

"Well gee we lost your password so if you are using it for an important site you ought to consider changing that password on that site"
 

Registered
Joined
1,275 Posts
So I just read the Security and Databreach Notification. I do seem to understand VScopes thinking a bit better, maybe.

Seems that the horse got out the gate so if we have a better gate (for now) then the people who have the horse now won't, well, won't what?

How in heck will changing the site passwords now will affect anything about the passwords etc that have become more public? Isn't this just a distraction to make it look like something is being done?

Seems to me this could have all been handled by them just simply saying:

"Well gee we lost your password so if you are using it for an important site you ought to consider changing that password on that site"
Well, you got the gist of what the problem is. Most people reuse usernames, Email addresses, and passwords. The DB gave them them 2 paired in clear text. The 3rd is less than securely encrypted with MD5 (or equivalent). Set a bot army out guessing against the obtained passwords and once you've made a few matches you have the seed and key. Now all passwords are decrypted because some few had easy guesses. Next attack everywhere else the username or Email address matches, but this time only go after sites that will yield.

This is not a one person attack but assumption that sports car owners also have assets is not a bad plan.
 

Registered
Joined
1,952 Posts
What's interesting about passwords, is if they just made it 4 separate words, it would have ridiculously higher encryption, and would be easier to remember.

Remember . Your . Password . Wanker
 

Registered
Joined
2,376 Posts
The unibomber's by the book encryption stalled the nsa supercomputers for months.

Nothing exotic or new, just good practice.
 

Premium Member
Joined
2,248 Posts
Took them a while but the admins emailed me a password reset form yesterday, so I have my account back.

I was going crazy thinking I maybe started another free email acct that I forgot about
 
41 - 47 of 47 Posts
Top