http://kb.digibase.ca/index.php?title=DBSA:2016-05271&feed=atom&action=history
DBSA:2016-05271 - Revision history
2024-03-29T14:27:46Z
Revision history for this page on the wiki
MediaWiki 1.31.1
http://kb.digibase.ca/index.php?title=DBSA:2016-05271&diff=965&oldid=prev
Kradorex Xeron at 21:27, 27 May 2016
2016-05-27T21:27:39Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 21:27, 27 May 2016</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>{{DBSAHEAD</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>{{DBSAHEAD</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>| TITLE=MySpace Compromise <del class="diffchange diffchange-inline">(Unconfirmed)</del></div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>| TITLE=MySpace Compromise</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>| KEYWORDS=MySpace, compromise, passwords, email addresses, unsalted</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>| KEYWORDS=MySpace, compromise, passwords, email addresses, unsalted</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>}}</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>}}</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l6" >Line 6:</td>
<td colspan="2" class="diff-lineno">Line 6:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''DBSA ID:''' {{PAGENAME}}</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''DBSA ID:''' {{PAGENAME}}</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>'''Regarding:''' MySpace Compromise <del class="diffchange diffchange-inline">(Unconfirmed)</del></div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>'''Regarding:''' MySpace Compromise</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''Writeup:''' [[User:Kradorex Xeron|Kradorex Xeron]] ([[User talk:Kradorex Xeron|talk]]) 17:25, 27 May 2016 (EDT)</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''Writeup:''' [[User:Kradorex Xeron|Kradorex Xeron]] ([[User talk:Kradorex Xeron|talk]]) 17:25, 27 May 2016 (EDT)</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l31" >Line 31:</td>
<td colspan="2" class="diff-lineno">Line 31:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Description==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Description==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>MySpace is a social networking platform website created for users to communicate, recent iterations of the website have been targeted toward the independent music scene. On 27 May 2016 it has been reported that the backend database of the site had been compromised and analyzed by the attackers who indicate 427 million records are in their posession. Records contain usernames, hashed passwords that are not salted (making it easy to use a rainbow table attack).</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>MySpace is a social networking platform website created for users to communicate, recent iterations of the website have been targeted toward the independent music scene. On 27 May 2016 it has been reported that the backend database of the site had been compromised and analyzed by the attackers who indicate 427 million records are in their posession. Records contain usernames, hashed passwords that are not salted (making it easy to use a rainbow table attack) <ins class="diffchange diffchange-inline">and email addresses.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">Digibase has not directly observed the compromised records, so this is unconfirmed at this point in time, but users should deploy standard methodologies</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Mitigation/Solution==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Mitigation/Solution==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Users should change their Myspace passwords on a rolling basis to temporary passwords, once immediately and then again at <del class="diffchange diffchange-inline">2 </del>weeks. After <del class="diffchange diffchange-inline">which </del>users may reset to a more longterm password. Users should also ensure that their password is not shared among other sites, to which those passwords will also need to be reset.</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Users should change their Myspace passwords on a rolling basis to temporary passwords, once immediately and then again at <ins class="diffchange diffchange-inline">1 </ins>weeks. After <ins class="diffchange diffchange-inline">2 weeks </ins>users may reset to a more longterm password. Users should also ensure that their password is not shared among other sites, to which those passwords will also need to be reset.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Users should also be highly suspicious of any contacts via email and use non-email methods to verify legitimacy of such email. Password resets should only be performed through known good links.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Users should also be highly suspicious of any contacts via email and use non-email methods to verify legitimacy of such email. Password resets should only be performed through known good links.</div></td></tr>
</table>
Kradorex Xeron
http://kb.digibase.ca/index.php?title=DBSA:2016-05271&diff=964&oldid=prev
Kradorex Xeron: Created page with "{{DBSAHEAD | TITLE=MySpace Compromise (Unconfirmed) | KEYWORDS=MySpace, compromise, passwords, email addresses, unsalted }} '''DBSA ID:''' {{PAGENAME}} '''Regarding:''' MySp..."
2016-05-27T21:25:08Z
<p>Created page with "{{DBSAHEAD | TITLE=MySpace Compromise (Unconfirmed) | KEYWORDS=MySpace, compromise, passwords, email addresses, unsalted }} '''DBSA ID:''' {{PAGENAME}} '''Regarding:''' MySp..."</p>
<p><b>New page</b></p><div>{{DBSAHEAD<br />
| TITLE=MySpace Compromise (Unconfirmed)<br />
| KEYWORDS=MySpace, compromise, passwords, email addresses, unsalted<br />
}}<br />
<br />
'''DBSA ID:''' {{PAGENAME}}<br />
<br />
'''Regarding:''' MySpace Compromise (Unconfirmed)<br />
<br />
'''Writeup:''' [[User:Kradorex Xeron|Kradorex Xeron]] ([[User talk:Kradorex Xeron|talk]]) 17:25, 27 May 2016 (EDT)<br />
<br />
'''Date:''' 2016 05 27<br />
<br />
'''Last Modified:''' {{REVISIONTIMESTAMP}} by {{REVISIONUSER}}<br />
<br />
'''Who should take note:''' All MySpace Users<br />
<br />
==Classification==<br />
<br />
'''Priority:''' MODERATE<br />
<br />
'''Rationale:''' Users need to ensure their information is secured.<br />
<br />
'''Severity:''' HIGH<br />
<br />
'''Rationale:''' Usernames, insecurely hashed passwords, email addresses among other information has reportedly been compromised<br />
<br />
'''Spread of Issue:''' SINGLE-PLATFORM HIGH<br />
<br />
'''Rationale:''' 427 Million records are reported to have been compromised<br />
<br />
==Description==<br />
MySpace is a social networking platform website created for users to communicate, recent iterations of the website have been targeted toward the independent music scene. On 27 May 2016 it has been reported that the backend database of the site had been compromised and analyzed by the attackers who indicate 427 million records are in their posession. Records contain usernames, hashed passwords that are not salted (making it easy to use a rainbow table attack).<br />
<br />
==Mitigation/Solution==<br />
Users should change their Myspace passwords on a rolling basis to temporary passwords, once immediately and then again at 2 weeks. After which users may reset to a more longterm password. Users should also ensure that their password is not shared among other sites, to which those passwords will also need to be reset.<br />
<br />
Users should also be highly suspicious of any contacts via email and use non-email methods to verify legitimacy of such email. Password resets should only be performed through known good links.<br />
<br />
==References==<br />
* https://www.leakedsource.com/blog/myspace<br />
<br />
[[Category:DBSA|2016]]</div>
Kradorex Xeron