The security mess that is Gawker

There’s a great write-up on Forbes about the recent Gawker 0wnge, let’s see, they were using 3 year old linux kernels, DES for password encryption, apparently no auditing of what users were using for their passwords since, “1,958 Gawker users’ password was ‘password’.”, and that’s not even all of the problems. The fun part is this covers accounts, emails and passwords for a slew of other sites that Gawker host such as,, and - which by estimates could be millions of accounts. The fact is many people use the same username and password combo for more than one site, so this has far reaching implications of future problems as those connections are sniffed out. From the sound of things this was not a one time problem, this was an ongoing issue, “The evidence also suggests the attackers have had access to Gawker’s internal systems for a period of time that is at least a month, and that they gained root level access to servers the Gawker Media web properties are hosted on.” Ugg, so for my response I made my own (lam3) meme here:

You can (and should) get information about changing your account password for any of those sites here and learn how to run an audit of all of your passwords, if you use/trust Lastpass, here, but hell, the damage is likely already done. We can only hope that this wakes up other companies, people’s personal information shouldn’t be so dealth with in such an insecure matter; at what point are they responsible for securing public data further than posting “We care about your privacy!!!” on their ‘About’ web page?

comments powered by Disqus