Avast hacked

Post Reply
Guest

Avast hacked

Post by Guest » Tue May 27, 2014 7:45 pm

Just a bit embarrassing.

http://betanews.com/2014/05/27/avast-hacked-400000-user-details-stolen/

Guest

RE: Avast hacked

Post by Guest » Tue May 27, 2014 7:54 pm

If it was something other than their forums, then I might be concerned... But I'm not concerned over this
This is according to a forum user of Avast, but I totally disagree with the view of this person, in my opinion is a bit more than embarrassing!
Thanks Heidi, for a good read

Fantozzi
Posts: 3709
Joined: Thu Jan 12, 2012 6:30 pm

I received email from Avast:

Post by Fantozzi » Tue May 27, 2014 8:27 pm

Sub: Avast forum offline due to attack.

Dear ********,

The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.

This issue only affects our community-support forum. No payment, license, or financial systems or other data were compromised.

We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately.

We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.

All the best,

Ondrej Vlcek COO AVAST Software

Guest

RE: Avast hacked

Post by Guest » Tue May 27, 2014 9:10 pm

Announced yesterday by Avast - May 26th, 2014
http://blog.avast.com/2014/05/26/avast-forum-offline-due-to-attack/

<quote user="fantozzi">
Sub: Avast forum offline due to attack.

Dear ********,

The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately.
[/quote]


I received the same message.

I had also forgot I had an account there ; )

Guest

RE: Avast hacked

Post by Guest » Tue May 27, 2014 9:55 pm

There is something I do not understand and maybe I should not even spend my time, trying to do so, but what in the world is a hashed password vs a regular password or even a salted password hashing

From this site that I do not believe to be a bad site, but not knowing for sure I killed the link

I do not mind learning more about coding, if that helps me be a more helpful member at WOT and in the process rate sites in a more accurate way ................ but this is news to me, salt, hashes, java it comes to a point in which I don't know if I am having breakfast or using a computer
hxxttps://crackstation.net/hashing-security.htm#normalhashing
Can we make a 99.9% secured password or is it too late for something like this?
Avast also admits that while the "passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords" and recommends that if you use the same login details on other sites, you change them immediately.
http://betanews.com/2014/05/27/avast-hacked-400000-user-details-stolen

Is truly a shame that we have not developed a better way to connect to another site, via a better password, and be protected by a firewall

system, outside biometrics as I do not see myself using my DNA in order to use the net

As for Avast it appears that this took place eight months ago, and now is when we find out, and that "less than 0.2 percent of users were affected" or close to half a million user's emails were compromised that is not the way to get your user to trust your service


We are about to learn what took place, a few fractions of a second, before the big Bang and we still do not have in the 21 century, a
secured way to use the internet

As for the hacker's message, I wonder if they know that their method of spreading their message, always backfire with most people and that there is spell check function that was forgotten altogether .............. and that is truly embarrassing :))

alphacentauri
Posts: 3291
Joined: Mon Nov 02, 2009 12:52 pm

RE: Avast hacked

Post by alphacentauri » Wed May 28, 2014 3:58 am

SH58:

I'm not an expert, but this is my understanding.

The first thing to understand is that all the figures you've heard about how many years it would take to guess an 8 character password are meaningless. Very few people are so important that hackers will concentrate on hacking their passwords. Hackers mainly try to get lists of lots of username/password combinations, then they try them everywhere they can think of to see if those combinations will work. They don't care whose account they get into; they just want as many people as possible as easily as possible.

In order to have password security on a computer, it's necessary to store users' passwords. Otherwise there's no way of knowing if someone has entered the correct password.

In a perfect world, you'd just store a list of usernames and passwords, then compare the password that is typed with the one that is stored. (Ok, in a perfect world, you wouldn't need passwords because people would be honest.) The problem is that you really don't want to be responsible for knowing other people's passwords. They insist on reusing them. If your database is compromised, the intruders can start trying those username/password combinations all over the place, like to get into people's bank accounts.

The next level of security is to encrypt the passwords. Instead of storing the plain-text password, you store the encrypted form, which is called a hash. When the user enters a password to access the site, you encrypt the password they just entered and compare the encrypted form to the hash you have stored. You don't un-encrypt the hash; it's supposed to be a one-way process. The problem with this is that there are a few widely used encryption methods, and it is worth the trouble for hackers to create "rainbow tables" where they simply take a list of ALL common passwords and encrypt them. It's then trivial to look up passwords given the encrypted form. Intruders often have access to a database for a long time before being discovered, so they even have time to do some further computations to find the less common passwords.

An additional layer of security is a "salted hash." You take the password chosen by the user and append a "Salt," an internally generated character string that is unique for each user. A user always get the same salt every time they log in, but it's different from everyone else's salt. You then encrypt that combined string, which is going to be longer and more complex that whatever the user actually thinks his password is. When a user logs in, you take their unique salt, add it to the password they have entered, encrypt it, and compare it to the salted hash stored in your database. Because of the addition of the unique salts, it means your rainbow tables aren't going to have ready-to-use encrypted versions of your passwords. Intruders have to do a lot more computation to find a password that, when added to the salt assigned to a given user, will produce the salted hash stored in the database.

That doesn't mean hackers can't do it. They can probably figure out 96% of passwords if they have enough time/enough computer power, because 96% of people will choose a password from the list of the top 1000 common passwords. You can take all 1000 and try them with each salt in a bat of an eye. You can even try out 2-3 word combinations of words from dictionaries of all common world languages in a reasonable length of time.

But the people who choose truly complex, truly random passwords, will be in the 4%. It's a safe bet those are the same people whose passwords won't work anywhere else, anyway, so from the point of view of hackers, it's only worth cracking the passwords of the low hanging fruit in these types of massive database leaks.

rmn
Posts: 72
Joined: Tue Jan 31, 2012 11:43 am

RE: Avast hacked

Post by rmn » Fri May 30, 2014 5:48 am

AlphaCentauri:

I think, you are right, and it's easy to track those, trying, down when you have servers with complex services. Cou can see all these tries going to ssh/imap/auth smpt aso.
I'm doing some statistics on these. Four countries are holding the high score: 1. China, 2. Russia, 3.Ukraine, 4. Nigeria - those are the major fraud sources.
In some cases it's a bit astonishing: China will not let every information in but lets all frauds out it seems. One eye blind?

Guest

RE: Avast hacked

Post by Guest » Thu Nov 20, 2014 12:05 pm

<quote user="qqamresh">
AVG and quickheal both work fine actually.
[/quote]

I'd recommend Quickheal to only those I don't like.

I wonder why you have not rated one site, yet have 13 comments on the forum promoting that garbage AV.

hotdoge3
Posts: 1638
Joined: Sat Jan 03, 2009 9:14 pm

RE: Avast hacked

Post by hotdoge3 » Sun Nov 23, 2014 7:49 am

Tue 27 May 2014 Old Post do you sell Quickheal come on not do well in test come like last see

https://www.virusbtn.com/index


Guest

RE: Avast hacked

Post by Guest » Sun Nov 23, 2014 12:00 pm

<quote user="hotdoge3">
Tue 27 May 2014 Old Post do you sell Quickheal come on not do well in test come like last see

https://www.virusbtn.com/index
[/quote]

Looks like "qqamresh" QH promotion posts have finally been removed.

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests