And…. There has been another breach of a “cloud” service. Well, sort of. Adobe’s connectusers.com forum was broken into on Monday. The hack was allegedly performed by Egyptian hacker ViruS_HimA. The Forum was shut down on Tuesday night in response to the attack. Although at this time Adobe is still claiming that nothing beyond the customer forum was breached there is always the potential that other services were affected by the attack. The culprit in this case turns out to be bad password protection.
After the breaches and issues with passwords we saw last week we were not surprised to see the creator of a popular password hashing application md5crypt() come out and recommend against using this software. Now if you have followed security then you are probably already aware that the MD5 encryption scheme was broken quite a while ago (2004-2005) and is no longer recommended as an encryption algorithm. So why in 2012 are we only getting a recommendation to stop using md5crypt() now?
There is more news about the LinkedIn Data Breach as security firm Sophos reports that roughly 3.5 Million of the hashed passwords have been cracked. This is about 60% of the 5.8 Million unique passwords that were grabbed from a password database on the popular business connection site. The speed in which the passwords were cracked is of concerning.