[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] AOL confirms compromise

To: Daniel Hadfield <dan@xxxxxxxxxxxxxxx>
Subject: Re: [FD] AOL confirms compromise
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Tue, 29 Apr 2014 18:21:17 -0400

On Tue, Apr 29, 2014 at 11:30 AM, Daniel Hadfield <dan@xxxxxxxxxxxxxxx> wrote:
> http://blog.aol.com/2014/04/28/aol-security-update/
>
Ouch... Have any details of the "encryption" been analyzed or
discussed? Its always interesting to see what a company considers
"best practice".

Jeff

<quote>
AOL's investigation is still underway, however, we have determined
that there was unauthorized access to information regarding a
significant number of user accounts. This information included AOL
users' email addresses, postal addresses, address book contact
information, encrypted passwords and encrypted answers to security
questions that we ask when a user resets his or her password, as well
as certain employee information...
</quote>

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] AOL confirms compromise
  - From: Brandon Perry

References:
- [FD] AOL confirms compromise
  - From: Daniel Hadfield

Prev by Date: Re: [FD] Telegram authentication bypass
Next by Date: Re: [FD] Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin)
Previous by thread: [FD] AOL confirms compromise
Next by thread: Re: [FD] AOL confirms compromise
Index(es):
- Date
- Thread