Rainbow tables, SQL injection, and why you want to use a different password for e-mail
by Pixeleen Mistral, National Affairs desk
The new Try All Your Chance blog details the frightening extent of the BanLink security problems that led to the Second Life ban list sharing site's apparent demise - and suggests that BanLink user passwords might as well have been stored in plain text given the lack of site security.
"Names, passwords, email addresses; 100% of the data the site had, anyone could view and even modify. Even without access to the members area of the site."
BanLink was a popular shared Second Life ban list service that was ultimately neglected by its creators and afflicted with fundamental serious security issues - a story the Herald broke in September after being tipped to the fact that certain URLs caused the BanLink site to share supposedly secret ban information with world+dog on teh interwebs.
The Try All Your Chance coverage is notable for a lucid discussion of the moral dilemma that is responsible disclosure of exploits - followed by a hands-on detective story that explains exactly how poorly protected BanLink user passwords were and how the BanLink web site was ultimately put in perma-maintenance mode.
Continue reading "Try All Your Chance - Banlink Passwords Were An Open Book" »
Recent Comments