[liberationtech] Man-in-the-middle attack on GitHub in China
Matt Mackall
mpm at selenic.com
Wed Jan 30 23:37:28 PST 2013
On Wed, 2013-01-30 at 23:30 -0800, x z wrote:
> 2013/1/30 Matt Mackall <mpm at selenic.com>
>
> > On Wed, 2013-01-30 at 13:15 -0600, Matt Mackall wrote:
> > > On Wed, 2013-01-30 at 09:55 -0800, x z wrote:
> > > > @Nadim, I think breaking in a CA is a rather serious crime that GFW
> > would
> > > > refrain from committing;
> > >
> > > Unlike, say, breaking into the Tibetan government-in-exile, Google and
> > > hundreds of other companies?
> >
> > From today's news:
> >
> >
> > https://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html
> >
> > Interesting. The following from this article is alarming:
>
> "Security experts found evidence that the hackers stole the corporate
> passwords for every Times employee and used those to gain access to the
> personal computers of 53 employees, most of them outside The Times’s
> newsroom."
>
> Does Times store these passwords in plain text?
Probably not, but it no longer matters. The state of the art in password
cracking has massively improved in the past few years and most hashed,
salted passwords are no longer safe.
--
Mathematics is the supreme nostalgia of our time.
More information about the liberationtech
mailing list