Re: [Dataloss] Fwd: Important information about a security breach at Ravelry.com (fwd)

[Jeffrey Walton <noloader () gmail com>]

On Mon, Jun 6, 2011 at 10:51 PM, security curmudgeon
<jericho () attrition org> wrote:
> ---------- Forwarded message ----------
> From: "Ravelry" <contact-us () ravelry com>
> Date: Jun 6, 2011 2:41 AM
> Subject: Important information about a security breach at Ravelry.com
> To:
>
>          [image: Ravelry] <http://www.ravelry.com>
>          (Wondering if this email is real? You can also see a similar notice
> by logging in to Ravelry.com) *Important Information about a Ravelry
> Security Breach*
>
>  Dear Ravelry member,
>
> An attacker recently managed to break in to one of Ravelry's secondary
> servers. Once inside, they were able to access user names,
> *encrypted*passwords, and possibly email addresses. Your passwords could
> not be seen and no financial or other sensitive information was accessed
> as we do not collect or store this type of data.
Begs the question: how were the passwords encrypted? MD5? With or
without a salt? (I don't consider MD5 encryption, but its often used
in circumstances like these).

> [SNIP]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/