Full Disclosure mailing list archives
Re: AOL confirms compromise
From: Brandon Perry <bperry.volatile () gmail com>
Date: Tue, 29 Apr 2014 17:36:39 -0500
Best practice is PCI compliance. Duh. On Tue, Apr 29, 2014 at 5:21 PM, Jeffrey Walton <noloader () gmail com> wrote:
On Tue, Apr 29, 2014 at 11:30 AM, Daniel Hadfield <dan () pingsweep co uk> wrote:http://blog.aol.com/2014/04/28/aol-security-update/Ouch... Have any details of the "encryption" been analyzed or discussed? Its always interesting to see what a company considers "best practice". Jeff <quote> AOL's investigation is still underway, however, we have determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users' email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information... </quote> _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
-- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- AOL confirms compromise Daniel Hadfield (Apr 29)
- Re: AOL confirms compromise Jeffrey Walton (Apr 29)
- Re: AOL confirms compromise Brandon Perry (Apr 29)
- Re: AOL confirms compromise Jeffrey Walton (Apr 29)