"Passwords encrypted and salted"
Does he really mean "hashed and salted"? The hash algorithm and amount and randomicity of the salt matter. There is no excuse not to have SHA-512, 5000 or more rounds, and at least 32 bits of hash.
Website administration firm cPanel told customers that it had been hacked over the weekend, potentially exposing contact information in the process. Customers' names, contact details, and encrypted (and salted) passwords were publicly aired due to a series of unfortunate events. Payment information, kept on a separate system …
for all my email addresses addresses going bonkers this afternoon.
Constant password failures with some accounts working one way but not the other - ands others working the other way round.
Seems to have sorted itself now but it looks as though its password changing for most ofthis evening.
On top of that, our supersonic Panasonic plasma refuses to power-up (just as Granny turns up to stay for 6 months!)
After seeing the long list of vulnerabilities disclosed yesterday, including one rated at 10, I tried to remove Cpanel from our Linux servers. It is almost impossible. Eventually found a CRONTAB resurrecting all the pieces we had managed to kill. A virus has attack vectors - check - persistence - check- is resistant to removal - check. Their software has grown incrementally since I first used it in the 1990s. I would be surprised if there is anybody left in the organization who has a grip on the entire system... a catastrophic zero-day is inevitable, IMO...
"Website admin cPanel hacked, loses a bunch of folks' contact details"
Looks interesting, I thought to myself; how are they going get in touch with their customers if they've lost the contact details? Call me pedantic, but in I.T. you really do need to be pedantic if you want your systems to work as intended.
Biting the hand that feeds IT © 1998–2022