Arik Hesseldahl

Recent Posts by Arik Hesseldahl

Gawkergate Password Mess Was Two Years in the Making

Gawker was told about the flaw in the method it used to store user passwords to its commenting system more than two years before it was hacked, the Guardian’s Charles Arthur reports.

A Gawker user posted a message on Get Satisfaction and received a promise to “improve it,” though no such improvement ever took place.

Well, we know how that turned out. A hacker group called Gnosis gained entry not only to the commenting system, but also to pretty much everything the Gawker team used to run its collection of sites.

Gawker was hacked. Gawker founder Nick Denton apologized. But the damage wasn’t limited to Gawker and its users.

Soon Twitter and LinkedIn were dealing with hacking attacks on their sites. Then Yahoo and World of Warcraft developer Blizzard forced users to change their passwords. And finally the collateral damage reached all the way to the New York Times.

We also learned that many of the people whose passwords were disclosed used simple ones. Topping the list: “123456.” And we all learned a little about the dangers of using the same password everywhere.

No comment yet from Denton, although I’ll certainly update if I hear back from him.

And in case you didn’t pay enough attention to all this, and why it’s not a good idea to share passwords across multiple sites, here’s a great cartoon from XKCD that illustrates the dangers:

Latest Video

View all videos »

Search »

I think the NSA has a job to do and we need the NSA. But as (physicist) Robert Oppenheimer said, “When you see something that is technically sweet, you go ahead and do it and argue about what to do about it only after you’ve had your technical success. That is the way it was with the atomic bomb.”

— Phil Zimmerman, PGP inventor and Silent Circle co-founder, in an interview with Om Malik