Zappos Hacked: Internal Systems Breached

← Back to Stories (view on slashdot.org)

Zappos Hacked: Internal Systems Breached

Posted by samzenpus on Sunday January 15, 2012 @06:26PM from the under-the-wire dept.

wiredmikey writes "Zappos appears to be the latest victim of a cyber attack resulting in a data breach. In an email to Zappos employees on Sunday, CEO Tony Hsieh asked employees to set aside 20 minutes of their time to read about the breach and what communications would be sent to its over 24 million customers. While Hsieh said that credit card data was not compromised, he did say that 'one or more' of the following pieces of personal information has been accessed by the attacker(s): customer names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers. User passwords were 'cryptographically scrambled,' he said."

122 comments

Min score:

Reason:

Sort:

breach database? by GuldKalle · 2012-01-15 18:34 · Score: 5, Insightful

Is there a site covering breaches like these? It would be nice to have an easily searched database with number of users, the kind of info that was accessed, the attack vector etc.

--
What?
1. Re:breach database? by Securityemo · 2012-01-15 18:45 · Score: 4, Informative
  
  http://datalossdb.org/
  
  --
  Emotions! In your brain!
2. Re:breach database? by Rubinstien · 2012-01-15 20:16 · Score: 2
  
  I hope you are trying to be humorous. AIX is one of the buggiest UNIX implementations I know of, and that includes security bugs. A really simple example -- one that was fixed years ago in other OS's (like Solaris) -- using the Berkley variant of 'ps', you can easily access the environment of any process on the system. On AIX you access the Berkley version by leaving off the hyphens in front of command-line options (nice feature that, I like it better than Sun's completely separate binary). Try 'ps geww'. Not too dangerous if everyone keeps sensitive things out of their environment, but I can guarantee that is not always the case. CGI scripts tend to put interesting things there as a matter of course.
3. Re:breach database? by Anonymous Coward · 2012-01-15 21:44 · Score: 1
  
  http://dazzlepod.com/disclosure/
  Their most recent entry: http://dazzlepod.com/stratfor/
  Zappos's not up yet..
4. Re:breach database? by f3rret · 2012-01-16 01:02 · Score: 0
  
  Seriously...what the hell are these guys spamming for?
  I don't get it.
  
  --
  Admit nothing. Deny Everything. Make Counter-accusations.
5. Re:breach database? by WrongSizeGlass · 2012-01-16 01:04 · Score: 1, Insightful
  
  How is this post informative? That site doesn't have anything about the Zappos breach ... or anything that's happened in the last six months. It hasn't posted an update since June, 2011 - and that includes their monthly reports.
  
  I applaud datalossdb.org efforts to trying to make this data available in one place, but it needs new 'volunteers' (and probably some more donations).
6. Re:breach database? by bondsbw · 2012-01-16 02:29 · Score: 4, Informative
  
  I'm not sure what you're looking at. Its latest report is January 13, 2012.
  http://datalossdb.org/index/latest
  True, it doesn't mention Zappos yet.
  
  --
  All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
7. Re:breach database? by Un+quebecois · 2012-01-16 09:12 · Score: 0
  
  You mean that one ? http://datalossdb.org/incidents/5489-24-million-email-addresses-billing-and-shipping-addresses-phone-numbers-the-last-four-digits-from-credit-cards-passwords-and-more-illegally-accessed
8. Re:breach database? by WrongSizeGlass · 2012-01-16 09:18 · Score: 1
  
  I'm not sure what you're looking at. Its latest report is January 13, 2012.
  I was looking the June 2011 thru Jan 2012 reports on this page and the date of the latest post on the front page.
9. Re:breach database? by wiredmikey · 2012-01-16 10:22 · Score: 2
  
  A good one also would be http://www.databreaches.net/ - M
10. Re:breach database? by Anonymous Coward · 2012-01-17 06:22 · Score: 0
  
  Datalossdb.org has an alert email that goes out weekly if you want to track these, I do for professional reasons
Re:doh by Anonymous Coward · 2012-01-15 18:36 · Score: 0, Offtopic

SOME... SHALL... PASS!
Cyber attack? by Anonymous Coward · 2012-01-15 18:38 · Score: 5, Funny

I hope the cyber police do what they can to find the cyber criminals who committed this cyber crime against Cyber Zappos. After all, Cyber CEO Tony Hsie- oh fuck I can't keep this up.
Don't call it a cyber attack. It was an attack. This isn't 1996.
1. Re:Cyber attack? by johnsnails · 2012-01-15 18:43 · Score: 1
  
  hahaha! Now I have to watch Angelina Jolie in Hack3rs
2. Re:Cyber attack? by lemur3 · 2012-01-15 19:00 · Score: 1
  
  she has a twenty eight point eight bee pee ess modem!!!
  clearly the problem is availability of 3D glasses... cyber criminals will stop at nothing to defeat corporate giants!
3. Re:Cyber attack? by hedwards · 2012-01-15 21:36 · Score: 1
  
  I thought the problem was that they realized that hacking the Gibson just required a ping of death.
4. Re:Cyber attack? by justforgetme · 2012-01-15 22:01 · Score: 1
  
  what was that nintendo headpiece, the blonde guy was wearing, called again?
  
  --
  -- no sig today
5. Re:Cyber attack? by justforgetme · 2012-01-15 22:04 · Score: 1
  
  Nah. there were definitely explosions involved. I think they found an LDAP exploid
  
  --
  -- no sig today
6. Re:Cyber attack? by mixmasta · 2012-01-15 22:23 · Score: 3, Funny
  
  Then the hackers drove away on the INFORMATION SUPERHIGHWAY ... in a YUGO, oops... equivalent of a CYBER-CORVETTE.
  
  --
  #6495ED - cornflower blue
7. Re:Cyber attack? by Anonymous Coward · 2012-01-16 01:10 · Score: 1
  
  Fuck off. Cyber is the best prefix ever.
  Sincerely,
  William Gibson
8. Re:Cyber attack? by SeaFox · 2012-01-16 01:19 · Score: 2
  
  I hope the cyber police do what they can to find the cyber criminals who committed this cyber crime against Cyber Zappos.
  I'm sure there's a gumshoe on the case already.
9. Re:Cyber attack? by drinkypoo · 2012-01-16 03:04 · Score: 1
  
  Don't call it a cyber attack. It was an attack. This isn't 1996.
  Just be glad they're not calling it an e-Attack.
  How do you suggest the news differentiate the sort of "attack" that results only in a little hard disk thrashing and data transfer from the kind that results in dead bodies, bleeding, running, and screaming?
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
10. Re:Cyber attack? by DarkOx · 2012-01-16 04:52 · Score: 1
  
  Maybe they commited this e-Attack with their iPwn4
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
11. Re:Cyber attack? by arose · 2012-01-16 12:48 · Score: 1
  
  Where do you stand on bank robberies?
  
  --
  Analogies don't equal equalities, they are merely somewhat analogous.
12. Re:Cyber attack? by Anonymous Coward · 2012-01-16 18:45 · Score: 0
  
  Don't call it a cyber attack. It was an attack. This isn't 1996.
  Just be glad they're not calling it an e-Attack.
  How do you suggest the news differentiate the sort of "attack" that results only in a little hard disk thrashing and data transfer from the kind that results in dead bodies, bleeding, running, and screaming?
  How about the use of adjectives and context? You know, exactly the same way we differentiate attacks in all other areas of life.
Meh,, by arsemonkey · 2012-01-15 18:41 · Score: 2

Other than my email, and the last 4 of my nearly maxed out credit card, that's pretty much all public record anyway.
1. Re:Meh,, by higuita · 2012-01-16 01:56 · Score: 1
  
  Not everyone is fool enough to use real data or have a facebook account...
  
  --
  Higuita
First the bad news.. by lemur3 · 2012-01-15 18:42 · Score: 4, Interesting

from the email going out to customers:
Subject: Information on the Zappos.com site - please create a new password
First, the bad news:
We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).
THE BETTER NEWS:
The database that stores your critical credit card and other payment data was NOT affected or accessed. ...translation:
The Bad News is that things are shitty.
The Good News is that people are learning to love the smell of shit.
1. Re:First the bad news.. by justforgetme · 2012-01-15 22:07 · Score: 1
  
  does cryptographically scrambled mean what I think it does or does he just use the wrong description?
  
  --
  -- no sig today
2. Re:First the bad news.. by RKThoadan · 2012-01-16 02:50 · Score: 1
  
  Can you think of a better way to communicate this to John Q. Public?
3. Re:First the bad news.. by justforgetme · 2012-01-16 04:56 · Score: 1
  
  Not really but if they were storing salted password hashes with a sufficient algo he should be able get away with "No actual passwords were revealed"
  
  --
  -- no sig today
4. Re:First the bad news.. by Anonymous Coward · 2012-01-16 05:17 · Score: 0
  
  Cryptographically scrambled means MD5 hashed without a salt. Rainbow tables ahoy!
5. Re:First the bad news.. by Provocateur · 2012-01-16 06:40 · Score: 1
  
  The best news:
  All user IDs are safe unless their passwords are "123456", "ABCDEF", or "password". We *did* ask you to change them from these defaults. If you did not, we suggest you meet with your new 0wners.
  
  --
  WARNING: Smartphones have side effects--most of them undocumented.
6. Re:First the bad news.. by Anonymous Coward · 2012-01-16 08:18 · Score: 0
  
  "Rainbow tables ahoy!"
  Wow, when you take that out of context, it takes on completly different meaning.
7. Re:First the bad news.. by Anonymous Coward · 2012-01-16 15:26 · Score: 0
  
  It could also mean PBKDF2 or bcrypt etc etc.
Well... by Anonymous Coward · 2012-01-15 18:48 · Score: 1

To suss it all out, they'll need to hire a gumshoe...
1. Re:Well... by skegg · 2012-01-15 20:36 · Score: 2
  
  Yeah, and we know who's ultimately going to foot that bill.
2. Re:Well... by mattack2 · 2012-01-16 09:31 · Score: 1
  
  I know where they could buy some shoes, and return them easily, no questions asked.
Storing passwords (not as easy as you think) by seifried · 2012-01-15 18:50 · Score: 5, Informative

Sadly password storage is actually tricky and most places do it wrong (using MD5/SHA1 for example). Covered in Nov 2011 article Storing your passwords properly (disclaimer: I wrote it, and it's a PDF file). One problem is that even if zappos enforces strong passwords users have a tendency to reuse their strong passwords between sites (you can only memorize so much gibberish or passphrases). Hopefully Zappos learns from this and builds a more resilient system.
1. Re:Storing passwords (not as easy as you think) by Anonymous Coward · 2012-01-15 18:52 · Score: 0
  
  People really need to learn to use scrypt.
2. Re:Storing passwords (not as easy as you think) by dgatwood · 2012-01-15 18:56 · Score: 4, Interesting
  
  Like storing authentication information on a separate server from user information. This tends to make the info a lot less useful.
  Ooh. User ID #67215298's password is "correct horse battery staple". Who is user ID #67215298? Uh... we haven't cracked that server yet.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
3. Re:Storing passwords (not as easy as you think) by seifried · 2012-01-15 18:57 · Score: 3, Interesting
  
  I assume you mean http://www.tarsnap.com/scrypt.html and https://github.com/pbhogan/scrypt? Looks interesting, I'll have to check them out.
4. Re:Storing passwords (not as easy as you think) by fliptout · 2012-01-15 18:59 · Score: 1
  
  Thanks for this.. I've been looking for advice on storing passwords.
  
  --
  A witty saying proves you are wittier than the next guy.
5. Re:Storing passwords (not as easy as you think) by Cato · 2012-01-15 19:30 · Score: 4, Interesting
  
  Mod parent up, the article is quite good.
  A more general and simpler answer though is to *always use a standard library* - see http://stackoverflow.com/questions/1581610/how-can-i-store-my-users-passwords-safely/1581919#1581919 for a good answer.
  Also ensure that your password storage is one-way hashed, and *salted* with a random salt (different per user) and uses *password stretching* (i.e. iterates the hashing function thousands of time to make brute forcing much more expensive). See http://slashdot.org/comments.pl?sid=1987632&cid=35150388 for more on password stretching including phpass, the gold-standard library for PHP used by WordPress, Drupal, etc.
  Most importantly, never write your own password storage - you are virtually guaranteed to get it wrong. Apart from the above issues, what about timing attacks (Zend has an article about this from PHP perspective.)
6. Re:Storing passwords (not as easy as you think) by Anonymous Coward · 2012-01-15 19:33 · Score: 3, Insightful
  
  I'm going to have to disagree with this statement from your article: "Because hash functions like AES-256 only provide 2^256 possible unique outputs, collisions are obviously possible".
7. Re:Storing passwords (not as easy as you think) by fliptout · 2012-01-15 19:34 · Score: 0
  
  Python wrapper for bcrypt. Looks like what I need for my project:
  http://code.google.com/p/py-bcrypt/
  
  --
  A witty saying proves you are wittier than the next guy.
8. Re:Storing passwords (not as easy as you think) by Anonymous Coward · 2012-01-15 20:18 · Score: 5, Informative
  
  You know, I almost posted something when this article was first published but I decided it wasn't worth it. But now that it's come up again in the context of helping people I must say something.
  This article is absolutely full of errors.
  The end recommendation of using bcrypt is fine, but beyond the basic concepts the rest has major problems. A few examples:
  1. AES is not a hash function. It can be used in some constructions to emulate a hash, but you wouldn't just call that AES-256 as you do, nor is it commonly used this way.
  2. "Because hash functions like AES256 only provide 2^256 possible unique outputs..." Only? This would put you at ~2^128 outputs before you could really hope to get a collision (and not a collision with a specific output, just any two outputs colliding). This is WAAAY beyond the resources of all of humanity.
  3. "Brute-forcing older algorithms is definitely possible now (DES and 3DES already fell to brute-force attacks several years ago)." Since when was 3DES brute-forced? I see no evidence that even 2TDEA has been brute-forced, let alone 3TDEA which is what people actually use. Citation greatly needed.
  There are other problems a well, but these are enough to give a taste of the issues.
9. Re:Storing passwords (not as easy as you think) by 93+Escort+Wagon · 2012-01-15 20:44 · Score: 1
  
  One problem is that even if zappos enforces strong passwords users have a tendency to reuse their strong passwords between sites (you can only memorize so much gibberish or passphrases).
  User education is the key here. There's no good reason for re-using passwords, at least for most people. For many years, OS X has included a keychain manager you can use to store passwords and other sensitive information. Gnome offers a similar tool for Linux users, and I know there are third-party Windows programs that do pretty much the same thing. These utilities make it almost trivial to use different strong passwords for all your online accounts - yet relatively few people know they even exist!
  I'm sure it will be pointed out that if someone gets your keychain password they'll then have access to all your accounts, and that's true; but you're still significantly reducing the ways an attacker can successfully get at your data. You > can/b take steps to protect your personal computer - you can't really force all the people you do business with to do the same with their servers, unfortunately.
  
  --
  #DeleteChrome
10. Re:Storing passwords (not as easy as you think) by 93+Escort+Wagon · 2012-01-15 20:46 · Score: 1
  
  Crap, sorry about screwing up closing that bold tag somehow.
  
  --
  #DeleteChrome
11. Re:Storing passwords (not as easy as you think) by grantek · 2012-01-15 20:52 · Score: 1
  
  Ooh. User ID #67215298's password is "correct horse battery staple". Who is user ID #67215298? Uh... we haven't cracked that server yet.
  Yes you have.
12. Re:Storing passwords (not as easy as you think) by Anonymous Coward · 2012-01-15 21:12 · Score: 0
  
  Parent is obviously referring to xkcd: http://xkcd.com/936/
13. Re:Storing passwords (not as easy as you think) by fatphil · 2012-01-15 21:17 · Score: 4, Informative
  
  It's hard to take seriously an article which contains remarks like the dumb:
  "26 letters, 10 numbers, 11 other character keys for a total of 94 characters"
  to the misleading:
  "Because hash functions like AES-256 only provide 2^256 possible unique outputs, collisions are obviously possible".
  
  It also overlooks the fact that you're increasing your workload by a factor of X in order to increase the attacker's workload by a factor of X. Therefore there is precisely no leverage at all, and it's not really much of a win, that's a break even cost-wise.
  
  The paragraph beginning "The advantage of bcrypt..." also seems to show that you don't appreciate the difference between a PRP like AES and a PRF like MD5 when it comes to collisions from iterated images. I'm not 100% sure about the logic you're using to lead to the "1000 possible values" claim either. If fact quite the opposite. Are you claiming that if MD5 were iteratd 2^160 times, there would be 2^160 such possible values? (I.e. every input would match a password stored in the rainbow tables.) Sounds bogus, in fact.
  
  --
  Also FatPhil on SoylentNews, id 863
14. Re:Storing passwords (not as easy as you think) by Threni · 2012-01-15 21:25 · Score: 2
  
  No you haven't. User ID #67215298's username is Boris1322 but how would the attacker know this?
15. Re:Storing passwords (not as easy as you think) by ProfessorPillage · 2012-01-16 02:37 · Score: 1
  
  It's hard to take seriously an article which contains remarks like the dumb:
  "26 letters, 10 numbers, 11 other character keys for a total of 94 characters"
  This part is right: (26 + 10 + 11) * 2 = 94. But yeah, he forgot space so it should be 95.
16. Re:Storing passwords (not as easy as you think) by seifried · 2012-01-16 02:40 · Score: 1
  
  Sadly I wish it were so
  
  1. AES is not a hash function. It can be used in some constructions to emulate a hash, but you wouldn't just call that AES-256 as you do, nor is it commonly used this way.
  No but sadly it is used as one. Google results for SHA password storage: 143,000 results, results for AES password storage: 490,000 results. It is commonly used that way.
  
  2. "Because hash functions like AES256 only provide 2^256 possible unique outputs..." Only? This would put you at ~2^128 outputs before you could really hope to get a collision (and not a collision with a specific output, just any two outputs colliding). This is WAAAY beyond the resources of all of humanity.
  We said the same things about DES/3DES, Moores law, the groth of bot nets, and all that has some interesting side effects
  
  3. "Brute-forcing older algorithms is definitely possible now (DES and 3DES already fell to brute-force attacks several years ago)." Since when was 3DES brute-forced? I see no evidence that even 2TDEA has been brute-forced, let alone 3TDEA which is what people actually use. Citation greatly needed.
  DES was cracked in 1998 on $250,000 or so of custom hardware, using an average of 4.5 days (so half the key space). In the last 13 years hardware has gotten SIGNIFICANTLY faster and cheaper, from a 2006 paper: http://www.ietf.org/rfc/rfc4772.txt, and those 10 gig/sec chips are CHEAP now. Putting a few tens of thousands onto custom boards wouldn't be that expensive (same price range as deep crack).
17. Re:Storing passwords (not as easy as you think) by Just+Some+Guy · 2012-01-16 06:27 · Score: 1
  
  We said the same things about DES/3DES, Moores law, the groth of bot nets, and all that has some interesting side effects
  A common misunderstanding of Moore's Law is that computers double in speed every 18 months. Were that true and it held true forever, then a 256-bit hash would fall about 100 years after it's 128-bit counterpart. (To those double-checking the math at home: the birthday paradox implies that you only effectively get the strength of half those bits.)
  Horizontally scaling has a much, much worse payoff. Suppose you make a billion (2^30) node botnet running 24/7/365 dedicated to cracking hashes. That would make the project finish "just" 55 years after the 128-bit hash fell.
  And if your target bumps that to 512-bit hash - SHA512 is in a lot of standard libraries today - then the Moore's law payoff comes after about 300 years and the billion-node payoff is still two and a half centuries out.
  It's like the difference in upgrading from 8-bit to 16-bit CPUs, and then to 32-bit CPUs. Those went relatively quickly. It'll take a while for Mr. Moore to chew through the extra 32-bits we've given him in the last few years, though.
  
  DES was cracked in 1998 on $250,000 or so of custom hardware, using an average of 4.5 days (so half the key space).
  He was asking about 3DES, not DES. It's a whole world of pain harder to attack. According to the wiki, "NIST considers keying option 1 to be appropriate through 2030."
  
  --
  Dewey, what part of this looks like authorities should be involved?
18. Re:Storing passwords (not as easy as you think) by gweihir · 2012-01-16 06:51 · Score: 1
  
  Nothing wrong with using MD5 or SHA1, as long as you iterate and salt competently. Of course, using, e.g., PBKDF2 is better, as it avoids convergence. Still, if passwords are bad, all this does not help a lot.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
19. Re:Storing passwords (not as easy as you think) by Anonymous Coward · 2012-01-16 07:01 · Score: 0
  
  Were that true and it held true forever, then a 256-bit hash would fall about 100 years after it's 128-bit counterpart.
  
  Generally true but incorrect specifically when it comes to AES. AES256 is known to be weaker than AES128.
  https://cryptolux.org/FAQ_on_the_attacks
20. Re:Storing passwords (not as easy as you think) by CastrTroy · 2012-01-16 07:29 · Score: 1
  
  I've been using this method for years. I recommend this to everyone I know. But for most people, it is a bit of a hassle. The biggest problem is that you have to keep the file backed up, and you have to ensure that your backup is current. If you lose the file, you have now lost access to all your online accounts. Some people say they keep their file in a DropBox account, but personally, I wouldn't trust my data there. They had a data breach a little while back. Even if I change all my passwords (arduous process), there's still a file out there contain the list of all my user accounts for all the websites I visit. That's pretty personal information.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
21. Re:Storing passwords (not as easy as you think) by Just+Some+Guy · 2012-01-16 07:33 · Score: 1
  
  I'd handwave that away by saying I'm not sure why poor AES got dragged into this mess in the first place. Despite what the OP claims, I've not heard of many people using ciphers as hash algorithms.
  
  --
  Dewey, what part of this looks like authorities should be involved?
22. Re:Storing passwords (not as easy as you think) by LordLucless · 2012-01-16 08:59 · Score: 1
  
  Did you actually read his article?
  
  A more general and simpler answer though is to *always use a standard library*
  Except PHP 5.3.7, like he mentions in the article. You can't always trust your libraries
  
  and uses *password stretching* (i.e. iterates the hashing function thousands of time to make brute forcing much more expensive).
  And where he says in the article how bad of an idea this is, compared to using a work-factor algorithm like bcrypt
  
  --
  Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
23. Re:Storing passwords (not as easy as you think) by Anonymous Coward · 2012-01-16 10:01 · Score: 0
  
  Libraries are fixed in OS updates, your crappy code is not.
24. Re:Storing passwords (not as easy as you think) by emt377 · 2012-01-16 12:50 · Score: 1
  
  Sadly password storage
  The issue isn't password storage, but credit card information. Nobody cares if their password is broken; it's pretty easily changed. Handling CC information securely is far more difficult than basic account information and secure password authentication.
  CC information needs to be stored in a physically separate server which has no web servers or accept remote logins, but use entirely internal, minimal protocols that omit any possibility of read access to data. All operations need to task-based; no setters and getters or that sort of thing. Instead, "change CC #n for acct XXXXX to YYYYY", "set confirmation email for XXXXX to foo@example.com", or "enumerate stored billing options for acct XXXXX" that returns a list with entries like "ZZZZZZ, VISA with last for digits 1234". All orders send confirmation email for review. This limits a break-in on the web frontend to perform exactly those operations exposed by the protocol.
  Unfortunately, crap like LAMP have taken good engineering back to the 1970s and most systems work like sh*t for practical reasons; if you have only at most 25 outstanding requests because that's how many apache processes you have, then backend curls are a no-go, in fact anything blocking is a huge detriment to scalability. Instead engineers are forced to invent utterly retarded workarounds like putting processing queues in membase and polling with ajax for results in the browser. It's just so utterly craptastic I don't know whether to laugh or cry!
25. Re:Storing passwords (not as easy as you think) by emt377 · 2012-01-16 13:31 · Score: 1
  
  This part is right: (26 + 10 + 11) * 2 = 94. But yeah, he forgot space so it should be 95.
  26 uppercase, 26 lowercase, 10 digits, 12 punctuation/space = 74.
  My problem is requirements like, "One uppercase, two digits, one punctuation, 8-20 characters." You know people will use exactly this and nothing else, at close to the minimum length. So for an 8-char password you get 26*26^4*10^2*12 combinations. However, if you just let people use 8 lowercase chars you get 26^8, which is 14 times as big. In addition, by outright banning punctuation and digits it's no longer possible to search a smaller space first, say consisting of one or two uppercase, one or two digits, and bang at the end, the remainder lowercase. (If you who read this have a password matching this pattern, CHANGE IT NOW.) Strength indicators at password selection dialogs are good, but a lot of them are counterproductive and will tell you ten chars of which one or two is uppercase, two digits and a bang at the end are 'strong' while just ten random lowercase letters is 'weak'. Laughable.
26. Re:Storing passwords (not as easy as you think) by ProfessorPillage · 2012-01-16 15:14 · Score: 1
  
  26 uppercase, 26 lowercase, 10 digits, 12 punctuation/space = 74.
  No, the digit keys all have special characters when you hold shift, and the 11 special character keys all have 2 choices as well, so there are 33 special characters on the keyboard including space. That's 95 total. Look at your keyboard and count them.
  I think this throws off the rest of your calculations. The 43 numbers and punctuation together are a lot more than the 26 lowercase letters. And you failed to take into account that, even when done in a stupid way, people are likely to switch around the order somewhat (uppercase at the beginning OR end of the letters, and number/punctuation in either order, and sometimes even at the beginning instead of the end), which adds a few factors of 2 at least. Even one number and one punctuation in either order is about equivalent to two lowercase letters, but better because they help reduce dictionary words. I'm with you on explicit requirements of numbers and numbers only.
  But yeah, you're better off either encouraging but not requiring some punctuation and numbers, or having looser requirements like the common "at least 1 each of 3 of the following types: upper, lower, numbers, punctuation", plus some restrictions on sequences, dictionary words, etc. It's probably a good idea to require something like at least 6 non-numbers for an 8-character-minimum password too, to keep 7-number plus 1-letter passwords from getting too popular. But if you're coming up with your own password solution (like just about everyone with the type of requirements you describe), or copying one from a non-expert, then you're probably doing it wrong.
27. Re:Storing passwords (not as easy as you think) by Anonymous Coward · 2012-01-16 16:07 · Score: 0
  
  Same AC as before here, I'll try this again I guess.
  
  Sadly I wish it were so
  
  1. AES is not a hash function. It can be used in some constructions to emulate a hash, but you wouldn't just call that AES-256 as you do, nor is it commonly used this way.
  No but sadly it is used as one. Google results for SHA password storage: 143,000 results, results for AES password storage: 490,000 results. It is commonly used that way.
  You are again misunderstanding the situation. AES is commonly used to store passwords by encrypting them, it shouldn't be but it is. This is done by people who either just don't know any better or think they need to be able to reverse them (for instance to send them to you when you forget). What is almost never done is using AES as a hash function which is what you're saying. Follow the search results you mentioned for AES password storage, they aren't doing what you're proposing. You can't even do this unless you implemented it yourself or used 3rd party crypto libraries: no standard crypto library I know of has an AES hash construction built in, they just aren't popular outside of very special circumstances. If you can name one application that does this I'd be very surprised.
  
  2. "Because hash functions like AES256 only provide 2^256 possible unique outputs..." Only? This would put you at ~2^128 outputs before you could really hope to get a collision (and not a collision with a specific output, just any two outputs colliding). This is WAAAY beyond the resources of all of humanity.
  We said the same things about DES/3DES, Moores law, the groth of bot nets, and all that has some interesting side effects
  First of all, no we didn't, in fact IBM fought with the NSA to keep DES 64 bits because they felt 56 was not enough, and that was in the 70s. Second, as before, 3DES is not even remotely broken as of now. Third, I didn't say it would be beyond us forever, just now and for the foreseeable future. Your article makes it sound like any day now we're going to be finding collisions in AES hash outputs because there's "only" 2^256 of the same, which is:
  a) wrong. The number attached to AES is the keysize, not the block size, AES no matter what key length has the same block size which is what would govern collisions. Again you are confusing ciphers and hashes where that number would actually tell you the output length.
  b) ridiculous. If you truly had a random function that covered roughly 2^256 outputs you are not finding specific collisions in our lifetime, and yes I'm including Moores law, distributed attacks, and deep thought when it becomes available.
  
  3. "Brute-forcing older algorithms is definitely possible now (DES and 3DES already fell to brute-force attacks several years ago)." Since when was 3DES brute-forced? I see no evidence that even 2TDEA has been brute-forced, let alone 3TDEA which is what people actually use. Citation greatly needed.
  DES was cracked in 1998 on $250,000 or so of custom hardware, using an average of 4.5 days (so half the key space). In the last 13 years hardware has gotten SIGNIFICANTLY faster and cheaper, from a 2006 paper: http://www.ietf.org/rfc/rfc4772.txt, and those 10 gig/sec chips are CHEAP now. Putting a few tens of thousands onto custom boards wouldn't be that expensive (same price range as deep crack).
  Yes, but I asked about 3DES, not DES. DES is long broken, we all know this. DES has 56 bits of key strength. 3TDEA 3DES has 112 bits, that is 56 bits harder for those doing the math. You are obviously not understanding the scale of that difference.
  Put it this way, let's say those chips are a 1000x faster than they were then (they're aren't but let's be generous). You said tens of thousands on a board, but let's figure out a way to get a million on a board, and then just to make it fun let
28. Re:Storing passwords (not as easy as you think) by Cyberllama · 2012-01-16 22:22 · Score: 1
  
  Even worse than that, I so often see websites that give you a *maximum* password length of somewhere be 12-20 characters and even forbid the use of anything but letters and numbers. My password *must* be between 8-12 characters? What the hell good is that? I always wonder "What's the point of forcing me to pick a strong password then?" It'll be strong enough for any sort of remote brute-force attack, but one assumes just about any password other than 12356 works for that since most sites limit you to ~3-5 login attempts.
  The whole point of of a strong password is to withstand local attacks when the password hash file has been compromised. With such arbitrary restrictions one wonders what the point of forcing users into hard to remember passwords is when even the strongest password you're allowed to pick is still fairly weak.
  Perhaps they're using a very work-intensive hashing algorithm, but I somehow doubt it.
29. Re:Storing passwords (not as easy as you think) by fatphil · 2012-01-17 00:45 · Score: 1
  
  Where does the unstated *2 come from? Is that some US-centric there-are-only-two-symbols-per-key, the unshifted and the shifted, assumption which is inappropriate for 90% or more of the world? (Even the UK would typically have the pound sign, which isn't ASCII, as a shifted character, so the assumption doesn't even hold in the UK.) And why is a comment about security even focussing on one specific implementation of an input device anyway? The character set that's available to me when I use my N9 is different from that available to me on my workstation at home, his numbers, even if he can justify his arithmetic, are effectively meaningless.
  
  --
  Also FatPhil on SoylentNews, id 863
30. Re:Storing passwords (not as easy as you think) by fatphil · 2012-01-17 00:51 · Score: 1
  
  "Look at your keyboard and count them."
  
  13 of my keys have 3 symbols, and 1 has 4 symbols. My total will be different from yours. Mine will even differ from that of others in the same country as me, as we have 2 very different standard keyboard layouts for the two different linguistic groups in the country.
  
  --
  Also FatPhil on SoylentNews, id 863
31. Re:Storing passwords (not as easy as you think) by ProfessorPillage · 2012-01-17 02:27 · Score: 1
  
  Because the linked article you were complaining about specified a calculation prefaced with "suppose you want to precompute the hash values for all valid characters on a US-English keyboard", about the amount of storage needed for a rainbow table. Of course there were other errors in the article, but you picked on a relatively minor part that was correct. UK keyboards have something like 13 more characters than the US one, which increases the number of possible 8-char passwords using the keys on the keyboard by a factor of about 3 relative to the US keyboard (108^8 / 95^8); and US-letters-and-numbers-only reduces the possible number only by a factor of about 30 (62^8 / 95^8). You could make a similar rainbow table for each keyboard layout, many of which have similar numbers of easily accessible characters, with a similar amount of storage to that described, so his numbers are not meaningless. So the lesson is, use a hash that incorporates salt, and don't use dictionary words as your password.
32. Re:Storing passwords (not as easy as you think) by Cato · 2012-01-20 11:26 · Score: 1
  
  I did read the article, although quickly, and I wasn't very impressed with it. See http://slashdot.org/comments.pl?sid=2622556&cid=38711478 for some of the errors. The mention of GPUs is really irrelevant to security, and most useful for crackers.
  By "standard library" I really mean something like phpass that is written by developers who are highly security-aware. PHP's built in libraries probably don't qualify on that score.
  phpass will work on almost any version of PHP, and can use MD5 or SHA1 if that's what's available.
  Password stretching: the article's point about iterating 1000 times creating 1000 times the collisions is theoretical, as there are ways of implementing stretching that don't have this problem - see http://en.wikipedia.org/wiki/Key_stretching for non-collision-prone stretching options.
  There are many web hosts still using PHP 5.1 or 5.2 - requiring a recent PHP 5.3 isn't really a solution for many people.
6PM.COM by ArhcAngel · 2012-01-15 18:58 · Score: 1

Is 6PM.COM a part of ZAPPOS? Because they just sent a similar announcement.

--
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Yes by happyhamster · 2012-01-15 19:22 · Score: 3, Informative

6 pm appears to be a "value" branch of zappos: http://blogs.zappos.com/blogs/ceo-and-coo-blog/2008/02/19/zapposcom-and-6pmcom
what does "cryptographically scrambled" mean ? by zaphod777 · 2012-01-15 20:10 · Score: 0

So was it salted or just an hash? Without a salt they have all of the passwords pretty easily. They might as well as store the passwords in plain text at that point.

--
"Don't Panic!"
1. Re:what does "cryptographically scrambled" mean ? by droidsURlooking4 · 2012-01-15 21:22 · Score: 2
  
  It was scrambled with hash. It was just supposed to be salted & peppered but the line cook put salsa on it and that's usually over easy. Crazy world today.
2. Re:what does "cryptographically scrambled" mean ? by hedwards · 2012-01-15 21:44 · Score: 1
  
  Personally, I always like my hash peppered, but that's just me. Perhaps with a bit of egg on the side.
Kudos to Zappos for the way they handled this. by I'm+Not+There+(1956) · 2012-01-15 20:13 · Score: 5, Insightful

Shit happens, the way handle crisis is what matters. Zappos was very open about this, sent me an email, asked me to change password, set up new email addresses and web pages for this problem and questions that customers may have, and announced the issue quickly.
I wish more companies would act like this.

--
"If fifty million people say a foolish thing, it's still a foolish thing."
1. Re:Kudos to Zappos for the way they handled this. by saccade.com · 2012-01-15 20:33 · Score: 1
  
  My wife tried to order shoes tonight, and first the site insisted she change her password. Then it took -forever- for the address/payment info to appear before it would let the order go through. Trying to phone them got a "We're sorry - we cannot take your call at this time" recording - *very* unusual for Zappos. Makes me think this has them pretty bent out of shape. Wish I'd seen this before she placed the order. We may be buying some slimeball a lot of shoes...
2. Re:Kudos to Zappos for the way they handled this. by Anonymous Coward · 2012-01-15 20:37 · Score: 1
  
  I wish more companies would act like this.
  No need to wish for this. Words are cheap and security is not, so every day more companies adopt this clever strategy. The genius of this is it not only saves money on useless security but also betters the company's (and its CEO's) image, and if that weren't enough there's also some free publicity.
3. Re:Kudos to Zappos for the way they handled this. by Sprouticus · 2012-01-16 03:51 · Score: 1
  
  They explicitly said they turned off their phone lines because the Cust Service Dept was getting swamped. I can understand that actually.
  I would like to agree with the GP. They made a mistake, but unlike Sony they handled it well. If it happens again I will probably take my business elsewhere, but for now Im ok with how they responded.
Password reset may not be a great idea by jaymz666 · 2012-01-15 20:36 · Score: 1

So, they reset your passwords, if you use a few different passwords across sites and don't remember which is which, you can't try any of these to tell which one you did use at the site.
This seems less secure to me. Resetting the password means you can't tell what password you used there.
1. Re:Password reset may not be a great idea by SpzToid · 2012-01-15 21:40 · Score: 1
  
  This is why I try to get my colleagues, many of which are 'normal users' in a volunteer charity website for example, to use Passpack. I try to teach them to use strong unique passwords for each site they register with; while actually only having to remember about two passwords (and using copy/paste). But also a feature of Passpack (like other similar services, I imagine) is being able to share passwords among a workgroup, in case the server admin gets hit by a bus for example. This solution is the best I've found so far for this common problem.
  
  --
  You can't be ahead of the curve, if you're stuck in a loop.
2. Re:Password reset may not be a great idea by webheaded · 2012-01-16 01:43 · Score: 1
  
  Kind of dumb but helpful...I had my password saved in my browser and looked it up there. I'm sure that is insecure as hell though and now that I realize that my browser just throws it out there without encrypting it at all...I'm a bit nervous. As much as I love computers and shit...sometimes I hate them.
  
  --
  "Those who would sacrifice essential liberties for a little temporary safety deserve neither liberty nor safety." - BenF
3. Re:Password reset may not be a great idea by higuita · 2012-01-16 02:07 · Score: 1
  
  In firefox you can set a master password to secure your saved passwords
  
  --
  Higuita
4. Re:Password reset may not be a great idea by webheaded · 2012-01-16 02:13 · Score: 1
  
  I'm more worried about nefarious programs or whatever rummaging through there...not my wife finding the passwords. :p
  
  Setting a password up for Firefox doesn't do jack shit, as far as I'm aware. That's all stored in an sql-lite db anyway.
  
  --
  "Those who would sacrifice essential liberties for a little temporary safety deserve neither liberty nor safety." - BenF
5. Re:Password reset may not be a great idea by blueg3 · 2012-01-16 02:41 · Score: 2
  
  The passwords aren't stored cleartext in the database, they're encrypted with your master password.
6. Re:Password reset may not be a great idea by DarkOx · 2012-01-16 04:58 · Score: 1
  
  If you are doing that you have larger issues. So when a site rejects your password and you, try some others, you are potentially submitting credential pairs which may be valid elsewhere to a compromised host. BAD
  If you don't know what password Zappos had for your account, then you should set new passwords on ALL your accounts.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Legendary by Anonymous Coward · 2012-01-15 22:37 · Score: 0

Zappos hacked. Mollres and Atticuno come next.
1. Re:Legendary by GameboyRMH · 2012-01-16 00:15 · Score: 1
  
  LOL beaten XD
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
2. Re:Legendary by tehlinux · 2012-01-16 01:34 · Score: 0
  
  Arduino, I choose you!
  
  --
  Most linux users don't know this, but the man pages were named after Chuck Norris. Chuck Norris fsck'ing hates noobs!
Yah... by beadfulthings · 2012-01-16 01:50 · Score: 1

Such a cheerful thing to find waiting for you in your inbox. My email was waiting for me this morning.
I suppose it is a small price to pay for my semi-orthopedic, little old lady Crocs, the ugliest and most comfortable shoes on the planet.
Passwords are becoming a bummer.

--
"Here's what's happening. You're starting to drive like your Dad..." - Red Green
Slow staff??? by Anonymous Coward · 2012-01-16 02:08 · Score: 0

The CEO thinks it takes 20 mins for his employees to read the email. Does this say anything about the quality of their staff?
How many comments to go through to find out... by fotoguzzi · 2012-01-16 02:45 · Score: 1

...what Zappos is. I mean, why not just call it $companyfunction $company. Would it be so much to say what this company with millions of users does/sells?

--
Their they're doing there hair.
1. Re:How many comments to go through to find out... by Anonymous Coward · 2012-01-16 03:36 · Score: 0
  
  Fair enough, but I'd venture a guess that they're as well known by the general public as a site like NewEgg is to us geeks. I'd be surprised if the percentage of people on Slashdot unfamiliar with Zappos were over 10%.
2. Re:How many comments to go through to find out... by Anonymous Coward · 2012-01-16 04:06 · Score: 0
  
  You apparently don't have a wife/girlfriend. Or any female friends, for that matter.
3. Re:How many comments to go through to find out... by Anonymous Coward · 2012-01-16 04:50 · Score: 0
  
  It's fucking Zappos. If you don't know what they do by now, you probably just got on the internet and it would be a good time for you to learn to use Google. At some point we can stop saying things like "Ford, a vehicle manufacturer" or "Dell, a computer maker" and simply assume a baseline level of knowledge to participate in society. You, sir, have failed to meet that baseline. Congratulations.
4. Re:How many comments to go through to find out... by theswade · 2012-01-16 06:42 · Score: 1
  
  Have you considered clicking on the link in the article? The first sentence answers your question.
5. Re:How many comments to go through to find out... by Anonymous Coward · 2012-01-16 06:45 · Score: 0
  
  Douchebag.
  It's an online shoe retailer.
  How difficult was that?
6. Re:How many comments to go through to find out... by blop · 2012-01-16 08:30 · Score: 1
  
  I was wondering exactly the same thing... Slashdot forgets that a lot of readers aren't from the US and don't know anything about US-centric brand names...
7. Re:How many comments to go through to find out... by Anonymous Coward · 2012-01-16 08:38 · Score: 0
  
  You apparently don't have a wife/girlfriend. Or any female friends, for that matter.
  I don't either, and I *still* know what Zappos is!
8. Re:How many comments to go through to find out... by tqk · 2012-01-16 08:55 · Score: 1
  
  Would it be so much to say what this company with millions of users does/sells?
  You apparently don't have a wife/girlfriend. Or any female friends, for that matter.
  Yeah, I really look forward to getting together with female friends to discuss their shoes. :-P
  The correct answer is, "If you can post a dumb comment on /., you can look it up in a search engine, idiot!"
  
  --
  "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
9. Re:How many comments to go through to find out... by Jeng · 2012-01-16 09:49 · Score: 1
  
  In this day and age it makes little sense to ask another person what something is if you have access to a computer.
  If someone had mentioned this to me in meatspace and I wasn't near the internet I would ask what Zappos is, but you are on the net, it is easier to Google than it is to ask.
  Now if it was something that didn't pull up within the first few links then you would have something to stand on, but Google gets it right with the first link.
  
  --
  Don't know something? Look it up. Still don't know? Then ask.
10. Re:How many comments to go through to find out... by Anonymous Coward · 2012-01-16 14:19 · Score: 0
  
  More difficult than typing "zappos" into an address bar. Some people need to be forced to learn, or they never will. But pat yourself on the back for contributing to sloth and ignorance. You're doing a hell of a job.
11. Re:How many comments to go through to find out... by sunderland56 · 2012-01-16 17:51 · Score: 1
  
  why not just call it $companyfunction $company
  So do you call this site slashdot, or do you call it uber-geek discussion board slashdot?
Secure Remote Password protocol by Anonymous Coward · 2012-01-16 03:02 · Score: 0

I assume you mean http://www.tarsnap.com/scrypt.html and https://github.com/pbhogan/scrypt? Looks interesting, I'll have to check them out.
A better idea would be to switch to storing the SRP verifier:
x = H(s,p) ; s = salt, p = password, H() is SHA-1
v = g^x
Store v, s, and u (the username).
http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
Anyone who can get the password (or even the hash) from the above deserves to get them. :)
1. Re:Secure Remote Password protocol by tqk · 2012-01-16 05:52 · Score: 1
  
  http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
  Interesting read, thanks, but I wish a few wikipedians would go over that article and flesh it out. I'm pretty geeky, but I can't see offhand how claims like "... the SRP protocol is more secure than the alternative SSH protocol ..." are provable. Then again, I'm no cryptographer.
  Of course, the devil's in the details. SRP on top of a Win* box infested with keylogger trojans will be a waste of effort (false sense of security), so it'd be better to expend effort on that front (trash Win* :-) before implementing SRP.
  'Sounds like something every geek needing to secure remote accounts should know about these days. Why don't we? I'm not getting my memos! :-P
  
  --
  "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
That's right : by unity100 · 2012-01-16 03:14 · Score: 1

The Good News is that people are learning to love the smell of shit.
indeed. as one joke in a japanese anime so aptly put it :

"Even an old man's armpits grow on you with prolonged exposure ...."

im telling you.... the people making those animes. crazy ....

--
Read radical news here
Who cares, this won't... by Anonymous Coward · 2012-01-16 03:16 · Score: 0

...stop my wife from spending all my money there anyway.
Zappos Is Hiring... by Kevin+Raffay · 2012-01-16 05:26 · Score: 1

...an "Applications Security Engineer" (http://about.zappos.com/jobs) Duties include: "Develop security improvements for the company’s websites and backend applications." Evidently, this position is still unfilled.
Payback for Awful Marathon? by theswade · 2012-01-16 06:38 · Score: 1

Back in December there was a Zappo's Rock n' Roll marathon in Las Vegas that drew a lot of ire for its many short comings including running out of food and water, replacing said water with non-potable fire hydrant water making many people sick, overcrowding, disorganized medical response teams, etc. It would not surprise me to learn that some one decided to inflict this attack as retribution. However, that's just speculation. There are plenty of other feasible motives.
Not surprising by IrishMASMS · 2012-01-16 10:52 · Score: 1

For those in the Vegas IT/InfoSec community and have heard the stories (or have firsthand experience) of their hiring/screening process, this was only a matter of time. If you are screening out the folks with the hacker/InfoSec mindset (those that think differently/outside the box), are you hiring the best folks for the InfoSec role?
Seems the 'cool kids club' at Zappo's was not enough to defeat the attackers.
1. Re:Not surprising by emt377 · 2012-01-16 13:55 · Score: 1
  
  If you are screening out the folks with the hacker/InfoSec mindset (those that think differently/outside the box),
  They're not thinking outside the box, they're thinking inside a different box. Just hiring someone who thinks inside that particular box isn't by itself sufficient, or rather doesn't guarantee anything beyond basic competence for the job. It's MUCH easier to break into a system than secure it, because you only need one vulnerability. Those who are the best at finding these vulnerabilities typically aren't the same ones who are the best at preventing them. You can't secure a system by trial-and-error (find-and-patch). Often good hackers aren't useful for more than vulnerability testing.
2. Re:Not surprising by emt377 · 2012-01-16 13:57 · Score: 1
  
  "Often good hackers aren't useful for more than vulnerability testing." ... because their vulnerability-finding box doesn't adequately intersect the system-security-design box.
"Crypographically scrambled" probably means "md5" by Sean · 2012-01-17 05:55 · Score: 1

n/t
is zappos hosted on amazon cloud? by Anonymous Coward · 2012-01-17 08:06 · Score: 0

Zappos is owned by amazon isnt it? Does that mean this was actually a significant breach of amazon cloud services?