Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Forums Hacked: 1 Million User Credentials Stolen

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes "Phandroid's AndroidForums.com has been hacked. The database that powers the site was compromised and more than one million user account details were stolen. If you use the forum, make sure to change your password ASAP. From the article: 'Phandroid has revealed that its Android Forums website was hacked this week using a known exploit. The data that was accessed includes usernames, e-mail addresses, hashed passwords, registration IP addresses, and other less-critical forum-related information. At the time of writing, the forum listed 1,034,235 members.'"

93 comments

  1. lol linux by Anonymous Coward · · Score: 4, Funny

    Was it run on... Linux? BWAHAHAHAHAHAH!

    Linux = FAIL.
    Windows or OS X are the only secure solutions.

    1. Re:lol linux by Anonymous Coward · · Score: -1

      MOD PARENT UP

    2. Re:lol linux by multiben · · Score: 1, Offtopic

      Oh come on whoever modded this down. Get a sense of humour!

    3. Re:lol linux by Anonymous Coward · · Score: 0, Informative

      It wasn't funny. Damn sure wasn't insightful or informative. Maybe inciteful.

    4. Re:lol linux by multiben · · Score: 4, Funny

      You're right. I'm sorry, now back to work everyone! These are serious times. Linux is the best operating system that has every existed and nothing will ever be better than it. It is perfect and nobody should ever laugh at it. You know why? Because it's not funny! That's why. In fact, nothing is funny. Somebody told me a joke once back in 1972 and frankly I just didn't see the point. It distracted me from being serious.

    5. Re:lol linux by Anonymous Coward · · Score: 0

      No need to be serious all the time. But it still wasn't funny, insightful, or informative.

    6. Re:lol linux by Anonymous Coward · · Score: 0

      Jesus christ, it's a fucking operating system. Get a life, nerd-linger.

    7. Re:lol linux by multiben · · Score: 1

      I know, I am totally agreeing with you.

    8. Re:lol linux by Anonymous Coward · · Score: -1

      I gotta tell him, I gotta be a man and handle my business
      I know he's gonna hate me, I gotta call'em what up dawg, what you been up to
      Oh yeah, well that's cool, check it out me and you, we been down for a while right
      we been here and there, we been pretty tight somethin happened last night that you might get upset about
      but hear me out, I didn't mean nothing buy it, I'm gonna make this quick

      I gave your momma this dick I dunno how it happened
      I just know my nuts and her itch was slappin I was over there mowin' the grass
      and I could feel her eyes all up on my ass and then I went inside to make a phone call
      and there she was with a tittie hanging out her bra one thing just led to another
      next thing you know I'm butt-fucking your mother

      Please don't hate me but I been fucking your mom loose lately please don't hate me
      I never said I loved the hoe please don't hate me
      but I been fucking your mom loose lately please don't hate me
      you never should have trusted a juggalo

      Don't hang up, I still got more your momma gives head like a heroin whore
      I wasn't thinking about you as my bud
      when she spread my but cheeks and went for the milkdud
      we broke out with your grandpa's gin
      and got drunk, I fucked her with a bowling pin
      she's freaky, her nipples look like peanuts
      your mommas one of my favorite sluts
      she likes licking from the back of my balls
      to the tip of my dick with one big lick
      she calls me her big teddy bear
      I chase her around in my underwear
      I admit I like spanking her but
      I used your sock though to catch my nut
      don't worry, I put it back, I knew I better
      that's probably why your toes been sticking together

      Please don't hate me
      but I been fucking your mom loose lately please don't hate me
      I never said I loved the hoe
      please don't hate me
      but I been fucking your mom loose lately please don't hate me
      you never should have trusted a juggalo

      maybe they call you a termihater
      if this was a swamp you'd be a allihater
      you could use a cold glass of hatred
      sure come on up, take the elehater
      your moms ass looks like oatmeal yo
      its bumpy and grainy, I like the feel though
      and I ain't trying to diss her either
      I'm only sayin' that I wish you would trim her beaver some
      every hair is like a foot long
      bitch looks like a werewolf wearing a thong sometimes
      its allright with me though
      I don't mind as long as I can locate the b-hole
      and your dad so dumb he's knowing nothing
      here I am stuffing her muffin
      not to mention the pickle buffing
      and I hope me and you are still cool
      I'm spending the night so she can drive me to school tomorrow
      and we plan on fucking again, allright, I'll talk to you later
      Peace
      (Jesus someone got fucked up nigga)

      Please don't hate me
      but I been fucking your mom loose lately please don't hate me
      I never said I loved the hoe
      please don't hate me
      but I been fucking your mom loose lately please don't hate me
      you never should have trusted a juggalo Please don't hate me
      but I been fucking your mom loose lately please don't hate me

      I never said I loved the hoe
      please don't hate me
      but I been fucking your mom loose lately please don't hate me
      you never should have trusted a juggalo

    9. Re:lol linux by Anonymous Coward · · Score: 0

      It wasn't funny to you, probably because you're a Lintard. To some though, it was funny. You're not funny at all. In fact, you're rather sad.

    10. Re:lol linux by Anonymous Coward · · Score: 0, Offtopic
      OS LIMITATIONS

      1. No true multitasking for 3rd party apps - they re frozen in the background.

      2. No Divx/Xvid video codec support. Zune will convert with loss of quality.

      3. No mass storage mode.

      4. No micro-SD card support.

      5. Only support up to 16GB storage .

      6. No filemanager. Directory system is totally opaque.

      7. Need Zune to transfer files. Zune will only transfer photos, videos & music. All other files need to email/upload to yourself.

      8. Your contact details are automatically uploaded to cloud service whether you like it or not.

      9. Limited to 800x480 resolution.

      10. Voice search is hardwired to Bing.

      11. Cannot use any MP3 file as ringtone except those with strict constraints.

      12. Cannot set static IP address so no connection to ad-hoc networks.

      13. No VPN support for this âoecorporate enterpriseâ phone.

      14. Cannot sync directly with Outlook without syncing to Cloud

      15. Totally closed OS, cannot sideload apps outside MS Marketplace.

      16. System font size cannot be changed.

      17. Images and photos cannot be renamed in the phone.

      18. Windows Live ID account cannot change country once set.

      19. No centralized notification page.

      20. Alarm clock cannot work when phone is turned off. All Nokia Symbian and Meego phones can do this.

      21. The idle screen is completely blank and cannot display time or notifications.

      22. Only photos allowed as email attachments, documents not allowed.

      23. No way to stream audio to the majority of car audio systems as the most common Bluetooth rSAP profile is not implemented.

      24. Cannot stream audio from video playback to Bluetooth devices as A2DP profile is not implemented.

      25. No support for full on-device encryption required for secure applications like mobile banking and online payment.

      26. Cannot use Bluetooth keyboard (no HID profile)

      27. Cannot silence ringtone or alarm by flipping the phone.

      28. Very limited customization option.

      29. Cannot be upgraded to WP8 (Apollo)

      USABILITY ISSUES

      30. No always visible status bar for battery life, signal strength, carrier ID, 2G/3G wi-fi, Bluetooth on.

      31. Taskmanager has no option to shut down apps you donâ(TM)t want running in the background.

      32. Search and Back button cannot be de-activated in apps or games and easily touched by accident which interrupt your user experience.

      33. Lockscreen need to be activated to show missed call/sms notification.

      34. No way to close an app except pressing back button all the way to the first screen.

      35. Tiny fonts in messages is very hard to read for those over 45.

      36. Cannot create and save playlists on the phone.

      37. Playlist can only be edited when you are playing it.

      38. Cannot search your music collection on the phone, only in the Marketplace.

      39. Cannot close music player, can only pause. Music player on lockscreen will stay until you reboot. Be careful not to touch it in a meeting.

      40. No draggable progress bar for current track playing and no indication which track in an album is currently playing

      41. Cannot lock screen orientation.

      42. Online and phone contacts are mixed together with no ability to filter.

      43. Search button in dialer does not search contacts for dialing, but search call history.

      44. Cannot save draft sms messages.

      45. Call history only show phone number type. If a contact has multiple phone nos. for a type the number used is unknown.

      46. Cannot recognize phone numbers in sms or email to save or use as calling number.

      47. Text messages can only be deleted one by one or the whole thread.

      48. Cannot select multiple pictures for deleting, sending or uploading. They must be done one at a time.

      49. No way to see photo details - dimension, date/time taken, file size, etc

      50. Apps are listed alphabetically with no way to group by c

    11. Re:lol linux by Anonymous Coward · · Score: 1

      It wasn't funny to you, probably because you're a Lintard. To some though, it was funny. You're not funny at all. In fact, you're rather sad.

      Yeah sure. It's like George Carlin's rules of the road. Anybody who drives slower than you is STUPID. Anybody who drives faster than you is CRAZY.

      It's like that with insecure people and humor too. Anybody who didn't think the joke was funny was obviously too stupid to get it. Oh, if only they were graced with your wit and your sense of humor!

      Clearly they are some kind of *tard. Oh was it about Linux? Yes, Lintard. That's what they are.

      Course the difference between a comedian and a +5 Funny slashdot post is that the comedian actually has to be funny. Slashdot seems to really hate it when you put any kind of wit or creativity into a joke. They'd rather hear for the ten thousandth time how awesome it would be if we got some sharks and put lasers on their heads. It's just that "Linux = FAIL" hasn't become an official Slashdot meme yet, so people are willing to give it the moderation it deserves instead of pretending to like it.

      Why does it work this way? Why can't mods just honestly vote for what they like and dislike? Why do they adhere to this pattern even when moderations are anonymous?

      They are desperate to feel like one of the group, a member of a shared culture, an insider. All they had to sacrifice was any sense of taste or regard for quality. That's all. That's why the tired old memes don't get the -1 Redundant they deserve - it's a bunch of Aspies and insecure geeks desperately trying to feel like they belong to something. Ever been in a group and seen one of those people who can't just laugh at the movie, he has to turn and look all around the room to make sure somebody else is laughing too - and quickly shuts up if no one else is? That's because he's not really an individual. That's what most Slashdot mods are like. It's why they follow the pattern like good little programmed bots even when no one is looking.

      Those of us with real friends and family understand this. We have a frame of reference with which we can compare it.

    12. Re:lol linux by Anonymous Coward · · Score: 0

      No love for either of you guys. But if you thought that was funny, you're in no position to call anyone's situation "sad". Didn't really look like he was trying to be funny anyway, so your observation that he's "not funny at all" is really without any evidence.

    13. Re:lol linux by Tourney3p0 · · Score: 2

      If you thought that was funny, you're going to *love* this new comedian Dane Cook that's making the rounds. Not sure what operating system he uses, though.

    14. Re:lol linux by Anonymous Coward · · Score: 0

      Your post makes me want to kill myself. I hooked my wagon to the wrong OS. OhNoes!
      Time to go back to programming PDP11's in assembly

    15. Re:lol linux by Anonymous Coward · · Score: 0

      Huh?

    16. Re:lol linux by Anonymous Coward · · Score: 0

      Successful troll is successful.

      And funny.

    17. Re:lol linux by ColdWetDog · · Score: 2

      Huh?

      Whatever the hell he's going on about, he sure is upset with it.

      --
      Faster! Faster! Faster would be better!
    18. Re:lol linux by MobileTatsu-NJG · · Score: 1

      It wasn't funny. Damn sure wasn't insightful or informative. Maybe inciteful.

      It was both funny and insightful, you just haven't accepted the way it applies to you.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    19. Re:lol linux by Anonymous Coward · · Score: 0

      "+1, Troll" should be a thing that exists.

    20. Re:lol linux by Flere+Imsaho · · Score: 2

      People laughed when I said I wanted to be a comedian. Well, they're not laughing now.

      --
      It gripped her hand gently. 'Regret is for humans,' it said.
    21. Re:lol linux by Anonymous Coward · · Score: 0

      Not sure if retard or just stupid.

    22. Re:lol linux by Anonymous Coward · · Score: 0

      Hey,
      Why should Linux be spared? According to most Apple users, everything else sux, and Apple invented everything... Linux fans will not be spared from Apple acolytes' unbiased opinions ;)

      Now get off-a my lawn.

    23. Re:lol linux by Anonymous Coward · · Score: 0

      You said Passport?

    24. Re:lol linux by Jawnn · · Score: 1

      It wasn't funny.

      I disagree. I'm certain that scores of 12-year-olds found it hilarious.

    25. Re:lol linux by broggyr · · Score: 1

      Anybody who drives faster than you is CRAZY.

      Anybody who drives faster than you is a MANIAC!

      FTFY

      --
      Irony? Yea, it's like goldy and bronzy, only it's made of iron!
    26. Re:lol linux by nhat11 · · Score: 0

      I thought it was funny, lol

    27. Re:lol linux by Anonymous Coward · · Score: 1

      Hey, stop speaking like a '00s guy. Here in the '10s we shortened that to a concise "he mad".

    28. Re:lol linux by sl4shd0rk · · Score: 1

      I thought you were introducing a new linux distro.

      --
      Join the Slashcott! Feb 10 thru Feb 17!
    29. Re:lol linux by AmberBlackCat · · Score: 1

      I would have modded it insightful. It illustrates the point that every time a security problem happens on a Windows system, the problem is blamed on Windows, even if that's an unfair accusation.

    30. Re:lol linux by Kalriath · · Score: 1

      He's either complaining about Windows Phone, or complaining about iOS. Presumably he needs to get out more.

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
    31. Re:lol linux by fluffythedestroyer · · Score: 1

      No reason to blame Linux, the OS has nothing to do with this problem. It was the administrator who was too stupid to put more security in it's database. So please next time, like always, USE YOUR FUCKING HEAD when you read. It's getting annoying... and why arent you banned. seriously, every time you write, nothing is good. only trolling

    32. Re:lol linux by Anonymous Coward · · Score: 0

      Umm... Dane Cook isn't new. He also isn't funny. None of his material, if you can call it that, is as funny as the joke above that pisses off Linux devotees. I'm sure he uses Ubuntu because he thinks it's "edgy." He seems like that kinda guy.

  2. Woo Hoo, big news! by Grayhand · · Score: 5, Funny

    Androids forums had a million users!!!!! Take that Apple!

    1. Re:Woo Hoo, big news! by Anonymous Coward · · Score: 0

      The anti-Linux joke above gets down-modded, but yours up-modded. No, there's no bias amongst the moderators!

    2. Re:Woo Hoo, big news! by Anonymous Coward · · Score: 0

      This one's actually relevant...

    3. Re:Woo Hoo, big news! by BronsCon · · Score: 1

      There's really not, go look at some of my comments pointing out Apples recent fuckups (not anti-Apple, just pointing out where they went wrong and pleading for improvement). Those mostly were modded down, just like the Linux joke.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    4. Re:Woo Hoo, big news! by MobileTatsu-NJG · · Score: 1

      Androids forums had a million users!!!!! Take that Apple!

      To go to StarBucks and work on our screenplays we have to go outside!! Take that, Linux basement dwellers!

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    5. Re:Woo Hoo, big news! by Anonymous Coward · · Score: 0

      >Take that Apple!
      Yeah, but a break-in would never have happened to an Apple discussion website ... you know Apple IS the best. Oh, and Jobsy used to shit marble (shamelessly stolen from Amadeus the movie)

    6. Re:Woo Hoo, big news! by tehcyder · · Score: 1

      Androids forums had a million users!!!!! Take that Apple!

      Yeah, where's the forums app on my iToy?

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    7. Re:Woo Hoo, big news! by Anonymous Coward · · Score: 0

      Your one-line attempt-at-humor posts are *never* funny. Please leave if you're not going to contribute anything worthwhile.

  3. Somebody's rushing... by war4peace · · Score: 2

    It's the third major hack in two days. Summer break boosts hacking?
    My knee-jerk reaction was that there's a new, unknown exploit out there but from the summary I see there's a "known exploit".
    At least I don't have an account there and now I am sure I never will...

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    1. Re:Somebody's rushing... by Anonymous Coward · · Score: 0

      I would bet it is the script kiddies trying to notch up before the security cons. ( Hope, BsidesLV, blackhat, and Defcon) . I mean really what use are logins in an android forum. the Yahoo Voice hack maybe has some value but I do not see what info is valuable from this hack.

    2. Re:Somebody's rushing... by Anonymous Coward · · Score: 0

      Because many^H^H^H^H^H most users have same password/login everywhere? I dont do that personally, but if you hack a couple of accounts of mine then you can figure out my system of generating them.

    3. Re:Somebody's rushing... by SomePgmr · · Score: 1

      At least this site hashed the users' passwords.

    4. Re:Somebody's rushing... by zaphod777 · · Score: 1

      hashed with a random salt, although this can still be brute forced it is just much more expensive for all passwords not just the complex ones.

      --
      "Don't Panic!"
    5. Re:Somebody's rushing... by Anonymous Coward · · Score: 0

      Another hack today is the NVIDIA Developer Zone.
      Quote: "NVIDIA suspended operations today of the NVIDIA Developer Zone website. We did this in response to attacks on the site by unauthorized third parties who may have gained access to hashed passwords."

      It's open season obviously.

  4. Low expectations by Anonymous Coward · · Score: 0

    What's sad is that I'm quite surprised that they had a million members, but not at all surprised that they were hacked via a known (and most likely trivial) exploit.

    I really have low expectations when it comes to online security... especially when it comes to forums.

    1. Re:Low expectations by Anubis+IV · · Score: 2

      This serves as yet another reminder of the value of using a password manager that can generate unique passwords for each and every site and then store them securely. That way, when the inevitable happens, as it did here, only that one password is compromised, and it comes at no hassle to you.

      I've been using 1Password for years, but a number of folks here seem to like KeePass, and I'm sure a few kind folks will reply with more suggestions below.

    2. Re:Low expectations by Anonymous Coward · · Score: 2, Funny

      i'd love to use keepass, but i am too fucking stupid. i am going to try again right now. fucking complicated shit.

    3. Re:Low expectations by Anonymous Coward · · Score: 0

      Or you can do something even more secure:

      Over the years, I have developed a very secure palace. As needed, it only takes a few moments to create an entire new addition to this palace. In the different rooms, I can hold many different things. All of my passwords are hidden within this palace in cryptic ways that really only mean anything to me. You would have to know me very very well to be able to interpret these, and it is never hidden the same way or in the same room as another password. The only risk is that if I die or something happens to me, all of those passwords will be completely impossible to retrieve. However, someone has to get to me in person and break through the walls of my palace (there are no doors, and these walls cannot be easily broken through ordinary means) in order to access any of these passwords. Your passwords managers are inferior to this design.

    4. Re:Low expectations by Anubis+IV · · Score: 1

      That sounds less secure to me, since a simple rubber hose and some pliers applied to you can result in the recovery of those passwords. In contrast, I don't even know the vast majority of mine, offering me plausible deniability. You'd have to not only gain access to me, but also my encrypted database of passwords in order to get access to mine (and since the company behind 1Password has demonstrated a willingness to update and improve their encryption in the past, I expect that they'll continue to keep up with the times, such that no one will be able to simply crack the encryption and gain access to my passwords).

    5. Re:Low expectations by Anonymous Coward · · Score: 0

      That is a memory palace, a very effective way to memorize stuff for short term. I wouldnt use a memory palace for simple passwords, for the simple reason that it is tough to maintain multiple memory palaces, and that they dont work well for long term.

    6. Re:Low expectations by Ded+Bob · · Score: 2

      I just wanted to mention that KeePassX runs on UNIX systems.

    7. Re:Low expectations by Serious+Callers+Only · · Score: 1

      That's great, but who remembers the one password to your encrypted database of passwords?

    8. Re:Low expectations by KernelMuncher · · Score: 1

      The best passwords are those hiding in plain sight. I like to keep a few pictures of things at my desk that instantly remind me of the password. For example it could be a picture of a big fat guy for password 300#FatGuy. That way you're unlikely to forget and still nobody would ever guess the actual password.

    9. Re:Low expectations by Anubis+IV · · Score: 1

      I do, of course, but as I said, they'd have to grab both me and the database in order to use the rubber hose method, whereas AC's technique requires no database, since the palace he's talking about is a memory retention technique, meaning that grabbing him would mean grabbing the database at the same time. I'm not suggesting mine is immune to rubber-hosing, just that it requires one more step to be possible, making it a bit more secure.

    10. Re:Low expectations by tehcyder · · Score: 1

      That sounds less secure to me, since a simple rubber hose and some pliers applied to you can result in the recovery of those passwords. In contrast, I don't even know the vast majority of mine, offering me plausible deniability.

      "Plausible deniability" is a piece of legal weaselling, not a way of stopping someone slicing your balls off with a cheesewire..

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    11. Re:Low expectations by Anubis+IV · · Score: 1

      Sure...but it keeps my passwords secure! ;)

    12. Re:Low expectations by AmbushBug · · Score: 1

      Yep, and KeePassDroid on Android.

  5. Who cares? by dynamo52 · · Score: 2

    I use a unique email address and randomly generated password for every single website to which I register. I don't know if I am a member on this forum but even if I am, I'm not going to bother with changing credentials because frankly, if somebody wants to impersonate me on a forum I may have joined simply for advice on a particular product I say go for it.

    --
    Like this comment? I accept Bitcoin! - 153sc8UUBXyp12ofQqfAWDmJrzyiKCYC1x
    1. Re:Who cares? by plutoXL · · Score: 1

      Well, apparently you don't care. But I am sure many other people do care.

  6. Hack Life by Anonymous Coward · · Score: -1

    this Is a Nice and excellent post.. I like this post.. I have some post like this .. go to www.djapna.com

  7. Those Poor Pitiful Poor - Politicians love em! by Anonymous Coward · · Score: -1

    According to the Brookings Institute, if you follow 3 simple (stupid simple) rules you will have a 98% chance of never living in poverty.
    The rules are:

    1. Complete at least a high school education. No-charge public schooling means you CAN do this, no excuses.

    2. After your education, get a job, any job. Stay at the job until a better one comes along. Harder to do these days but easier when you're not too proud to do service work or manual labor. If it comes down to it, you won't be the first to take a job you didn't like to put food on the table.

    3. Don't get pregnant or become a father until you are married and at least 21 years old. No excuses there. We all know how babies happen. You can choose not to have them or not to have them yet. Ladies, get a bungee cord and put it around you knees if you just can't control yourself. Or take some goddamned responsibility, find one of the 14 forms of non-surgical birth control available to women that you like, and USE IT. Gentlemen, they're called rubbers, USE THEM. Or abstain if you think you can but have a fucking back-up plan if this is your main plan because shit happens and this is important. Not being in a shitty situation wondering what the fuck you're going to do is MUCH BETTER than having a million excuses trying to convince yourself (because nobody else is buying it) that it's not your fault.

    People who do these things are adults, proper adults in every sense of the word. They're doing it the right way. The 2% of them who wind up in poverty anyway are what you call "down on your luck". Sometimes you do everything right and things still don't work out for you due to circumstances that are truly beyond your control. It makes perfect sense to have a safety net for those. It is the right and compassionate thing to do for our fellow man.

    There are more than 2% of people in poverty and that's because they make terrible decisions. Why is it so "offensive" to say so? You gotta grow up, get over that and face a few unpleasant realities if you want to actually get more people out of poverty. If you can't do that you are part of the problem. They should also receive a safety net, mostly because the alternative is getting mugged by them. What we should not do is pretend like they're innocent victims. We should not try to make them feel better. We should tell them how and why they failed and uphold them as an example of mistakes that should not be made. Young people should have both postiive role models and negative examples of what happens when you are irresponsible. If you want them to grow up into responsible adults that is. If never offending anyone is more important then it is the youth who will pay the price for your squeemishness.

    See if something really is your own fault and you don't want to accept that it is your fault, you will never change anything. You'll waste your time solving problems you don't have while neglecting problems you do have. It's a nation of crybabies that so many people think not "being offended" is more important for adult people than being able to deal with reality. That's why this nation is rotting and collapsing, because we no longer deserve the prosperity it once had. The people who built that prosperity weren't whiners, they didn't cry about how offensive reality was, and they understood the concept of making your bed and lying in it. We can do that too. Adults who have the emotional maturity of the average 2-year-old is not desirable, hate to break it to ya.

  8. Link... by uniquename72 · · Score: 1

    Link to forums... (Thanks for making me add more than just the link, /.)

  9. Forums by Archangel+Michael · · Score: 4, Insightful

    Most websites are "NOT SECURE" enough, so pretending that they are is simply dangerous. Wanna know how secure that website is? The Login is not on a SSL connection. Nuff Said!

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    1. Re:Forums by Kozz · · Score: 2

      Most websites are "NOT SECURE" enough, so pretending that they are is simply dangerous. Wanna know how secure that website is? The Login is not on a SSL connection. Nuff Said!

      Grabbing credentials going over the wire of a non-SSL site is not at the top of my worries, but having SSL certainly gives people a false sense of security. Any idiot (well, almost) can obtain and install an SSL certificate for their webserver, but that doesn't mean said idiot remembered to lock down phpMyAdmin or any other number of stupid things.

      --
      I only post comments when someone on the internet is wrong.
    2. Re:Forums by Robert+Zenz · · Score: 1

      So, how exactly does SSL help with, say, SQL injection or a buffer overflow?

      Just because a website is using SSL, doesn't mean that the webmaster has a clue what it's doing.

    3. Re:Forums by Anonymous Coward · · Score: 0

      having SSL certainly gives people a false sense of security

      At an interview earlier this year where the panel consisted of a project manager and a developer, I was asked by the developer whether having SSL made a website secure. I answered no, and the project manager made that "snorting" sound that suggested he found my answer funny. The developer gave him a disdainfule look and then spent a few minutes telling the project manager - his boss - why I was right. I found it quite amusing.

  10. Screw websites that *require* a login by Anonymous Coward · · Score: 0

    If a website requires you to sign up to post a comment... Don't post there. Just don't go there. Seriously.

    1. Re:Screw websites that *require* a login by BronsCon · · Score: 2

      You hear that, Slashdot? Now you know how to get rid of this guy!

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    2. Re:Screw websites that *require* a login by Setsquare · · Score: 1

      Shouldn't forums just need a digital signature?

  11. This is news? by thetoadwarrior · · Score: 4, Funny

    Some low budget Android site gets hacked and we feel the need to talk about it? It's a fucking PHP based site. I'm surprised not being hacked in between each restart to recover from memory leaks.

    1. Re:This is news? by Anonymous Coward · · Score: 0

      So why are you commenting?

  12. The known exploit by wbr1 · · Score: 3, Funny

    androidforums.com runs on a cluster of old phones. A simple android root program injected into the php was all that was needed :P

    --
    Silence is a state of mime.
  13. And, To Fulfil the Irony.... by rueger · · Score: 2

    It appears that the change password page is Slashdotted - I can't get more than one character into the form before it freezes up.

    Good thing it's still using the old password that I used for forums before the great LinkedIn password crisis!

    --
    Three Squirrels
    1. Re:And, To Fulfil the Irony.... by cerberusss · · Score: 2

      It appears that the change password page is Slashdotted

      It's the password that I only use for all my forum accounts, so I don't really care if it's hacked or not. Should I post stupid stuff, then it's just the silly Android Forums hacker.

      --
      8 of 13 people found this answer helpful. Did you?
    2. Re:And, To Fulfil the Irony.... by cerberusss · · Score: 5, Funny

      It's the password that I only use for all my forum accounts, so I don't really care if it's hacked or not. Should I post stupid stuff, then it's just the silly Android Forums hacker.

      HAHAHA DISREGARD THAT, I SUCK COCKS

      --
      8 of 13 people found this answer helpful. Did you?
    3. Re:And, To Fulfil the Irony.... by coinreturn · · Score: 1

      +5, Funny as hell

    4. Re:And, To Fulfil the Irony.... by Anonymous Coward · · Score: 0

      AND sexy!

      Therefore, +6!

  14. Is this the new hype? by Lord+Lode · · Score: 1

    Hacking sites to leak 100 thousands of passwords? This is the fourth recent case I know of.

  15. Please use OpenID by Galestar · · Score: 2

    That is all.

    --
    AccountKiller
  16. Original Source by izomiac · · Score: 4, Informative

    Here is the original source, with more information and less sensationalism. They aren't sure if any user information was downloaded, but are treating this as a full breach. To their credit, they at least hashed the passwords, and chose to inform their userbase rather than sit on it until they figured out if any user data was actually stolen or not.

    1. Re:Original Source by DaScribbler · · Score: 2

      Here is the original source, with more information and less sensationalism. They aren't sure if any user information was downloaded, but are treating this as a full breach. To their credit, they at least hashed the passwords, and chose to inform their userbase rather than sit on it until they figured out if any user data was actually stolen or not.

      No, they only informed those who actively frequent their sire, since all they did was post a warning at the top of the forums page. They took no steps beyond that. They didn't bother to send out a mass email to their registered users. I didn't learn about it until yesterday, 3 days after the breach, and that's only because I read it here on slashdot. If I hadn't read about it here, it would probably have been another 5 or 6 days before I learned about it, since that's about how often I frequent their site.

  17. So? I mean, it's a forum. by Anonymous Coward · · Score: 0

    What kind of idiot uses anything but an easy-to-remember throw-away password for an internet forum? Shouldn't you always assume they're insecure hobby sites?
    If it's not critical data, don't waste a good password on it.

    I mean... Oh noes! Someone stole my android forums password. Now they can use it to make me look stupid on the forums for other products I own!

  18. Fuck It by Ryanrule · · Score: 1

    Lets just make everything public.

    1. Re:Fuck It by DarwinSurvivor · · Score: 1

      I would love it if we could get rid of all this password nonsense and just append pgp signatures to everything. Whole-site encryption (unless it's a private site) would be pointless, you wouldn't need to give them an e-mail account and there would be NOTHING to protect on the websites.

      Note: The above only applies to forum/blog style sites and not private (bank, corporate, etc) sites that hold *confidential* information.

  19. The Gentleman's Guide To Forum Spies (spooks, feds by Anonymous Coward · · Score: -1

    http://cryptome.org/2012/07/gent-forum-spies.htm
    http://pastebin.com/irj4Fyd5

    Sections Overview:

    1. COINTELPRO Techniques for dilution, misdirection and control of a internet forum
    2. Twenty-Five Rules of Disinformation
    3. Eight Traits of the Disinformationalist
    4. How to Spot a Spy (Cointelpro Agent)
    5. Seventeen Techniques for Truth Suppression

  20. Only an idiot... by Anonymous Coward · · Score: 0

    ... would log in to change passwords on that site. Why do they register IPs for example? The only reason to log in there would be to remove all personal data and erase the account just in case they are going to sell the data once more. Lucky for them the world is full of idiots.

  21. Does this mean.. by 0ld_d0g · · Score: 4, Funny

    They open sourced the passwords? :-P

    1. Re:Does this mean.. by vanaeken · · Score: 0

      Passwords want to be free!

  22. Will they become... by juanfgs · · Score: 1

    Paranoid Androids?

  23. AGAIN WITH THE SCARE TACTIC HEADLINE! by Anonymous Coward · · Score: 0

    The headline should have read AndroidForums.com hacked, the way it reads now one would think an official forum by Google for Android was hacked.