Quote:
Originally Posted by pstation
erm. your password file should be secure, no?
so even if they did get the file. they shouldn't be able to do too very much with it, provided that users aren't using incredibly weak passwords.
|
Actually that's the problem. Which is something that most people aren't even aware of. The passwords seems to be encrypted on the ccbill file. So at first glance your file seems useless to anyone. However, this encryption method that they use is fairly simple to crack. I had Ray Morris look at the file and he told me he was able to figure out something like 62 passwords in less than 1hr. So if someone gets a hold of that file, they can easily crack a huge list of usernames.
CCbill should either bulk up their encryption or have a way to batch change logins at any given time. This seems like BS to me from a company that is so huge and taking huge %s from all of us.