It’s been in the news that Gawker in the US was hacked recently. We’d like to reassure local readers that the Australian edition sites are run on entirely separate infrastructure. AU versions of Gizmodo, Lifehacker, and Kotaku are unaffected. UPDATE: To clarify, if you have ever signed up to a US version (.com) Gawker site, you should assess whether you have been compromised. This US Lifehacker FAQ has all the details.
Aaron
Tuesday, December 14, 2010 at 1:46 PMYet somehow my twitter account (which stupidly shared the same password as one I have used previously) was hijacked by the Acai spam attack. Though I don’t remember ever being asked to submit a password to any Gawker media site, I guess I must have at some point.
Anyway, my point is, change your passwords people.
Craig
Tuesday, December 14, 2010 at 1:50 PMIf that’s the case why did my email address appear in the list of those released?
Seamus Byrne
Tuesday, December 14, 2010 at 4:41 PMTo clarify (updated above) if you’ve ever visited the .com version of the site and signed up there, then you may have been compromised. If you’ve only ever used the .com.au version of the site you will not have been exposed to this attack.
Alan Zeino
Tuesday, December 14, 2010 at 2:13 PM“We’d like to reassure local readers that the Australian edition sites are run on entirely separate infrastructure.”
What, do you use DES twice?
Kaan Kivilcim
Tuesday, December 14, 2010 at 4:40 PMThe backend of the Allure Media publishing system circa 2009 consisted of a cipher key unique to each title that was used to generate a salted hash, which is stored in the database. The hash is based upon an irreversible algorithm.
Compromise and retrieval of the contents of this database would still result in the disclosure of sensitive information given enough time and resources. The use of salted hashes, however, means that it is not computationally feasible to brute-force the passwords for accounts within a reasonable amount of time; i.e. it will take months, if not years to break only a handful of hashes.
Gawker Media used DES to store passwords. DES is reversible and can be broken in a matter of hours using commercially available and purpose-built hardware for less than US$1000. DES was replaced by AES in 2002 by the US Government as the new encryption standard.
Steve
Wednesday, December 15, 2010 at 2:39 PMSo I put in account details several years ago on the US Kotaku/Gizmodo. This is a pretty shitty thing to happen.