Creative Commons license icon

SoFurry hacked; users advised to change passwords

Posted by (Laurence Parry) on Mon 15 Mar 2010 - 11:50Edited as of 12:26
Your rating: None Average: 4.7 (3 votes)

Users of SoFurry and its predecessor Yiffstar are being told to change their passwords, as the site's MD5 hashes have been compromised. [gsw/furryne.ws]

Toumal admitted the site had been vulnerable for the past eighteen months, but said the "security hole" had been fixed. New passwords will be salted to reduce the damage of any future breach. He also cautioned against using the same password on different sites.

While a hash does not contain the password, it is possible to deduce commonly-used passwords by comparing against a list of pre-made hashes. Salting adds an extra component to the password, rendering this so-called "rainbow table" technique infeasible.

The reporter of the security vulnerability has not publicly distributed the hashes, and is currently assisting with a review of the site's security. According to Toumal, this is the second time in as many years that a third-party has "helped" in this fashion.

Online multiplayer social game Furcadia suffered a similar security breach last October.

Tags:

Comments

Aeturnus (visitor) — Wed 17 Mar 2010 - 13:04
#1
Your rating: None Average: 2 (2 votes)

I'm sorry but I actually got a chuckle. Looks like hackers got tired of Twitter, and are now moving onto bigger and better things.

bersl2 — Wed 17 Mar 2010 - 22:14
#2
Your rating: None Average: 5 (2 votes)

Well, it's a brand-new codebase, so it's bound to have all sorts of bugs, including security bugs. Also, security (which includes authentication) and cryptography is hard to get correct.

In before a certain mouse starts spewing (elsewhere, probably) crap about being a furry making one incapable of programming well.

GreenReaper — Wed 17 Mar 2010 - 22:47
#3
Your rating: None Average: 5 (2 votes)

Alas, Toumal has stated that the bug was present in Yiffstar as well; it was an XSS vulnerability in the private messaging system.

Of course they are not the only furry art site with major security holes, some far more easily exploited. :-p

katheralockharte (visitor) — Sun 21 Mar 2010 - 17:53
#4
Your rating: None Average: 5 (3 votes)

Ugh, I think I got to my account too little toolate, I will have to remake my account on there.

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <img> <b> <i> <s> <blockquote> <ul> <ol> <li> <table> <tr> <td> <th> <sub> <sup> <object> <embed> <h1> <h2> <h3> <h4> <h5> <h6> <dl> <dt> <dd> <param> <center> <strong> <q> <cite> <code> <em>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This test is to prevent automated spam submissions.
Leave empty.

About the author

GreenReaper (Laurence Parry)read storiescontact (login required)

a developer, editor and Kai Norn from London, United Kingdom, interested in wikis and computers

Small fuzzy creature who likes cheese & carrots. Founder of WikiFur, lead admin of Inkbunny, and Editor-in-Chief of Flayrah.