1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

NVIDIA Forums Hack: Passwords Not Salted

Discussion in 'News' started by btarunr, Jul 16, 2012.

  1. Oberon New Member

    Joined:
    Jan 24, 2011
    Messages:
    26 (0.02/day)
    Thanks Received:
    5
    Do they really need justification after stealing them in the first place? Looks like they kind of threw that whole "integrity" thing out the window already.
     
  2. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,038 (6.15/day)
    Thanks Received:
    6,102
    It might sound backwards, but some hackers do have integrity. Some hack into somewhere just to do it, then alert whoever they hacked to inform them how they did it so their security can be strengthened.

    Though the people that hacked nVidia were obviously just doing it to be dicks.
     
    Crunching for Team TPU 50 Million points folded for TPU
  3. Aleksander

    Joined:
    Dec 2, 2009
    Messages:
    3,254 (1.82/day)
    Thanks Received:
    304
    First of all, if i hack a password, i never tell anyone i stole (hacked) the password. I never use it to block their account
    No matter what would be my 'nickname'
    This all was made and payed very well to the programmers who cracked the forum for just that script in the pastebin. Read what they wrote very well. (i am referring to all)
    That is the true reason why they hacked the forum.
    Bear in mind that no matter how much i 'love god' i am never going to pay a hacker to hack nvidia forums. So the real reason, is to make you believe that these GREAT HACKERS, achieved that greatness on what they wrote on pastebin. It is just like phishing mind. The hack was payed very well. There is no real reason why the Apollo would hack the forum.
    Why exactly Nvidia? What is the real matter? If you find this, you will surely find the next hacking, not only on internet, but in real life!

    Actually reading it again, why apollo? Really he says religion and political and other stuff? Where is the real name he should have used?
    (You know what i am talking about)
     
    Last edited: Jul 16, 2012
  4. tacosRcool

    tacosRcool

    Joined:
    May 14, 2012
    Messages:
    860 (0.96/day)
    Thanks Received:
    71
    good thing I don't have an account there!
     
  5. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,140 (7.83/day)
    Thanks Received:
    7,667
    I agree. But with that being said such hackers don't brag. The ones that brag are dicks as you said.
     
  6. KissSh0t

    KissSh0t New Member

    Joined:
    Feb 1, 2012
    Messages:
    114 (0.11/day)
    Thanks Received:
    28
    Location:
    Down Under
    All I can say to "Team Apollo" is....

    0101100101101111011101010010000001110000011000010111010001101000011001010111010001101001011000110010000001101000011000010110001101101011011001010111001000100000011100110110001101110101011011010010110000100000011001110110111100100000011100000110110001100001011110010010000001110111011010010111010001101000001000000111001101101111011011010110010101110100011010000110100101101110011001110010000001100101011011000111001101100101001000000110110001101001011010110110010100100000010100110110111101101110011110010010000001101111011100100010000001010101011000100110100101110011011011110110011001110100001011100010111000101110
     
  7. Disruptor4

    Joined:
    Jun 3, 2008
    Messages:
    227 (0.10/day)
    Thanks Received:
    22
    I don't remember if I do or not. Is there a way to find out?
     
  8. theJesus

    theJesus

    Joined:
    Jul 20, 2008
    Messages:
    3,970 (1.74/day)
    Thanks Received:
    861
    Location:
    Ohio
    Apparently you don't use that for here. :p
    Apparently not you. :p
    One would hope that they'd send an email to anybody with an account warning them to change their passwords . . .
     
  9. Disruptor4

    Joined:
    Jun 3, 2008
    Messages:
    227 (0.10/day)
    Thanks Received:
    22
    What's wrong with Ubi?

    One would hope so... and I think they are/have. Just haven't received one yet so yeah.
     
    KissSh0t says thanks.
  10. KissSh0t

    KissSh0t New Member

    Joined:
    Feb 1, 2012
    Messages:
    114 (0.11/day)
    Thanks Received:
    28
    Location:
    Down Under
    Not allowing me to play the game I bought for my laptop where I don't have constant internet access.. lol.

    Interesting Sony wasn't mentioned xD
     
  11. TRWOV

    TRWOV

    Joined:
    Aug 11, 2011
    Messages:
    3,559 (3.04/day)
    Thanks Received:
    2,128
    Location:
    Mexico
    :laugh: I use akjwss (an old Geocities isued password) for the same reason. I must have 30-40 forum accounts with that password (pro tip: my user name for those isn't TRWOV either) :cool:
     
    Crunching for Team TPU
  12. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,379 (11.54/day)
    Thanks Received:
    9,683
    actually, techpowerup has some cool password theft protection technology.


    if you type your password, it appears in plain text to you, and asterisks to everyone else:


    Mussels
    ***********
     
    TRWOV and theJesus say thanks.
  13. TRWOV

    TRWOV

    Joined:
    Aug 11, 2011
    Messages:
    3,559 (3.04/day)
    Thanks Received:
    2,128
    Location:
    Mexico
    wow it's true

    TRWOV
    ******************
     
    Crunching for Team TPU
  14. theJesus

    theJesus

    Joined:
    Jul 20, 2008
    Messages:
    3,970 (1.74/day)
    Thanks Received:
    861
    Location:
    Ohio
    lemme try that:

    *********
     
  15. TRWOV

    TRWOV

    Joined:
    Aug 11, 2011
    Messages:
    3,559 (3.04/day)
    Thanks Received:
    2,128
    Location:
    Mexico
    I feel safer already :toast:
     
    Crunching for Team TPU
  16. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,938 (1.81/day)
    Thanks Received:
    645
    the password is:
    bellybutton
     
  17. jigar2speed

    jigar2speed

    Joined:
    Mar 6, 2012
    Messages:
    192 (0.20/day)
    Thanks Received:
    30
    Thanks i have you now :laugh:
     
  18. Ikaruga

    Ikaruga

    Joined:
    Feb 18, 2011
    Messages:
    870 (0.65/day)
    Thanks Received:
    183
    Guys, I was talking to someone at Nvidia yesterday, and he told me that the software they use doesn't even has an option to store the passwords in plain md5, and they are all salted. I understand this is something Nvidia would not rush to admit, but do you think it's possible that the pastebin info is fake?
     
  19. Aleksander

    Joined:
    Dec 2, 2009
    Messages:
    3,254 (1.82/day)
    Thanks Received:
    304
    Really stupid. I was learning today that passwords with sha1 are extremely easy to implement, though they didn't waste money on their website.
    And even want to earn millions!
     
  20. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,379 (11.54/day)
    Thanks Received:
    9,683
    entirely possible.
     
  21. Jizzler

    Jizzler

    Joined:
    Aug 10, 2007
    Messages:
    3,434 (1.30/day)
    Thanks Received:
    640
    Location:
    Geneva, FL, USA
    The notice is still up: http://www.nvidia.com/content/forums/index.html

    If faked, it would have taken less than 5 minutes for nVidia to discredit the hacking. So it's either real and they're investigating how it happened... or it's an nVidia plot to frame Apollo!
     
  22. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,140 (7.83/day)
    Thanks Received:
    7,667
    Yes I'm sure its a vast conspiracy to frame Team Apollo. I can see it all now. Jen-Hsun dressed up like M. Bison from Street Fighter telling his minions to frame and stop Team Apollo and all their righteous endeavors to bring down evil corporations via the Nvidia forums. MASTER PLAN INDEED.
     
  23. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    6,463 (6.46/day)
    Thanks Received:
    2,188
    Location:
    Concord, NH
    They do use a hashing algorithm, but what good is the hash if you're not salting the password. It doesn't take a lot of brute force power for a short password like "foobarpass," you add a salt to make it something like, "supersaltfoobarpasssuperpepper," that is much harder to brute force.

    You also don't need to implement SHA1, many languages already have functions or classes and methods that handle hashing.
     
  24. claylomax

    claylomax

    Joined:
    Apr 10, 2010
    Messages:
    1,612 (0.97/day)
    Thanks Received:
    261
    Location:
    London
    Priceless! :D
     
  25. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (4.93/day)
    Thanks Received:
    5,616
    Location:
    Cheeseland (Wisconsin, USA)
    That has got to be the worst example of what using a random salt does to a password that I've ever seen. :laugh:

    But you are right, Aquinus, salting makes it a lot harder to crack as well as using other things like multiple passes of encryption in combination with salts.

    That being said, if you use a strong password and it's not salted, it still will have to be brute forced which is quite time consuming even with very powerful hardware.
     
    theJesus says thanks.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page