What is Digg?257 Comments
- davidsmero, on 10/11/2007, -24/+561I blame the MPAA / RIAA.
- Sengara, on 10/11/2007, -14/+476I don't care who, or what group did this. What happened to honor among thieves?
- rudy23, on 10/11/2007, -11/+386who creates a login at pirate bay anyways. get the stuff and be outta there
- fober, on 10/11/2007, -11/+312I didn't know PirateBay had a login.
- z00k, on 10/11/2007, -18/+317Someone knows a little to much about the "AUH" ... I think "Daniel" here should be ... Investigated.
Anyway, Sucks for TPB, I Appreciate and commend them on all their hard work they have done in the past few years... ***** like this happens m8's... We just have to move on. (And force a password reset on everyone.) - SaxxonPike, on 10/27/2007, -6/+189Even if they did get my password (and that's very highly unlikely given its uniqueness) what could they do? "HAHA IM IN UR NAME STEALINZ UR TORRENTZ"
- davidsmero, on 10/11/2007, -2/+149At least they actually tell the truth, not like some other companies that play it off and act like it never happened.
- drafhk, on 10/11/2007, -20/+161This seems like one of those immature script-kiddie kind of attacks done by ignorant teenagers without a life. ***** punks.
- tsbardella, on 10/11/2007, -6/+120how do i burn this to a dvd?
- SaxxonPike, on 10/11/2007, -2/+114"Hey look guys we have an assload of user names and... uh... password hashes..."
Yeah, that's going to do much for ya. - inactive, on 10/11/2007, -7/+113seed plzz
- rudy23, on 10/11/2007, -4/+96@z00k
I think the more pressing issue at hand is the fact that manyu users will use the same userid passwords to multiple sites. exposing them to who knows what. - Hepburn82, on 10/11/2007, -4/+91VLC plays everything!
- rebopper, on 10/11/2007, -3/+83I downloaded the .iso, now what do i do? It doesn't work! HEEELLLLPP!!!11!!
- explnx, on 04/27/2009, -2/+77wat iz wrong wit file, it make many small files on .r00 lol virus fake fake fake dont downlode !!!111
- pixogen, on 10/11/2007, -6/+65You can post comments and search for pr0n if you create an account.
- eatsushi, on 10/11/2007, -2/+60comments from the blog:
"Thanks for letting the users know about the problem. Funny how the so-called Pirates display more ethical behaviour when it comes to disclosing data-breaches than most publicly-owned corporations in the united states." - geminitojanus, on 10/11/2007, -1/+56The Pirate Bay has said in their thread that they "salt" their hashes with an unknown-to-the-hackers value at the beginning of the hash to distort the values.
In other words: you'd need to know the hashing algorithm, the salt, and you'd need access to a huge number of computers to do hash checks before you even came close to finding out some of these passwords.
If only the government forced such security. Le sigh. - 10001110101, on 10/11/2007, -5/+56I would presume that the Login link at the bottom would let you log in & post comments.
- Lennalf, on 10/11/2007, -5/+54@fober (#6633964)
It also lets you upload torrents... not that a bunch of leechers would know anything about that... :-P - Rikkochet, on 10/11/2007, -5/+53@fyrehart:
Your argument just conjured up a clear image of that episode of the Simpsons where Principal Skinner explained he went into the burlesque house just so he could get directions on how do get AWAY from it. - tizz66, on 10/11/2007, -6/+54I like how everyone commenting on there is saying 'ah well, ***** happens, don't worry'. I wonder what the response would be if this had happened to MegaSuperGlobal Corp Inc Ltd... Just food for thought, that's all.
- strangewill, on 10/11/2007, -2/+49Usually you don't give credit card or other sensitive information to sites like TPB.
Frankly, all they can do is sell the e-mails to a spam company. - MarkusVendictus, on 10/11/2007, -6/+52Oh like the perfectly legal software that comes with root kits and copy-protection so strict that prevents you from using your own legal copy?
- mercurysquad, on 10/11/2007, -2/+48Send an email to tpb_database_unlock_bot@hotmail.com with your ID and password in the message and it will send you the unlock code.
- fyrehart, on 10/11/2007, -7/+52Checked out the links, found a link to a working torrent, downloaded file, passwords and ip's come up as "hash censored" and "ip censored"
BTW, only looked for it because I wanted to make sure I never signed up for tpb.
If you /must/ know, http://www.flashback.info/showpost.php?p=7095058&postcount=32
Oh, and there are several thousand pages of usernames - rudy23, on 10/11/2007, -4/+49@ fyrehart
there you go. info is pretty much useless to the hackers nless they can figure out how to decrypt the passwords. - adidos, on 10/11/2007, -2/+44Sensationalist description!
"They have got a copy of the user database. That is, your username and passwords."
The passwords were hashed/encyrpted...not cleartext. Not a big deal IMHO. - dubz76, on 10/11/2007, -4/+45yo it took me 3 weeks to get dis an now my download iz stuck at 99.8 % for a month now...cum on ppl seeeeeeddd
- rudy23, on 10/11/2007, -3/+44then dont read them
- grapfx, on 10/11/2007, -1/+41Can anyone tell me what a .rar file is. There are like 50 of them and none of them do anything when I click on them. All I want is to draw pictures with Microsoft illustrator cuz I am a comic book artist.
- alrahman, on 10/11/2007, -6/+39"Angry Young Hackers"
What are they, some sort of emo hackers or something? - sxtxixtxcxh, on 10/11/2007, -2/+32that's inaccurate. lemme fix that for you:
"This is reason people should not use software. There are so many security risks."
there we go. - smackhero, on 10/11/2007, -1/+30this is why it's important never to store user passwords in plain text, and it's usually best to just store a hash of the password using one-way encryption. this way, even if someone does break into your site and get access to your user database, they won't have immediate access to the passwords. i imagine a site like the pirate bay probably employs this practice.
so if the hackers want to gain access to your account(s), they still have to crack the passwords from the hash list. this is usually a very slow process requiring lots of time to execute a brute-force attack, but depending on the kind of encryption used and how it was implemented, the ease of doing this can vary.
the two most commonly used hash functions are MD5 and SHA-1, both of which have had known vulnerabilities discovered in them since 2005. but there's no such thing as unbreakable encryption anyway (or at least, no such algorithm has been discovered to this date and may not even be theoretically possible). both algorithms are still strong enough for most applications if implemented correctly, but if implemented poorly, can be just as easily defeated without the use of an analytical attack.
since hash algorithms are one-way encryption functions, the original password cannot be derived (in theory) from the password hashes stored in the database. therefore a very time-consuming brute-force attack would typically be required to crack the passwords and may not be practical depending on how strong the passwords are (which determines the amount of time it takes to crack each password), and how much value the passwords have to the attacker (in this case, probably not that much).
however, using one of various MD5/SHA-1 reverse lookup databases available, or rainbow tables, one can decrypt the password from a plain MD5 or SHA-1 computed hash very easily. this can be prevented though by using a salt value when computing the password hash. if a salt was added to the password before hashing, then most reverse lookup databases would essentially be useless--especially if a non-alphanumeric salt was used. since the pirate bay claims that the passwords are _very encrypted_, i'm assuming that they at the very least did this.
recently there have been analytical attacks discovered against MD5, and SHA-1 to a lesser degree, which can construct collisions in a short amount of time. but for password security applications, collision attacks aren't really a threat. i think most pirate bay users should be safe as long as they chose a strong enough password that's insusceptible to a dictionary attack. just to be safe though, you may want to follow their advice and change your password wherever the potentially compromised one is currently being used. after all, there's no such thing as an unbreakable encryption, and who know? tomorrow someone might discover a preimage attack against currently used hash algorithms. although, i think using a salt value may still prevent a preimage attack from discovering your actual password and thus compromising other accounts using the same password--but you never know. - webcrumb, on 10/11/2007, -0/+27WTF is it with these damn leechers... SEED DAMMIT! I normally get 400000KBs and this is coming down at 5K/s! Fcking n00bs!
- ipodsweatshop, on 10/11/2007, -4/+30"How ironic is this, this is what AACS group said about it's encryption... which most people @ pirate bay thoroughly enjoy being broken, now their identities are under the same scrutiny by some cracker out there. what can you say, life's a mystery."
What you have is a list of encrypted passwords that (hopefully) use one way DES encryption. Since you don't understand much, I'll simplify, there is no way to reverse the encryption without the key. It's mathematically impossible by design (or someone would have done it by now, DES is not new). The only key is the password. So they would have to brute-force 1000's of passwords. Unless they use rainbow tables.... - BobTurtle, on 10/11/2007, -5/+31Your indifference and rebellious attitude make you the coolest person on the internet.
- Osiriscky3, on 10/11/2007, -6/+31AUH FTL. They need to mind their own business and stop messing with the pirate community before something bad happens.
Also if they do at some point in a few months do decrypt the password it will nearly be useless to them - mercurysquad, on 10/11/2007, -0/+24MegaSuperGoldCorp Inc. will probably lose a lot of Id/pw's with credit card info and contact details of people with actual moolah. What do pirate bay members lose? A login, at worst. Big deal.
- sxtxixtxcxh, on 10/11/2007, -2/+26in soviet russia, it's the other way around.
- maddskillz, on 10/11/2007, -9/+32They have porn on the Internet now???
- Odweaver, on 10/11/2007, -1/+23Issue stands that they did it to be ***** with account information, many users use the same username and password on multiple sites, which is how eBaums ordered the owner of subeta.org 30 ps3s and 10 complete collections of the fresh prince of bel-air.
http://img341.imageshack.us/img341/5016/1177966001919xu8.png - FearMEiDEA, on 10/11/2007, -0/+21You just don't understand us! /wrist
- kitsune111, on 10/11/2007, -0/+21They have a whole pr0n section if you login. It will then let you upload torrents as well! You know.... UPload? Give back to the torrent community!
- gib786, on 10/11/2007, -0/+20anyone know the password for this torrent?
- alassiry, on 10/11/2007, -1/+20TPB should send any site that publishes the usernames a DMCA notice, just for phun.
- irregardless, on 10/11/2007, -0/+19I swear I just wanted to see which usernames had been used already so that I could pick an original one. All the good was were already taken, so I gave up.
- xtmno3, on 10/11/2007, -1/+19@geodescent:
http://www.softsland.com/md5_password.html
"Great, kid. don't get cocky." - inactive, on 10/11/2007, -0/+18I don't use important passwords for torrent sites, i have "real" passwords and "dont care" passwords.
- rudy23, on 10/11/2007, -2/+18i was kidding . . .
-
Show 51 - 100 of 256 discussions
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is 