What is Digg?35 Comments
- inactive, on 05/19/2008, -6/+31Guess who’s got your passwords on their servers…Every site you've ever created an account on. No, I didn't RTFA.
- SushiCW, on 05/19/2008, -1/+19Misleading title, semi-interesting article.
From the article, it looks like the actual issue is malicious/irresponsible servers storing their passwords in a place where Google will cache them...as well as any other webcrawler that comes looking. That's nothing new: if you store sensitive data in your web root, you give it away to anyone who looks for it. - choopie911, on 05/19/2008, -0/+16And I can't find a simple bangbus password.
- thebookmarker, on 05/19/2008, -2/+15Bad idea. I took what they show in the screen shots, looked for the same patterns in google and found same logs from different compromised accounts. First password got after ~3 minutes for ijji.com, some kind of gaming site it seems.
- rjosal, on 05/19/2008, -0/+11Good web developers only store a hash of your password. This is why you have to reset your password when you forget it. Avoid having accounts at places that can email your password to you, or if it is unavoidable, use a unique password you don't use elsewhere.
- FUR10N, on 05/19/2008, -0/+6what's worse: the fact that this has happened, or the fact that everyone now knows about it and is searching google now because of the article?
- Rozza, on 05/19/2008, -1/+6calm down, we'll do it live!
- mentor972, on 05/19/2008, -0/+3This is scary. It really works.
- hypodan, on 05/19/2008, -0/+3but I can't read it!
- jer2eydevil88, on 05/19/2008, -0/+3I dugg you up because I was curious as to what I would find but the information is sadly so sensitive that I now think it might be better if you just delete your comment.
- Enmitix, on 05/19/2008, -3/+6found the "crimeservers"
google
site:index583.com db
site:smplugin.com banking
enjoy - mrjofo, on 05/19/2008, -0/+3Or they should think for a few minutes before they post.
- Evi1d33d, on 05/19/2008, -1/+3So... what's the site?
- inactive, on 05/19/2008, -0/+2theres 9 pages from that index site but the majority of them dont even open....only some are cached
- passedoutghost, on 05/19/2008, -0/+2Well thanks to the genius of Kevin Rose, diggers cannot delete their own comments. They need to lodge a request for it to be deleted.
- cykyc, on 05/19/2008, -0/+2It would at least be nice to notify the victims of these cached sites. Theses aren't just server passwords; a lot seem to be caught by keyloggers of some sort (web searches, emails, folder creation, etc.). But, even the simple act of notification can backfire on the Good Samaritan... "HOW DID YOU GET MY PASSWORD!!1! YOU'RE A HACKER!!11!!"
- Firehed, on 05/19/2008, -0/+2True, but having a weak password is still a hazard if the hashes are leaked. There are databases out there (and it would be quite easy to make your own) containing many MD5 and SHA1 hashes and their original inputs. If the hash gets out and you don't have a fairly complex password, it's only a tiny bit extra effort to get the password itself.
- Panzwhore, on 05/19/2008, -1/+3through the screen shots and fallowing the trends i found the site
- yabos, on 05/19/2008, -0/+2With a name like crackah you'd think you could figure it out.
- Satanael, on 05/19/2008, -2/+3Guess who's got two thumbs and doesn't care... This guy.
- DCJoeDogaswell, on 05/19/2008, -1/+2aaaaaaand it's off the front page, thanks alot you little bitchy whiners
- Macuyiko, on 05/19/2008, -0/+1http://johnny.ihackstuff.com/ghdb.php ...so how is this news? Learn to protect your site people. "I'll just put this here in an opendir in my public_html, no-one will guess the directory name." - wrong! Google will.
- rjosal, on 05/21/2008, -0/+1I see. So better web developers would choose a random number of random digits of the hash for their unique hash.
- mentor972, on 05/19/2008, -0/+1Exactly, and most blogs or content management systems do that as well so the webmasters only have the hashes in the database.
- miken32, on 05/19/2008, -3/+4So if those are real Google screen caps, why does a search for [intitle:timestamp intitle:"protected storage"] turn up nothing at all? http://www.google.ca/search?q=intitle%3Atimestamp+ ...
- Kamino, on 05/19/2008, -1/+2We value your opinion.
- timissimit, on 05/19/2008, -1/+1because they were searching specific servers
- Ayelet2, on 07/03/2008, -0/+0Its a she... and i did say We do love Google!...
- brainflakes, on 05/19/2008, -0/+0I did a few searches and easily found those specific results, in fact blurring out the usernames and passwords was a pretty pointless exercise because you can easily find the results they show
- SgtSchizoid, on 05/19/2008, -2/+1p@$$w0rD
- sunnyoraish, on 05/19/2008, -3/+1misleading title....seems like he is blaming google for storing such data....
- inactive, on 05/19/2008, -5/+1wow it actually worked... none of the passes i got actually worked tho
ediT: nvm i just got into someones yahoo - scairborn, on 05/19/2008, -17/+11***** THING SUCKS!
- ohplease, on 05/19/2008, -8/+2let's blame google for site operators exposing visitor data to googlebot user agent
robots.txt is a CIA lie according to timecube
google is the 9/11 mastermind - crackah, on 05/19/2008, -8/+1Any chance sharing with us how you did that?
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is