User avatar
VertScopeJeff
General Manager
Posts: 177
Joined: Thu Mar 02, 2017 3:37 pm

Re: Airliners Site Concern

Thu Feb 14, 2019 5:19 pm

treetreeseven wrote:
What is the password hashing algorithm in use on this site? Disclosing the algorithm has no negative impact on security, if it's been properly selected and implemented.

Of course, if it hasn't, then there's already a problem with security.


Please elaborate what you are looking for and why you are asking?

Jeff M
 
damirc
Posts: 727
Joined: Fri Feb 13, 2004 8:43 am

Re: Airliners Site Concern

Sat Mar 30, 2019 12:29 pm

Just got one of those e-mails myself.

While my password was low entropy (just reset it) - I have not used it anywhere else.

There is no other way my e-mail + password combination that was sent in this e-mail was harvested from anywhere else but Airliners.net.

So either someone is doing brute force attacks and harvesting profile data from successful brute force attacks (my password was way too easy I admit it, but I haven't been to Airliners in ages) or someone gained access to your profile database. While it is possible that data was gathered in transit I'd think it's less likely.

As far as hashing algorithms and password storage are concerned - it is perfectly understandable not to share this data to a potential adversary and is considered good practice. My concern in this regard would only be that you are using something sane (scrypt, bcrypt, PBKDF2) and not an MD5 hashing algorithm. As is stands my (and others) password seems to have been recovered from Airliners.net and you should seriously look into how this could have happened.
 
User avatar
RobK
Posts: 3554
Joined: Mon Sep 06, 2004 1:43 pm

Re: Airliners Site Concern

Sat Mar 30, 2019 2:23 pm

Vertical Scope have been hacked umpteen times with millions of user details being stolen. Just do a search on google for "vertical scope hacked" and take your pick of news articles. The email I have registered here is only used on this site and I've received the same emails. Sure enough, checking the haveibeenpwned.com site to see if your email address has been hacked, mine is showing in the list. I recommend all users run their registered email address through that site to check.

Who is online

Users browsing this forum: No registered users and 5 guests

Popular Searches On Airliners.net

Top Photos of Last:   24 Hours  •  48 Hours  •  7 Days  •  30 Days  •  180 Days  •  365 Days  •  All Time

Military Aircraft Every type from fighters to helicopters from air forces around the globe

Classic Airliners Props and jets from the good old days

Flight Decks Views from inside the cockpit

Aircraft Cabins Passenger cabin shots showing seat arrangements as well as cargo aircraft interior

Cargo Aircraft Pictures of great freighter aircraft

Government Aircraft Aircraft flying government officials

Helicopters Our large helicopter section. Both military and civil versions

Blimps / Airships Everything from the Goodyear blimp to the Zeppelin

Night Photos Beautiful shots taken while the sun is below the horizon

Accidents Accident, incident and crash related photos

Air to Air Photos taken by airborne photographers of airborne aircraft

Special Paint Schemes Aircraft painted in beautiful and original liveries

Airport Overviews Airport overviews from the air or ground

Tails and Winglets Tail and Winglet closeups with beautiful airline logos