Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Eircom Not Hashing their users @eircom.net passwords

  • 27-07-2012 6:30pm
    #1
    teddy b123
    Registered Users, Registered Users 2 Posts: 399 ✭✭


    Just thought I'd let you all know eircom are not hashing their eircom.net email passwords.

    Was on the phone to them there (my email account wasn't working ) and was quite surprised when I had my password called out to me over the phone after answering only the most basic security questions (Which I got mostly wrong anyway).


Comments

  • #2
    Deliverance XXV
    Registered Users, Registered Users 2 Posts: 1,757 ✭✭✭Deliverance XXV


    Wow. Am I surprised at their incompetence? Not really. No hashing and probably no random salting either. Time to start telling my €ircom registered friends to change their passwords :rolleyes:


  • #3
    gerryk
    Registered Users, Registered Users 2 Posts: 1,726 ✭✭✭gerryk


    It's possible that this is in a separate database from the authentication database. I would hope so, in fact. I would hope that the internat facing authentication database is multiply salted, hashed and locked down, and that this is in some CRM system that is only accessibly over the corporate intranet. Not that this is acceptable either, but slightly less bad.

    I have kicked it over to the Talk to... Eircom forum for comments.


  • #4
    Giblet
    Registered Users, Registered Users 2 Posts: 11,998 ✭✭✭✭Giblet


    Now Tesco are in the firing line over this. I mean, who the hell is handling their security?


  • #5
    gerryk
    Registered Users, Registered Users 2 Posts: 1,726 ✭✭✭gerryk


    Giblet wrote: »
    Now Tesco are in the firing line over this. I mean, who the hell is handling their security?

    Link?


  • #6
    MagicRon
    Registered Users, Registered Users 2 Posts: 138 ✭✭MagicRon


    http://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html


  • Advertisement
  • #7
    knuth
    Registered Users, Registered Users 2 Posts: 469 ✭✭knuth


    Oak.6Tree.2 anyone?

    Not one bit surprised.


  • #8
    mach1982
    Registered Users, Registered Users 2 Posts: 760 ✭✭✭mach1982


    Giblet wrote: »
    Now Tesco are in the firing line over this. I mean, who the hell is handling their security?


    Security, IT is last thing big companies care about .


  • #9
    col.in.Cr
    Closed Accounts Posts: 511 ✭✭✭col.in.Cr


    I had someone from 3v.ie ask for my password before and I told him I wouldnt give it out but he said he could see it anyway


  • #10
    gerryk
    Registered Users, Registered Users 2 Posts: 1,726 ✭✭✭gerryk


    This sort of vulnerability/lack of duty-of-care is how that poor bollix at Wired got so thoroughly owned.


  • #11
    RUCKING FETARD
    Closed Accounts Posts: 1,455 ✭✭✭RUCKING FETARD


    sshot50487f288cfe8.jpg


  • Advertisement
Advertisement