Code repository GitHub is the latest site to have hackers compromise some user accounts, and in response, it's taking aim at bad passwords. In a blog post, GitHub engineer Shawn Davenport said that a brute force attack from around 40,000 IP addresses revealed some commonly used passwords, as well as ones that were used on sites besides GitHub. Davenport defended the site's overall security. "We aggressively rate-limit login attempts and passwords are stored properly," he said, though GitHub is now working on improving those rate limits. Primarily, though, it's saying that user passwords were the key weak link here.
Anyone whose account appeared to be compromised has had their password reset and any third-party keys revoked, and GitHub...
via The Verge - All Posts http://www.theverge.com/2013/11/20/5126906/weak-github-passwords-lead-to-account-security-breach
No comments:
Post a Comment