News
Car Reviews
Editorials
Video
Product Reviews
Tips & Advice

PSA: Don't Forget To Change Your Jalopnik Password

Edward Niedermeyer
by Edward Niedermeyer
Published:  December 13th, 2010

We know there’s more than a little overlap between TTAC and Jalopnik, the Gawker Media empire’s car blog, so we’d like to remind our readers who do have a commenting account at Jalopnik to change their password (since Gawker was apparently too “in shock” to warn users earlier). Gawker Media was attacked by a group of hackers known as Gnosis, and at least 200,000 Gawker user accounts have been hacked, exposing commenters’ login information and allowing some Twitter accounts to be taken over and used to send spam messages. The attack on Gawker was reportedly a response to the blog pioneer’s “outright arrogance,” and some have speculated that it was related to Gawkers antagonism of the famed hacker hangout 4chan; we reckon that Lotus was somehow behind it. To find out if your account has been compromised, surf over to Gawkercheck.com, or simply change your password at Jalopnik or any other Gawker Media site. Or, you could just delete your account and become a regular here at TTAC instead. Just saying…

#Housekeeping #Media
Edward Niedermeyer
Edward Niedermeyer

More by Edward Niedermeyer

Comments
Join the conversation
8 of 45 comments
See more
  • Geeky1 Geeky1 on Dec 13, 2010

    Since, in light of this incident, I'm not going to be commenting (or visiting) over there again, I'm going to go ahead and express my disgust here. This whole incident was mishandled from the beginning, and it's very clear that the people running Gawker really don't give a shit about their users. From their classifying us as "unimportant (...) peasants" ( http://static01.mediaite.com/med/wp-content/uploads/2010/12/GawkerBIG.png ) to the fact that the hackers apparently had access to the servers for at least a month before they determined what was going on, to the length of time it took them to let us "unimportant peasants" know about the data breach, everything about this situation indicates that they don't value their source of revenue at all. They were using DES encryption for their users' passwords, a standard that's going on 40 years old and which was cracked in freaking 1998. Especially now that the hackers have made all of the data they obtained publicly available, it's not a matter of if your Jalopnik password will be cracked, it's a matter of when. With the processing power available in modern computers, an individual's e-mail and associated password can be decrypted in a matter of hours-if not minutes or seconds. And, as if that weren't enough, these idiots apparently didn't even store any input beyond the 8th character; i.e. your password on Jalopnik could have been "supercalifragilisticexpialidocious", but all you would have had to type to log in is "supercal" because the remaining 26 characters were just discarded. Furthermore, their servers were on Linux kernels that were years out of date. You can argue back and forth about Linux vs. Windows security in a server environment all day long if you really want to, but Linux has security holes of its own (as evidenced by this attack) and running kernel versions that far out of date on anything interacting with the internet can only be considered moronic. I mean I thought that I was a lazy sysadmin because I forget my weekly backups sometimes but judging by this event the Gawker IT department evidently spends all of their time at work eating cheetohs and watching porn. There's no excuse for security this lax on a major website. And in spite of having outdated, halfassed security systems these idiots went out and antagonized 4chan and the hacking community in general. Essentially they were playing Russian roulette with their users' data-and their own, apparently-with a semiautomatic. Gawker can go to hell. Additional reading for those that care: http://blogs.forbes.com/firewall/2010/12/13/the-lessons-of-gawkers-security-mess/
  • Ronnie Schreiber Ronnie Schreiber on Dec 14, 2010
    Ed, we appreciate your help in spreading the word to all nine of our site’s 22,503 commenters who came over from your post to change their passwords. - Ray Wert Ray, my fellow MOT, since you’re obviously following this thread, I’d like to point out to you that there is at least a little irony in your comments on this thread. I suppose you meant to show how puny our readership is compared to the mighty giant that is Jalopnik (
    • See 1 previous
    • Ray Wert Ray Wert on Dec 14, 2010

      Not to belittle TTAC, as I have read the site fairly frequently, but I actually found the post because I have a Google Alert set up for "Jalopnik." Also, I don't really think we're TTAC competitors. I think Autoblog's industry-obsessive content is likely closer in content level to TTAC -- even if the style is different.
  • Bertel Schmitt Bertel Schmitt on Dec 14, 2010

    Ed, we appreciate your help in spreading the word to all nine of our site’s 22,503 commenters who came over from your post to change their passwords.

    TTAC's server says that yesterday, gawkercheck.com was the most clicked outgoing link on TTAC. Today, it trails in the #2 position behind pontiacsonline.com. And that's only because someone is ruining all the fun at Curbside Classic Clues.
    • See 1 previous
    • Bertel Schmitt Bertel Schmitt on Dec 14, 2010

      To Ray: I don't think you have access to the access logs of and referrers to gawkercheck.com, so you can only form a highly uneducated opinion.

      To all: While changing your password to any of the Gawker sites is good advice, here is better advice. If you are one of the many who use the same email and password for multiple sites (and don't we all sometimes do that?), you should immediately change your login information to those other sites. Like now.

      You account data is often stored and accessible. You can be impersonated and used for nefarious purposes. If you are one of the many of us who log into other sites with the same email and password and who then forget where they logged in, then you are in deep doodoo.

      Gawker stores the passwords in encrypted form (as any responsible site should do) but their encryption did not hold up to a simple cracking tool, as described here. To make a long story short, many if not most email/password combinations used on all the Gawker sites are there for the world to see.

      Use something like gawkercheck.com or didigetgawkered.com to check whether you are on the list of compromised Gawker data.

      Techie part:

      Even the toughest encryption cannot protect you if you use a simple password like "Swordfish". The way this works is when you sign on, your password gets converted to encrypted data, called a "hash" and is stored. A hash cannot be decrypted (at least it should not). But the same password always creates the same hash. That's how you are being let in when you log in the next time. Knowing that, a cracker compiles a wordlist and converts the list to hashes. Once the hashes are created, the cracker compares the stored data with the hashes in the compromised data, and bingo, there are the passwords. That's why they tell you to use at least a number or special character in your password. Even that is not foolproof.The best password is a totally random word, upper and lower case, with numbers, something like d65Gh234hJSF. The next best is to remember one sentence, like "I want to have sex with two girls" and then turn that into Iwth6w2g . But then again, don't use the same sentence for many sites. Why? Some sites I knew WANTED to know your password in cleartext and patched the software so that the cleartext password was stored with the hash ...
  • Ash78 Ash78 on Dec 14, 2010

    Settle down, guys....I remember when these two sites were more complementary of each other (that's complementary with an "e" and maybe sometimes with an "i"). Jalopnik has gotten more off-beat, while TTAC has gotten VERY businessy. That divergence has been good, IMHO, and that's why they're the only two general auto sites I visit (well, at least until work blacklisted Jalopnik a few days ago. I guess I was spending too much time there...lol)
Next
You may also be interested in
Poll: Americans Are Less Interested in Buying an EV Than in 2023
Subaru Prices 2025 Legacy, Outback
Gas War: Biden Admin Decides Against Refilling Dwindling Oil Reserves, Citing High Prices
GM Dealers Want Hybrids Instead of More EVs
Used Car of the Day: 2002 Honda Accord Coupe
2023 Mercedes-Benz GLC 300 SUV 4Matic Review – Suburban Comfort
Rare Rides Icons: The Cadillac Eldorado, Distinctly Luxurious (Part IX)
Consumer Reports: Many EVs Fall Short of Range Estimates
GM To Temporarily Halt Production of Cruise Origin Van
The NHTSA is Investigating Some Ram Trucks for Potential Loss of Drive Power
Drive Notes: 2024 Lexus TX
QOTD: Is 2024 the Year All-Weather Tires Hit the Mainstream?
Ford Owners Can Begin Using Tesla Superchargers in the U.S. and Canada
2024 Kia EV9 First Drive – Setting Expectations
Junkyard Find: 1971 MG MGB-GT
The Volvo EX30 Is Delayed to Fix Software Issues
Junkyard Find: 2004 Mitsubishi Diamante LS
GM Will Discount Models Not Currently Eligible for $7,500 Tax Credit
Car Reviews By Make
view all
About Privacy Terms Contact us Copyright
© 2024  VerticalScope Inc. All rights reserved.