Scope (?):  All Topics
YanBz
admin
Hot or Not?
12

Security flaw discovered at Amazon - change your password!

submitted on January 29, 2011 by YanBz in "Stores / Merchants"
Wired writes about a security flaw discovered at Amazon which is very similar to that exploited by hackers with Gawker Media blogs last month

The flaw lets Amazon accept as valid some passwords that have extra characters added on after the 8th character, and also makes the password case-insensitive.

For example, if your password is “Password,” Amazon.com will also let you log in with “PASSWORD,” “password,” “passwordpassword,” and “password12345.”


Read more here:
http://www.wired.com/threatlev.....d-problem/
              

Favorite
  Comments
  • 100596
    HouTex
    admin
    Posted by HouTex on January 29, 2011
    [reply] 5 0
    It's interesting that Amazon didn't respond to a request for comment, but may have done something to fix it:
    Since newer passwords are not affected by the flaw, Amazon appears to have corrected the problem for new passwords — but without updating the older, stored passwords.

    The fix is straightforward for those with older passwords: Simply log on to Amazon.com, and change your password. You can even then change your new password back to your old password, and you’ll magically be safer than you were before.
  • 100597
    siggy38
    deity
    2 11 9
    12 9 2
    Posted by siggy38 on January 29, 2011
    [reply] 7 0
    Thanks for the heads-up.
  • 100605
    siggy38
    deity
    2 11 9
    12 9 2
    Posted by siggy38 on January 29, 2011
    [reply] 6 0
    I generally try to change my passwords on sites like Amazon every month or so for extra security. Idea
  • 100630
    mooncow728
    professor
    1 1
    12 6 1
    Posted by mooncow728 on January 29, 2011
    [reply] 7 0
    I just tested my password with extra characters on the end and sure enough it logged me in. I changed my password (to the same as my old one) and then tried the extra characters and it no longer worked. Thanks for the heads up.
  • 100635
    HouTex
    admin
    Posted by HouTex on January 29, 2011
    [reply] 5 0
    I was just reading http://howto.wired.com/wiki/Ch.....1eb20cbd6d about how to choose a strong password. But I disagree with the suggestion to use keyboard patterns, too many times I've seen people try that to guess passwords.
  • 100642
    CouponNut
    deity
    23 14 8
    12 10 2
    Posted by CouponNut on January 29, 2011
    [reply] 4 0
    Sorry yan my clicker hit the wrong button, I give an Up on your topic
  • 100644
    psplove
    professor
    3 1 6
    11 9 2
    Posted by psplove on January 29, 2011
    [reply] 3 0
    I change my passwords every month, Thanks for the info, Yan. Red Face
  • 100649
    deby32953
    professor
    Posted by deby32953 on January 29, 2011
    [reply] 4 0
    As Yan knows, I had a g.c. given to me by Buxr hacked into & used to download a XXX song to a cellphone! Amazon reimbursed me but couldn't tell me what happened, just claimed they had excellent security and this type of thing didn't happen!
      100766
    • DebsFreebies
      professor
      2
      10 5 1
      Posted by DebsFreebies on January 30, 2011
      [reply] 2 0
      ah, c'mon...you know you really wanted that xxx song! Mr Green
  • 100671
    roxytang
    professor
    2
    10 7 2
    Posted by roxytang on January 29, 2011
    [reply] 4 0
    Thanks for letting us know. Changing password now.
  • 100677
    2kidsnuts
    professor
    10 8 2
    Posted by 2kidsnuts on January 29, 2011
    [reply] 5 0
    Thanks for the update, gonna change mine now.
  • 100704
    YanBz
    admin
    Posted by YanBz on January 29, 2011
    [reply] 3 0
    SourceForge, a popular open source community, had their servers attacked recently, but unlike Amazon they put their members first:

    http://thenextweb.com/industry.....ect-users/

    Amazon should just reset all these "legacy" passwords. It is a shame they are not more pro-active with the issue.
  • 100760
    pablos17
    deity
    2 4 6
    10 8 2
    Posted by pablos17 on January 30, 2011
    [reply] 4 0
    Thanks for the info. I want to be as secure as possible on Amazon since I order so much through them.
  • 100769
    tinman
    beginner
    1
    Posted by tinman on January 30, 2011
    [reply] 5 0
    Great info - changing now!
      100770
    • Solstice
      professor
      1 6 2
      11 4 1
      Posted by Solstice on January 30, 2011
      [reply] 2 0
      Now there is a name I've not seen pop-up in a long time. Hello again.

Leave a Comment (members Sign in to comment)

Name

E-Mail (will not be published)

2 x 3 = ?

Emoticons

'Mr Green''Neutral''Twisted''Arrow''Eek''Smile''Confused''Cool''Evil''Big Grin''Idea''Red Face'

(more)


 

Browse by tags