If I was going to hack Comixology, I wouldn't steal user info. I'd steal comics. Maybe set myself up with a life-time sub to everything from Vertigo and all the Wolverine titles.These hackers need to get their priorities straight.
thats not how it works. these hackers usually work with DDoS attacks to breach security and during the attack they steal small packets of information such as passwords and names. all this is no more than a few minutes. stealing large files such as comics is a whole different thing that isnt possible in this method. and setting up a lifetime sub is a thing of movies.
They should have just said the encryption is decent. And hackers did not break in using DDoS. That is only used to bring down a site by flooding it with traffic. Most likely the hacker got in with stolen creds or sql injection. Once in they can export the db (though the passwords should be hashed (one way) not encrypted (two way)). And it may be possible for a hacker to give themselves a "lifetime subscription". All they would have to do is find in the db where subscriptions are handled and add or modify a row.
Yea because they know they're crap. Security by obscurity has never worked. Between a website that let's everyone know that use a strong encryption algorithm versus a website that hides the fact that they use MD5, the website that uses MD5 always loses.
@ddpruitt: You really think they used MD5? It's been well known not to use it, SHA-1, etc for quite a while now on online passwords. Using either bcrypt or AES, and they're golden. bcrypt has some very good implementations in basically every server side language for this purpose even.
@bustapr Wow, if ever there was a complete lack of understanding of sarcasm, there it is.My post is what is sometimes referred to as a joke, using a form of blatant sarcasm to suggest an improbable idea.That said, I'm an EE and I work in software development, so I'm very clear on the methods and what hackers employ and have access to, but thanks.