41:["$","div",null,{"className":"px-4","children":[["$","h2",null,{"className":"mb-4 text-sm font-medium text-balance text-muted-foreground tabular-nums","children":[0," comments"]}],["$","$L43",null,{"comments":[{"item":{"id":5593701,"type":"comment","by":"err_badprocrast","time":1366700667,"title":"$undefined","url":"$undefined","text":"

  07:52 < HTP> the CCrypter class of the linode application \n  context was accessable from outside the wwwroot using \n  undocumented ColdFusion methods. i was fully able to \n  decrypt the ccs using the in-memory privkey that they \n  supplied the password for.\n

\nFrom the 2nd pastebin'd IRC log, http://pastebin.com/7WXRDyAg

Note that he states all information was deleted. They had claimed earlier that CC info would be released on May 1st.

note: temp account because I accidentally set noprocrast delay to 1 week. Whoops!","score":"$undefined","descendants":"$undefined","kids":"$undefined","parent":5593639,"dead":"$undefined","deleted":"$undefined"},"children":[]},{"item":{"id":5593667,"type":"comment","by":"leeoniya","time":1366700004,"title":"$undefined","url":"$undefined","text":"i cannot imagine that a remembered passphrase would take too long to brute-force on a few multi-GPU setups. unless they did something meaningful like making it a long sentence rather than some short-but-complex-for-humans 15 char string. http://xkcd.com/936/","score":"$undefined","descendants":"$undefined","kids":[5593953,5593982,5594287],"parent":5593639,"dead":"$undefined","deleted":"$undefined"},"children":[{"item":{"id":5593953,"type":"comment","by":"eridius","time":1366705673,"title":"$undefined","url":"$undefined","text":"Specifically what they said is it isn't stored digitally. So maybe they have it written down on a piece of paper.","score":"$undefined","descendants":"$undefined","kids":"$undefined","parent":5593667,"dead":"$undefined","deleted":"$undefined"},"children":[]},{"item":{"id":5593982,"type":"comment","by":"threeseed","time":1366706531,"title":"$undefined","url":"$undefined","text":"Based on what we've seen before I wouldn't give Linode the benefit of the doubt.

The password is most likely cracked by now.","score":"$undefined","descendants":"$undefined","kids":"$undefined","parent":5593667,"dead":"$undefined","deleted":"$undefined"},"children":[]},{"item":{"id":5594287,"type":"comment","by":"nodata","time":1366713463,"title":"$undefined","url":"$undefined","text":"It's a passphrase, not a password.","score":"$undefined","descendants":"$undefined","kids":"$undefined","parent":5593667,"dead":"$undefined","deleted":"$undefined"},"children":[]}]}],"op":"scraplab"}]]}]

0 comments

0 comments