Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle

Notices

Reply
 
Thread Tools Search this Thread
Old 01-31-2011, 08:46 AM   #1
jocampo
Layback feline
jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.
 
jocampo's Avatar
 
Posts: 2,957
Karma: 6929373
Join Date: Nov 2010
Location: USA
Device: iPad mini, Kindle Touch and PW
Amazon security flaw?

Changing password is been advised...

http://m.engadget.com/default/articl...sic&postPage=1

Last edited by jocampo; 01-31-2011 at 11:13 AM.
jocampo is offline   Reply With Quote
Old 01-31-2011, 09:19 AM   #2
Histerius
Zealot
Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.
 
Histerius's Avatar
 
Posts: 126
Karma: 7922
Join Date: Jan 2011
Location: Zagreb, Croatia
Device: Kindle 3 - Galaxy Tab 10.1
Those who choose "password" for password deserved to wake up with deleted/stolen/destroyed account.
Histerius is offline   Reply With Quote
 
Enthusiast
Old 01-31-2011, 11:12 AM   #3
jocampo
Layback feline
jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.jocampo ought to be getting tired of karma fortunes by now.
 
jocampo's Avatar
 
Posts: 2,957
Karma: 6929373
Join Date: Nov 2010
Location: USA
Device: iPad mini, Kindle Touch and PW
Quote:
Originally Posted by Histerius View Post
Those who choose "password" for password deserved to wake up with deleted/stolen/destroyed account.
Agree! but almost sure, we do have folks here that fall under that category ;-)
jocampo is offline   Reply With Quote
Old 01-31-2011, 11:29 AM   #4
Tiersten
Guru
Tiersten shines like a glazed doughnut.Tiersten shines like a glazed doughnut.Tiersten shines like a glazed doughnut.Tiersten shines like a glazed doughnut.Tiersten shines like a glazed doughnut.Tiersten shines like a glazed doughnut.Tiersten shines like a glazed doughnut.Tiersten shines like a glazed doughnut.Tiersten shines like a glazed doughnut.Tiersten shines like a glazed doughnut.Tiersten shines like a glazed doughnut.
 
Posts: 987
Karma: 8641
Join Date: Aug 2010
Device: Kindle 3G+WiFi
Its not specifically "password" as a password that is the problem. It means it will only look at the first 8 characters of your password. This only occurs if you've not changed your password recently. If you've got a decent password then you're still fairly safe anyway but go change it anyway just to be sure.

The technical reason for this is that Amazon changed the way they hash passwords at some point in the past. The original system only cared about the first 8 characters only. The new system looks at the whole password. Its hashed because they don't want peoples passwords sitting around in their database in the clear. They can't convert from the old system to the new system as they don't store your original password.
Tiersten is offline   Reply With Quote
Old 01-31-2011, 12:32 PM   #5
snipenekkid
Banned
snipenekkid can understand the language of future parallel dimensionssnipenekkid can understand the language of future parallel dimensionssnipenekkid can understand the language of future parallel dimensionssnipenekkid can understand the language of future parallel dimensionssnipenekkid can understand the language of future parallel dimensionssnipenekkid can understand the language of future parallel dimensionssnipenekkid can understand the language of future parallel dimensionssnipenekkid can understand the language of future parallel dimensionssnipenekkid can understand the language of future parallel dimensionssnipenekkid can understand the language of future parallel dimensionssnipenekkid can understand the language of future parallel dimensions
 
Posts: 765
Karma: 51034
Join Date: Feb 2009
this is not that serious of an issue really. From my take on the article is that using a stronger long password was of no real benefit in the past as Amazon only used the first eight characters. These were still encrypted and one was and still is on an encrypted secure page when to logging into the account.

And while an eight character password can be cracked more quickly, it's not as if Amazon doesn't have detection protocols in place to monitor repeated attempts to sleuth out a password. It will still take anyone trying to crack a password a fairly long time unless someone uses a very weak password anyway, and even then it's not like they will get it in the first try or even the first 10,000 attempts or even the first 100,000 attempts. Leaving Amazon's own security protocols to detect the attempts and freeze the access.

So I am willing to bet that the vast majority of people who have not changed their password in the past couple years are likely just as safe as those who have, when looking at it from a practical point of view.

In fact the odds are far more likely your password would be obtained via some sort of spyware infection of your PC using a keyboard logger than having your account on Amazon directly hacked. And in such a case changing to a stronger password is of zero value to increase the protection of your account.

I mean just to add a bit of perspective here. Too much is made of these sort of things or at least the focus is not on the truly weak link which is the end user themselves. And no amount of increased security can cover for a user who simply does not keep things on their end secure as they can.
snipenekkid is offline   Reply With Quote
Old 01-31-2011, 07:45 PM   #6
Histerius
Zealot
Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.Histerius knows the square root of minus one.
 
Histerius's Avatar
 
Posts: 126
Karma: 7922
Join Date: Jan 2011
Location: Zagreb, Croatia
Device: Kindle 3 - Galaxy Tab 10.1
I agree with all you said. First, editors allow anything to go out in newspaper or website these days (now I'm talking against my own profession ) and they are trying to make a sensation out of anything, and second, you wouldn' belive how many system administrators in big companies choose "password" or their name for password.
Histerius is offline   Reply With Quote
Old 02-01-2011, 04:30 PM   #7
ManosHandsOfFate
Addict
ManosHandsOfFate ought to be getting tired of karma fortunes by now.ManosHandsOfFate ought to be getting tired of karma fortunes by now.ManosHandsOfFate ought to be getting tired of karma fortunes by now.ManosHandsOfFate ought to be getting tired of karma fortunes by now.ManosHandsOfFate ought to be getting tired of karma fortunes by now.ManosHandsOfFate ought to be getting tired of karma fortunes by now.ManosHandsOfFate ought to be getting tired of karma fortunes by now.ManosHandsOfFate ought to be getting tired of karma fortunes by now.ManosHandsOfFate ought to be getting tired of karma fortunes by now.ManosHandsOfFate ought to be getting tired of karma fortunes by now.ManosHandsOfFate ought to be getting tired of karma fortunes by now.
 
ManosHandsOfFate's Avatar
 
Posts: 294
Karma: 1537324
Join Date: Aug 2010
Location: Chicago
Device: Nook, K3, Fire, Nexus 7
Quote:
Originally Posted by Histerius View Post
Those who choose "password" for password deserved to wake up with deleted/stolen/destroyed account.
No we don't!
ManosHandsOfFate is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why Calibre has a flaw (to me) cfp Calibre 46 09-19-2010 06:40 AM
Is this just a flaw with e-books or am I doing something wrong? rick98761 Amazon Kindle 4 01-05-2010 08:01 PM
MAJOR FLAW in the Amazon Kindle sirmaru Amazon Kindle 76 12-06-2007 01:47 PM
Adobe patches latest Reader security flaw Alexander Turcic Reading and Management 11 10-29-2007 04:56 PM


All times are GMT -4. The time now is 04:16 AM.


MobileRead.com is a privately owned, operated and funded community.