On Tue, Apr 29, 2014 at 11:30 AM, Daniel Hadfield <d...@pingsweep.co.uk> wrote: > http://blog.aol.com/2014/04/28/aol-security-update/ > Ouch... Have any details of the "encryption" been analyzed or discussed? Its always interesting to see what a company considers "best practice".
Jeff <quote> AOL's investigation is still underway, however, we have determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users' email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information... </quote> _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
