Best practice is PCI compliance. Duh.
On Tue, Apr 29, 2014 at 5:21 PM, Jeffrey Walton <noloa...@gmail.com> wrote: > On Tue, Apr 29, 2014 at 11:30 AM, Daniel Hadfield <d...@pingsweep.co.uk> > wrote: > > http://blog.aol.com/2014/04/28/aol-security-update/ > > > Ouch... Have any details of the "encryption" been analyzed or > discussed? Its always interesting to see what a company considers > "best practice". > > Jeff > > <quote> > AOL's investigation is still underway, however, we have determined > that there was unauthorized access to information regarding a > significant number of user accounts. This information included AOL > users' email addresses, postal addresses, address book contact > information, encrypted passwords and encrypted answers to security > questions that we ask when a user resets his or her password, as well > as certain employee information... > </quote> > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
