Registered users of TechRadar have had personal details including their email addresses and dates of birth stolen in a breach of the UK consumer tech website's database. The online publication sent out emails to all users and posted an announcement on its site warning that its user registration database had been hacked, adding …
Gee whiz, I wonder if they stored all their passwords in unsalted MD5/SHA1 form, too.
Maybe this Eternal Summer of hax will finally get some moronic "web-developers" fired. If you can't secure your site against SQLi, you shouldn't be making a site with moving parts full stop.
Bad Web Developers, or Bad Managers?
"Create our website and have it working by the end of the week. I don't care about anything but making sure we get click-through ad revenue, that our shopping-basket stuff works, and that our site looks good. Nothing else matters. Got it?!"
They know I was born on the 1/1/1970 and have my firstname.lastname@example.org account! Run to thar hills!
YOYOY does some shitty tech news website need to know its users' dates of birth anyway?
Pass resets? Or forum rules (over 12/13)?
And hope El Reg is next in line
"The website said that the stolen passwords were encrypted"
I'd like to know their definition of encrypted please.
I'm willing to bet a small sum that it means MD5 / SHA1 hashed (with no salt, it's bad for you apparently), but even if they actually are encrypted someone still needs to get a bollocking because why would a password ever need to be decrypted?
If you wanted to know then why did you not visit their website? It features an article right on the front page about the comprimise of the database. And as you can see their Q&A section answers most questions.
That is; assuming they're telling the truth of course.
I'd like to point out that it seems some phisihing sites have already gotten wind of this. Last night I recieved one of the "tech raidar" emails. Only thing is I don't recall ever setting up a tech radar account, and the site was www.techraidar.something.com
It may have been legit and I just don't remember, but be warned if you get an email, navigate to the site yourself.
I didn't have one either, but I used to post on the PCPlus forum before Future Publishing was taken over by Tech Radar. Looks like they ported over the list of user data.
Was the same for me, and I had to trawl my old emails to even find out what the username might have been
Is it just me?
"Our IT team has identified the cause of the problem and has taken action to rectify it," TechRadar said on its site. "The forums have been closed and will remain closed until we are satisfied there are no further issues."
I read that as "Rest assured the stable door has now been firmly bolted".
I stopped going to all the Future Publishing sites about 6 months ago, when they "upgraded" all their websites and couldn't be arsed to test it out in all browsers. It didn't work in my browser (unable to log on [Object]), so I gave them the finger and went elsewhere for tech news. You would have to be pretty stupid to exclude 200m potential users because you couldn't be bothered to test your website with all the major browsers.
Couldn't have happened to a nicer bunch of incompetents as far as I am concerned. I wouldn't be surprised if the same incompetent that was responsible for that is also responsible for this too.
Why block it ?
I think there's one thing TechRadar does wrong and that's totally block out their forums without so much as a warning as to what is going on. The moment you go to their forum you'll be greeted (eventually) with a network timeout.
That's very nice for people who visit the forum on a regular basis; getting errors without having a clue where they came from.
For a club which claims to have a big interest in tech I would have expected a more technological satisfying solution, a warning page at the very least.
Can't have been much of a list then.
If only they had some sort of "radar" of the "tech" variety to alert them to incoming threats.