Kommentarer till Spotify varnar för stulna lösenord http://ohsohightech.se/spotify-varnar-for-stulna-losenord/ Tue, 10 Jun 2014 15:12:22 +0000 hourly 1 https://wordpress.org/?v=4.4.1 Av: Tobias » Länkar http://ohsohightech.se/spotify-varnar-for-stulna-losenord/comment-page-1/#comment-2373 Wed, 10 Jun 2009 20:55:33 +0000 http://ohsohightech.se/?p=2317#comment-2373 […] Spotify varnar för stulna lösenord […]

]]>
Av: Peter Jaric http://ohsohightech.se/spotify-varnar-for-stulna-losenord/comment-page-1/#comment-2067 Wed, 04 Mar 2009 19:07:09 +0000 http://ohsohightech.se/?p=2317#comment-2067 Det är väl Despotify dom hänvisar till, misstänker jag.

Se denna kommentar från Despotifys källkod:

* Prior to the 19th of December 2008 Spotify happily told clients
* (including ours!) almost everything it knew about a particular
* user, if they asked for it.
*
* Legitimate requests for this is for example when you add
* someone else’s shared playlist.
*
* This allowed clients to see not only the last four digits of the
* credit card used to subscribe to the premium service, whether
* the user was a paying customer or preferred commercials, but
* also very interesting stuff such as the hash computed from
* SHA(salt || ” ” || password).
*
* In theory (HE HE!) this allowed any registered user to request
* somebody else’s user data, get ahold of the hash, and then use
* it to authenticate as that user.
*
* Fortunately, at lest for Spotify and it’s users, this is not
* the case anymore. (R.I.P poor misfeature)
*
* However, we urge people to change their passwords for reasons
* left as an exercise for the reader to figure out.

]]>
Av: Marcus http://ohsohightech.se/spotify-varnar-for-stulna-losenord/comment-page-1/#comment-2066 Wed, 04 Mar 2009 17:20:30 +0000 http://ohsohightech.se/?p=2317#comment-2066 Bra att dom löst problemet och att man enkelt kan byta lösenord.

]]>