UFO Nepal Compromised, Hackers Posts Member's Detail Online

Roshan Karki Unknown
UFO Nepal one of the leading clothing brand of Nepal and one of the very first to start website in this section has been hacked. Its member details like name, address, phone number, username and password has been posted online. The website allowed members to browse their collection of clothes and accessories. Members also used to get email on new arrivals.(But I'd rather call it spam as it used to send 4 or 5 same email).

What hurts most is the website is claimed to be powered by dreams and ideas. The company behind Nepal's most popular portal cybersansar.com . There are many websites created under this company. I wonder how secure are all of them.

Lesson to be learnt here would be to use different password for different websites. And web developers what happened to digest based password with random salting and iteration?

Now it will be interesting to see UFO Nepal and/or Dreams and Ideas response.

Update


After more than two weeks of this incident, UFO  Nepal has sent an email. However the email says the site is being updated and advises its user to change password for security precaution. The whole email reads  as follows:
Dear UFO Members, We are very grateful to have you as member and thank you for being with us this long. We are upgrading our website www.ufonepal.com very soon. For a security precaution, you are advised to change password of your account asap. Sorry for any inconvenience. Thanks, The UFO Team


Comments

Post a Comment

Comments are moderated. No spam please.

Popular posts from this blog

Perm Root HTC Desire Gingerbread 2.3.3

Roshan Karki Anonymous
This guide is for permanently rooting HTC Desire running stock Android Gingerbread 2.3.3 . If you want to temp root then you can follow this guide. Before starting please be aware that problems while rooting can brick your phone. While the process in this guide is relatively simple and easy, I can't be held responsible for whatever happens. Enable USB debugging in your phone by going to  Settings  ->  Applications  ->  Development . Plug in your phone to the computer. Go to Revolutionary website  http://revolutionary.io/  . From there download revolutionary software. Leave this browser tab opened. We need to generate Serial key later. Extract the downloaded software on your computer and run the software with root permission. $sudo ./revolutionary It will tell you your serial number and ask for the beta key. Copy the serial number and go to the browser tab we left open while downloading the software. Put the serial key there, select your phone, hboot version and g
Read more

[Solved] invalid partition table on /dev/sda -- wrong signature 0.

Roshan Karki Anonymous
I was trying to use Disk Utility program to edit some partition in my system. But I got a strange error message "invalid partition table on /dev/sda -- wrong signature 0." and couldn't proceed. So I tried with gparted(Gnome Partition Editor). The result wasn't any different. Today while clean installing Ubuntu 11.10 Oneiric Ocelot, the installer said that there was no partition in my disk. While trying live CD, I could find all the partition and read data. If you also encounter any of the above problem, simple run fdisk by sudo fdisk /dev/sda press p and then press w . You'll see a message "The partition table has been altered!". Now try running the partition editor or the installer again.
Read more

Adobe Stand Alone Flash Player for Linux

Roshan Karki Anonymous
Image
Adobe stand alone flash player for Linux is available. Most of us only need flash plugin for browser to view swf. But sometimes we or most of the times developer wishes for the availability of stand alone flash player for Linux. Stand alone flash player means that you don't need anything to run swf other than the player itself. Yes, you don't need browser or any media player. Get it from http://www.adobe.com/support/flashplayer/downloads.html or download the version 10 directly from http://download.macromedia.com/pub/flashplayer/updaters/10/flash_player_10_linux_dev.tar.gz Not only that you can create self running binaries from the stand alone player.
Read more