***
Gawker Password Theft a Wake-Up CallAnalysis: Underestimating your own vulnerability is a recipe for disaster.
The big story was that over the weekend of Dec. 11-12, Gawker admitted in a post on its various sites— which include Deadspin, Fleshbot, Gizmodo, io9, Jalopnik, Jezebel, Kotaku and Lifehacker, as well as Gawker itself—that its central password database had been compromised. It seems that the Gawker IT organization had used the long-obsolete DES to encrypt the password store, had ignored at least a month’s worth of warnings that something fishy was going on, and had let its production servers get about three years behind on kernel patches. In short, the company’s IT crew had utterly failed at its job.
http://www.eweek.com/c/a/Security/Gawker-Password-Theft-a-WakeUp-Call-181361/***