After k5 got hacked I don't want to take any chance. Hopefully I'll get this fixed tonight and turn the settings back on.
The scoop method of storing passwords is horribly weak. It's entirely possible to brute force every password < 6 characters within a couple of days. You could search the entire 8 character (yes, it only stores 8 characters of your password) password space in a couple of months. Less on a faster computer. A dictionary search could be done in a couple of hours.
So, if you use the same password for k5 anywhere else, I suggest you change it. I don't know if whoever hacked k5 took a dump of the user database, but seeing as they had access to it to at least run "
UPDATE USERS SET perm_group = 'Superuser'" it's a possibility.
|< Both busy, and not. | BBC White season: 'Rivers of Blood' >|