Change your passwords

[tomazkid]

Hypothesis: Wasn't one of the reasons Wayne moved away from Xoops the presence of some significant security holes? Maybe the AW.net server is the weak point. Is anyone in touch with the admins over there?

Fortunately, the only other place I'm registered is Morphzone, and my password there is so convoluted that even I can't remember it!

Just did a passwd Matt_H, nonetheless.

The obsolete part it the cms, the xoops is old and obsoleted, and will be replaced, it takes time though.
The OS the site runs on, was changed when aw.net moved to a new ISP, and is up to date.

Quoting Karlos regarding where the passwords come from:

"We have no evidence at this time to suspect that the server itself has been compromised. "

Same goes at aw.net, Sibbi has not found anything strange in the logs this far.

[tomazkid]

Unfortunately this is no longer true. Salting is an affective defense against rainbow tables, but there are new tricks in the bag: a single graphics card can try several billion vBulletin salted passwords per second and you can have several cards in a single machine.

In general salting is almost pointless if the attacker can obtain the salts (and typically they do, they're in the same table as the password hashes). Salts of course do raise the amount of work required for cracking but the GPU grunt has leveled the field again.

The solution is to use multi-round hashing of the password + salt.

Bah, what happened to the traditional Amiga "Security Through Obscurity" approach?
Is it obsoleted now?

/more serious mode
Yes, regarding the GPU as you wrote, seems the current trend with GPU used for processing might even make passwords as identification obsolete.