Friday, April 01, 2011

manually inspect 60 million packets

Dear pcapr users,
As you already know, pcapr has become the largest online repository for packet captures, with over 60 million packets online. With 420+ protocols and 2800+ distinct packet captures, pcapr has become a reference platform for those that seek packet traces and want to collaborate on them. We have global service providers, government agencies, networking vendors, IT and security folks as active users and we continue to see new users rapidly embrace this platform.

Recently, we embarked on transforming all of the pcaps into the pcap-ng format, which is capable of storing meta data into each capture. We thought it would be really cool to tag these packet captures with the user that uploaded it into pcapr, but made a grave error.

Through a not-so-common programming mistake (off-by-31337 error), each of the 60 million packets was tagged with *every* pcapr user's email as well as the password. While we never stored your password in the clear, the MD5-hash of your password in the meta data is prone to brute-force cracking attacks to reveal the plain text password. We are terribly sorry for this grave mistake and we are taking all the right measures to ensure that this will never happen again. We are also stunting innovation across the entire pcapr team and rolling back all of the pcap-ng migration efforts.

We highly recommend that you manually inspect each of the 60 million packets on pcapr to ensure that your credentials are safe. We deeply apologize for the inconvenience and we sincerely hope that this will not discourage your future pcapr experience.

The Pcapr Team
April 1, 2011