Hacking attempt on the forum
#31
(01-15-2011, 08:46 PM)QuisUtDeus Wrote: Well, I could make an SSL login or even make it all SSL after one is logged in, but it's not worth it for here as long as people have a relatively unique forum password.  And if they don't, they should.
Exactly.

Quote:Another problem is since the forum is hosted, the hosting company has access to the databases and such.  The passwords are one-way encrypted, so they won't get the passwords that easily, but all the PMs are in the database, so they could get those.  Same with any hacker (sorry, Rosarium) that sucked down the database.
Passwords should never be stored. The hash should be. If I can get my actual password back from a service, I do not use it if I can help it. Passwords should not be saved.

And with your ipconfig, I will take control of your computer. It is a new virus I made. It is undetectable completely and one cannot detect what it is doing. You have no defences. Fear me. Ego sum MCCCXXXVII.

Quote:Which brings up another point people should be aware of if they aren't.  E-mail, PMs, etc. aren't private in the sense that:  I have the database, and if I wanted to, I could read everyone's PMs.  Same is true with Yahoo Mail, gmail, or any other forum.
This is why one should encrypt sensitive data.

Quote:Also, it is prudent in general to copy PMs to your computer and delete them. If for no other reason: if the forum closes tomorrow, you'll lose them.

If we are going to give virtues to computer practices, I have a lot I could list :)

Reply
#32
(01-15-2011, 08:56 PM)Rosarium Wrote: If we are going to give virtues to computer practices, I have a lot I could list :)

Maybe we should do it.  If you want, start a thread in pig roast, and people can add to it.  I can clean it up make a pinned post in announcements.

If not, no worries.  This isn't a tech forum, but I think it would be a nice thing to do for people.
Reply
#33
(01-15-2011, 08:56 PM)Rosarium Wrote: Passwords should never be stored. The hash should be. If I can get my actual password back from a service, I do not use it if I can help it. Passwords should not be saved.

I agree, but often we don't know how our passwords are stored by a given place.
Reply
#34
(01-15-2011, 07:15 PM)Rosarium Wrote:
(01-15-2011, 05:59 PM)icecream Wrote: i already change my password.

pretty easy to crack  ;D
That password better be unique to this forum...

If you use that, or variations of it, on any account (email, etc), change them now.

yeah it wasunique to this forum. i use ;lastpass to generate my passwiords for other things.
Reply
#35
speaking of internet security this firefox addon is scary: http://www.csoonline.com/article/631713/...-starbucks-
Reply
#36
Quis, Rosarium: what do you guys think about this article?

(coarse language warning)

http://www.cracked.com/article_18962_5-t...-easy.html
Reply
#37
(01-15-2011, 10:43 PM)Spooky Wrote: Quis, Rosarium: what do you guys think about this article?

(coarse language warning)

http://www.cracked.com/article_18962_5-t...-easy.html

It is spot on.

I already read and knew all that stuff. Security is big with me.
Reply
#38
Gawker pissed me off.  They trolled 4Chan (n00bs!) and got their md5-encrypted login/password database hacked.

Took 'em days to notify their members.  They lost at least one (me) regular reader because of their ineptitude.  Then they have the gall to say it was the "peon" accounts, and pretend like it was no deal.  Amazon reset my password for me!

Jerk-faces. 

I'm also being serious with my Internet presence/security. 
Reply
#39
I don't understand who and why someone would hack a profile on a website like this. We are all poor, lowly, unimportant people (don't take it personally). Go to some wealthy information website to drop spy-ware and malware, for heavens sake. Or, more hopefully, stop doing it altogether.
Reply
#40
If even one person on this forum has a good credit rating or uses the same login for their bank that they do here, that's all the payoff a hacker needs.
Reply




Users browsing this thread: 1 Guest(s)