2014-05-13, 16:13 | Link #201 |
Senior Member
|
It's a good thing I changed the password for the email address used to register here a while ago (after it was compromised) otherwise this pile of scum would have had access to other sites and services that use the same password, and the registered IP address is a moot point as well since if it was where I think it was, then I no longer use it (and they have the AS forum on their block list) and I'm now going through the process of disabling java at browser level (it's set to always ask on the browser I use so even though I viewed the malicious announcement, it's unlikely that I was affected).
|
2014-05-13, 16:14 | Link #202 | ||
失礼、噛みました
Join Date: Jul 2013
|
Quote:
I think you know that SHA1 isn't even good. It's slightly better than MD5. I'll use LastPass ONLY if the security is provided by the NSA. There is no way I'm leaving vulnerable information to some technology that have a chance to fail(no technology is fail-proof). Sure, for the people who can't understand these things much, getting them to use LastPass may be good but I fear the over-dependency of it. I'd have liked it if it used the BATON system but I'm prolly asking too much for something that is almost remotely free. With these systems, one could say it's doing more harm than good. People get complacent and rely on it far too much. When the day comes and these things aren't available anymore, you'll see vulnerable information being much easily exploited due to the fact people don't know how to create passwords without using technology anymore. Just like the saying goes "Give a man a fish and you feed him for a day, teach a man how to fish and you feed him for a lifetime". Quote:
You must have sorely mistaken me for the simplistic lazy kind. I'm sorry to disappoint you then. Thing is, the general BASIC rule of creating passwords doesn't tell anyone to adopt a style to follow. It's merely just guidelines. I do run test for my passwords and I can fairly say I'm confident in its strength. Besides, there is a beauty in cryptography, something which many people fail to appreciate.
__________________
|
||
2014-05-13, 16:22 | Link #203 | |
Administrator
Administrator
Join Date: Jan 2001
Location: Netherlands
Age: 45
|
Quote:
I just tried deleting & re-uploading my avatar and that seems to work fine. |
|
2014-05-13, 16:58 | Link #204 |
Senior Member
Join Date: Dec 2005
Age: 35
|
It's unfortunate that this has happened, but I'm not too fussed. Security is quite a big issue these days though, so I'd have expected more than to have an inactive staff account left laying about to be abused.
That said, in my case, it was an out of date password attached to an old and dusted email account that I don't use any more with a diff pass anyway. My forum username is a common one that is used around the Internet by many others, so that isn't a big deal either unless someone cares enough to try every single "Tabris" they can find, of which there are many and only one that is me, here. |
2014-05-13, 17:10 | Link #206 | |
Administrator
Administrator
Join Date: Jan 2001
Location: Netherlands
Age: 45
|
Quote:
So, no, I'm afraid I can't help you. |
|
2014-05-13, 17:18 | Link #207 |
Senior Member
Join Date: Sep 2007
Location: USA
Age: 32
|
So I know the password here was changed, but since my email wasn't updated on this account until today (it was on some other email), what are the odds that it could've affected other sites I use? I'm asking because my tumblr password suddenly stopped working (and I was suddenly logged out too), but that email wasn't the same as this one, at least until literally just now.
|
2014-05-13, 17:22 | Link #208 | |
I disagree with you all.
Join Date: Dec 2005
|
Quote:
Though I suppose you could give him his md5, the salt, and let him sort it out. |
|
2014-05-13, 18:00 | Link #209 | |
ひきこもりアイドル
IT Support
Join Date: Feb 2009
Location: Pennsylvania , United States
Age: 34
|
Quote:
If you can't remember a complex password, I suggest making a password based on patterns (as long it's not a common one like qwerty) or make one based on a few random words and then substitute it with numbers, caps and symbols. Do not add numbers to existing passwords because one is lazy to memorize another one. In addition, I suggest turning on two-factor authentication if the service provides it. In multi-factor authentication, there are three, what you know (passwords, pin number, what you have (smartphone or a smart card) and what you are (biometrics). Nowadays, sites like Google, Twitter, Facebook, etc have the ability to send a code via SMS or use an application to provide a code before you can login (and it's hard to crack considering that these codes are only valid for a period of time before they expire). But aside from that, I feel that while passwords are a necessary evil since it's not practical to have certificate authentication or use RSA keys (typically used in SSH authentication, which is public key cryptography). I do agree with this particular blog post as passwords are becoming archaic as faster GPUs and ASIC makes it easier to crack these passwords… I think it's a good idea to add a two factor authentication option with either Google Authenticator and Authy so the attacker will have a harder time hacking unless they steal the user's phone or device.
__________________
|
|
2014-05-13, 18:01 | Link #210 | |
Where are the good animes
Join Date: Dec 2003
|
Quote:
|
|
2014-05-13, 18:30 | Link #211 |
Le fou, c'est moi
Join Date: Dec 2007
Location: Las Vegas, NV, USA
Age: 34
|
Looks like I've got to investigate what random old accounts I've made over the years.
Meh, good excuse to start implementing serious security measures anyway. Maybe I could try LastPass out. I may have the sense to at least segregate my bank account and email passwords, but still. But I hope you guys wake up and start accelerating forum upgrades and/or security upgrade plans going forward. Bring in more staff if you have to. A target once is a repeated target. A question, however: if a user has previously, before the May 2-4 incident, changed passwords, do you keep any old password data, and if so, are the old ones compromised? |
2014-05-13, 18:53 | Link #212 |
Burst Mode
Author
|
Well, this situation is unfortunate. I have a bit of a problem, though. I don't remember what password I used for this site since I just set it to auto log in. I have a handful of passwords I use for most sites so is it possible for an admin or some one to tell me what my old password was? Just need to know which I need to change.
__________________
|
2014-05-13, 19:01 | Link #213 |
Detective
Join Date: Aug 2010
Age: 36
|
Would be good to know which IP adress I actually registrated with now... I know I moved in here in Aug 2010 which is approximately when i joined the forums... Question is just whether i registrated from my old home or from hre already...
I think the bigger issue is that I use a (TV) Cable modem, rather than a router though... So yeah let the ping wars with the hacker begin... Can anyone btw please explain how they get the name behind the IP adress? Thats actually an information only your provider should have access too...
__________________
|
2014-05-13, 19:07 | Link #215 | |
Gamilas Falls
Join Date: Feb 2008
Location: Republic of California
Age: 46
|
Hopefully nothing of value is lost due to this.
Quote:
I guess it takes that long to go once around the Internet.
__________________
|
|
2014-05-13, 19:12 | Link #216 | |
Love Yourself
Join Date: Mar 2003
Location: Northeast USA
Age: 38
|
Quote:
The same (or similar) hack occurred on the larger MacRumors forums a few months ago. There was a similar time delay between the hack and when the administration sent out a notice; compared with the AnimeSuki crowd, there was more outrage, for what ever reason. Maybe anime fans are just more mellow. To anyone who is upset, I'd say that you should feel lucky. The vast majority of people using the internet without better security precautions are in for a rude awakening. If having a password stolen on an anime forum was the kick you needed to get a password manager and take security seriously, you had a very mild wake-up compared to what others go through.
__________________
|
|
2014-05-13, 19:38 | Link #217 | |
Cross Game - I need more
Join Date: Apr 2009
Location: I've moved around the American West. I've lived in Oregon, Washington, Utah, and Oklahoma
Age: 44
|
Quote:
Get a password generator to generate random 35 character passwords with numbers, symbols, and different capitalization. Then write it on a slip of paper and carry it in your wallet, preferably without clearly identifying what password goes to what. If your wallet get stolen/lost then you need to go reset your passwords for everything. The other safe option he identified is something like Last Pass, but to have it on an actual hard drive and not anywhere else. Then you just need to defend access to your hardware. The most secure option being to have a second computer (something old and obsolete) that is not hooked up to the internet- generate and store all your passwords there and protect it behind a really strong password. It really depends on how paranoid you want to be.
__________________
|
|
2014-05-13, 20:15 | Link #219 | |
The Opened Ultimate Gate
Join Date: Dec 2011
Age: 30
|
Quote:
if they could and want to hack random guy on the internet based on their IP they could just pick a random Wikipedia editor since their IP are always logged fir everyone to see.
__________________
|
|
2014-05-13, 20:42 | Link #220 | |
Detective
Join Date: Aug 2010
Age: 36
|
Quote:
Just wondering if this incident is worth getting a new static IP adress...(before I continue to anoy my /ipconfig/all netstat - ano lol). I hope this incident got reported to the authorities - might make getting a new IP easier for people with static IPs since ISP's usually don't change your IP without you giving them a very good reason...
__________________
|
|
|
|