1. You mean I can't use {)RMTJH(PR[)Tg$VTY_M$+YVayta5yH&+%^}*TH&_T$WT{yhs9ty5h[a04tRTG{W$H)HTV$+VTH$(VTY_+( VH%V(T{U as my password anymore? I kind liked it (yes, that is my old password for this forum)
2. There are two people on this forum right now: those that are worried and getting their accounts compromised, and those that have listened to something I've said since the last Data Privacy Day (along with those that already deployed such tactics beforehand)
3. Seeing all the recommendations of http://keepass.info/ (combined with http://keefox.org/ or https://chrome.google.com/webstore/detail/ompiailgknfdndiefoaoiligalphfdae for optimum effectiveness) and https://lastpass.com/ made my day. So nice to see other people spreading good practice.
4. For all those algorithm-based password generation users, you may want to redesign your root password just to be extra-safe and change it everywhere you used it.
5. For cryin' out loud Bethedsa, hire a http://en.wikipedia.org/wiki/Penetration_Tester!
6. Avatars being disabled means one of two thing: the avatar system was the point of attack by the hackers OR the syadmins are afraid that the avatars may have been compromised with malware (plenty of browser exploits exist that can infect computers via images). If it was the first, I wish you guys luck in fixing it. If you are afraid of the second, please just delete the image database and let us reupload. It's much safer and faster than trying to figure out if they are infected or not.
7. This wasn't anonymous or LulzSec to the best of my knowledge.
8. WIth being able to PM mods to get your password reset, this seems like an awesome opportunity to hone my social engineering skills
(read: I hope every precaution is being taken to verify the identity of the members asking for a password reset this way)
why cant the internet have no hackers ]:
Because without hackers there would be no Internet. Hackers created it.
Again?
My take - put in some .htaccess files, use that to block SQL exploits, block anything except know PHP files being executed.
htaccess can't block SQL exploits
So why all the hack attempts? Any ideas?
http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/
I simply cannot fathom the mentality of a hacker.
Company makes them angry. They take down their websites/services. They claim to be fighting for the users. The users suffer because they took down the service. The users don't get mad at the company, they get mad at the hackers.
How hackers cannot see this "fight the man" mentality they have, only really hurts the users I don't understand.
Anyway, if it was people from the Minecraft community that just makes them look bad. I don't recall suing Notch, personally. So, thanks for taking down my favorite forum. <_<
You're confusing hacktivists with hackers. Hackers can hack for countless reasons. For profit, for fun, out of hatred, to secure things (pen testing FTW!), etc. The hackers who hacked us this time probably isn't fighting for users or anything like that, but are just pissed and don't care who gets in the crosshairs, or hacked us for money (see the above link "How I'd hack your weak passwords")
..and then my hard disk crashed -no joke, it did..
so I have this serious high-tec device integrated with the rest of the core PC architecture that's infallible.. I have all my passwords written down on a piece of paper and taped to the side of my computer tower. It's old school, but that's how I roll
That's why you back it up, like you should all important data.
Plus, your method is vulnerable to keylogging. KeePass on the other hand, has numerous methods of nullifying keloggers.
I got as brilliant new password via email. No worries about putting down a brand new password.
Using the password you get in the email is the stupidest thing you can do. Email, first of all, isn't a secure mode of communication and secondly, it's not that great of a password. Thirdly, if you don't delete the email that is yet another window for your account getting compromised.
Eh. The one good thing out of this is that it's given me a reason to stop using the same two passwords everywhere and switch over to random-character passwords.
They weren't exactly terribly easy to guess, but the new ones will (hopefully) be harder, not to mention they're different for each place. All written down on a piece of paper in my wallet and kept in a notepad document in a secret place on my PC that nobody will ever find (porm folder
) just in case.
I can't even begin to tell you how stupid it is to have your passwords in an unencrypted text document. There are countless viruses and other forms of malware that exist solely to track down and upload such documents.
Be smart, use KeePass.
Come on! You just suffered a breach and you send me a new password in a plain text email? I expected better of you, folks. Anyone who recovered their account, make sure to switch to a new password rather that use the one you were emailed!
I know, I was pretty pissed when I saw that.
The Forum is breached!? MAN THE BATTLEMENTS! Mr Max_aka_NOBODY fire the torpedos! Mr Expresate I want the shields at full power! :toughninja:
This had better not have been another one of those "We're hacking you because we want more Skyrim information", "we're hacking you because the Skyrim CE price is too high" or god forbid, an attack by the fanatical Notch fans. Good thinking with wiping everyone's passwords for safety.
:sad:
» Sat Aug 13, 2011 11:10 pm 
