2014-05-13, 12:04 | Link #141 | |
Himawari no Shoujo
IT Support
Join Date: Jun 2012
Location: Viet Nam
Age: 37
|
Quote:
That's what we know, but not majority of internet users are aware of that. In short I've just been making a simple warning of risk they could face. @Busaiku: It's the best method.
__________________
|
|
2014-05-13, 12:10 | Link #142 |
NYAAAAHAAANNNNN~
Join Date: Nov 2007
Age: 35
|
Not for fibre users. Our telcos are damn confidence tricksters - they didn't tell the consumers they would only get a 10Mpbs increase in international connections, share bandwidth with their neighbours and have a static IP, which I think increases security risk.
Tor could be a workaround, but it makes you look like a Darknet child-porn peddler or a Silkroad hashish dealer. CIDCCD will be on your ass sooner than you can say loli/shota.
__________________
|
2014-05-13, 12:11 | Link #143 | |
Senior Member
Join Date: Nov 2007
Location: Tennessee
Age: 37
|
Quote:
|
|
2014-05-13, 12:12 | Link #144 | |
今宵の虎徹は血に飢えている
Join Date: Jan 2009
|
Quote:
And why is fiber static when my more crappy traditional line isn't?
__________________
|
|
2014-05-13, 12:18 | Link #147 | |||
NYAAAAHAAANNNNN~
Join Date: Nov 2007
Age: 35
|
Quote:
Quote:
Meanwhile, I think we should just monitor our emails and just delete/block anything suspicious. Not much GHD can do on his side now other than work on security, which I think can be rather cost-inefficient considering this is only a forum. Yes and no. We know what the hacker used to exploit us so we can fix it, though some issues might be very difficult to fix. Quote:
The initial uptake due to marketing campaigns means that many people will take up fiber and end up sharing bandwidth. So the stone meant to kill 2 birds (boost the local image as a tech hub with fiber and make money out of it) ended up missing them both.
__________________
|
|||
2014-05-13, 12:19 | Link #149 |
Senior Member
|
Are you kidding me? You were hacked almost two weeks ago and it took you this long to announce our passwords were far from protected, and likely compromised. Even if it took you time to '' gather facts '' you could've made the announcement regardless to inform people and have them change their passwords just in case. I am extremely disappointed in the staff's decision to wait this long.
I personally used my password across multiple sites, which some include games where I have heavily invested in.. The password is so complex, that there is no way anyone could ever guess it which is why I've used the same password - little did I expect AS would be hacked, let alone you notify us two weeks later - when it's probably too late. Hell, I just realized I have the same email/password combo on my Paypal account, with all of my cards linked to it .. Off to check all those sites/accounts now -__-
__________________
|
2014-05-13, 12:21 | Link #150 |
Senior Member
Join Date: Dec 2008
|
Since my password to my email and here was different. Does that mean I have averted the main problem ? Fortunately I dont use Velsy as a username all that often. Or so hardly anymore. I cant raelly remember what password it was since I have a few passwords I rotate with. So I like try them all til one works. I use the option remember me, so I dont log in all that much to remember what it was.
__________________
Last edited by Velsy; 2014-05-13 at 12:34. |
2014-05-13, 12:38 | Link #152 | |
Administrator
Administrator
Join Date: Jan 2001
Location: Netherlands
Age: 45
|
Quote:
I had to stop the webserver for a few seconds to let the load die down (by that time the command I was running had already completed as well). |
|
2014-05-13, 12:39 | Link #153 |
(。☉౪ ⊙。)
Author
Join Date: Jul 2004
Location: In Maya world, where all is 3D and everything crashes
Age: 36
|
You can't really blame Asuki for that. As much as I agree a mail to change passwords would be nice in time even if there's a 50% certainty (Adobe did this a while back) using the exact same password because it is complex to remember for all websites is a little stupid. Hackers don't really sit behind a computer and guess they have a file which just lists them all for them. Use a variation of the password or perhaps parts of it combined with a sentence, just don't use the exact same for your paypal and such and don't post here that you use the same password before changing them all.
|
2014-05-13, 12:44 | Link #155 | ||
NYAAAAHAAANNNNN~
Join Date: Nov 2007
Age: 35
|
I would like to tell all the readers here who are grumbling about the mods : never expect the forum mods to give you top notch security because the mods are largely limited by the forum service providers, who do not take into account security integrity simply because it is a only bloody message board, not a financial transactions system. It evolved by the olden days of BBSes, which are free-for-all, into a secret base for the passionate kid in everyone.
It is still a public message system. Same rules IRL apply with regards to dealing with public matters. Quote:
Quote:
I better go watch my lolis before some lolicon steal them away.
__________________
|
||
2014-05-13, 12:45 | Link #156 | |
Administrator
Administrator
Join Date: Jan 2001
Location: Netherlands
Age: 45
|
Quote:
And I suppose you could blame me for not visiting the forum everyday anymore and not checking my @animesuki.com email account basically... never. Other admins had tried to warn me a few days ago but it wasn't until Nightwish actually took the forum offline for a few minutes that I got a notification from my server monitoring service. |
|
2014-05-13, 12:54 | Link #157 | ||||||
Software engineer
Join Date: May 2014
|
Quote:
Making the appropriate changes to the sort of hashing algorithm you use, as well as purchasing and applying an SSL cert to protect your users might take you all of a day if you're slow, and then you never have to do it again. We're talking about making programmatic changes to the forum and the server once, not adding to the list of tasks you need to carry out manually. Quote:
Quote:
Using Tor would provide AS users with anonimity, though I don't think that's really helpful to an average anime forum user. Also, until AS supports HTTPS, Tor exit nodes would be able to see everything an AS user does, as well as read their passwords and such, which I outlined previously. Quote:
I would argue that it's probably not, based on what I've seen in this thread so far. Quote:
Quote:
I don't know about you, but I don't know a single person who goes about their public matters with their passwords and personal information tagged on their back in such a way that you (metaphorically) only need to squint a little to read.
__________________
|
||||||
2014-05-13, 13:00 | Link #158 | |
AS Oji-kun
Join Date: Nov 2006
Age: 74
|
Quote:
As I say, if you connect to the Internet through a router, only the router is publicly visible. I just ran an nmap scan against my ISP-provided router (an Acctiontech from Verizon) from another computer on the Internet. The scan ran for over five minutes as nmap tried all sorts of tricks to break into the router. Not one of the 1680 ports it examined was open to the outside. If you connect your computer directly to the Internet, then yes, you should be running firewall software on that machine. Of course, that's always been true. The AS breach does nothing to change that fact.
__________________
|
|
2014-05-13, 13:01 | Link #159 |
Asobo~
IT Support
Join Date: Jul 2007
Location: Italy
Age: 34
|
So, considering that the staff fucked up badly now and it has quite a few debts with the users, are you gonna pay a little of it by adding tapatalk support, which was requested for years and never implemented?
__________________
Last edited by kache; 2014-05-13 at 13:35. |
2014-05-13, 13:10 | Link #160 | |
Member
Join Date: May 2014
Location: NL
|
Quote:
I personally use a unique password and a different e-mail account (not used for mails or sign ups with a different password) for my paypal account. I won't claim it to be hack proof but at least I take some measure of precaution. As a general note: A smart thing to do is to make a specific set of passwords for different uses. 1 for forums 1 for online shops 1 for online gaming etc. and use unique passwords to safeguard the more important accounts and stuff. This way you don't have to remember too many passwords and can easily change just that specific set when necessary. Also change those unique passwords once a year and don't save them on your pc (write it down and keep it safe if you have to) and clear your cookies and cache once a month, all this helps in keeping your shit a little bit more safe. |
|
|
|