Security and Privacy Issue : May-2014

[Irenicus]

IPs are basically public information. Don't worry about it.

[HighGuard]

Not the worst thing in the world to have happen for me. The password I use is one i use most places that are not important to me. Any actions someone would take with that password would get reported to my email, which uses a unquie password with 2 step verification requiring my phone. For me I recognize that a forum is not fort knox nor should it be.
They got my ip? Dont care. Ips are not that big of a deal, its like someone getiing your zip code. If they were after ips they could just look at the history of any random wiki article and get dozens of them with no one the wiser, unlike the hassle of hacking a forum
Got my password? Dont care. Its just the key to the door, you still dont know the alarm code.
Got my username? Dont care. Its a very common name anyways and I have been using a new name recently anyways.
Got my email address? Dont care. They still dont have the password to that or my phone. 1 of 3 is useless.

Honestly you shouldnt be using the same password for a low security site such as a forum and a high security site site like your bank. Mustang vs a MRAP. You dont store your SSN, credit card #, real name, home address, mothers maiden name, money or anything else thats important here so its not the end of the word.

[Reincarnated]

Well I use the passwords for another forum thing-y so it's not so important to me except they crack my email too.

[RJ TAYLER]

Well for me this place was the last place that I used my original password in any way, shape or form, so apart from that nostalgia it has been no loss (so far), just a big pile of annoyance.

[kusabireika]

just quick question about notification i have unread mail but when i check my message they all read ._. is this normal

and by the way all post and pic seem gones what happen i hope its ok to ask im bit confuse

[Guido]

I recall the 2005 Forum Great Crash when AnimeSuki literally lost about 12 months worth of registered user accounts, PMs, posts, etc. due to DDOS attacks, if I remember that was the case back then.

Now, we have this breach, and security got all compromised, but I do not blame AnimeSuki and their responsible staff. (meaning neither sarcasm nor pun).

What I'm concerned right now is the IP address that I regularly use to login to the forums, that's the only issue I'm worried about. Since, I did use the same old password in nowhere else but to login to AnimeSuki for about ten years since becoming member; seriously, I'm going to miss that password.

[Archon_Wing]

Quote:

Originally Posted by Reckoner

Fortunately none of my really important accounts shared info with this website.



I believe the forum was also hacked in the 2004ish period, so once a decade event for this site?

/stares at year

Shit, it's Third Impact.

[Infinite Zenith]

For the hacker who's doubtlessly reached cracking my old password by now, congratulations. They've just performed the equivalent of successfully pickpocketing me and finding out the wallet he took from me only contains lint, while my real wallet is safe.

[SaintessHeart]

Quote:

Originally Posted by Archon_Wing

/stares at year

Shit, it's Third Impact.

*forbidden love goggles on*

You two make the most awesome couple here.

[DragoMuseveni]

I believe this hacker isn`t worth to talk about , because , with ip , and passwords you don`t have anything to do with esspecially when they come from a forum . Even so , he didn`t know how to hide his tracks , that announce i do have the impression i `ve seen a similar case on another forum before , it was a key for the hacker to acces the moderator/admin options , injecting some sort of weakness. But after the announce is erased , he hasn`t acces acces anymore .MD5 is a weakness almost every forum has.

[ChuckE]

Hacker was able to decrypt md5?
Give him a medal

[Kimidori]

Quote:

Originally Posted by ChuckE

Hacker was able to decrypt md5?
Give him a medal

It's easy for hackers who specialize in password cracking....

[sgrunclub]

i'm curious too.. which moderator is this. will this harm our computer visiting this site?

[Dextro]

Quote:

Originally Posted by ChuckE

Hacker was able to decrypt md5?
Give him a medal

Why? You only need a couple of modern GPU to do that. MD5 is really really easy to crack with the amount of Computer power you can get off the shelf nowadays (and rainbow tables)

[NightWish]

Quote:

Originally Posted by Irenicus

do you keep any old password data

Not for regular members. For the accounts where the forum does enforce password uniqueness within a time period, a list of previous hashes is kept but only long enough to cover that period.

Quote:

Originally Posted by Irenicus

are the old ones compromised?

There is no evidence that the password history information was disclosed.

Quote:

Originally Posted by AC-Phoenix

Would be good to know which IP adress I actually registrated with now...

Happy to answer account specific questions submitted privately. Can't guarantee speed of reply, but will get to them all eventually. Too hard to catch them all in this thread. If you really want me to reply in public, say so in the message and I'll consider it, subject to common sense.

Quote:

Originally Posted by sgrunclub

will this harm our computer visiting this site?

No. As far as we know the attack was to gain information not to directly compromise visitor's computers. I've found no evidence of attempts at malware sharing or injection, aside from the so-called "php kit" used in the attack itself of course, and that was focused on getting into the site and not your computer.

[serenade_beta]

Quote:

Originally Posted by Archon_Wing

/stares at year

Shit, it's Third Impact.

*prepares for 2024*

[zero7090]

can we employ 2 factors authentication that whenever anyone login they must input 6 number using google authenticator? I believe it doesnt cost much to get it running.

[ChuckE]

Quote:

Originally Posted by Kimidori

It's easy for hackers who specialize in password cracking....

Quote:

Originally Posted by Dextro

Why? You only need a couple of modern GPU to do that. MD5 is really really easy to crack with the amount of Computer power you can get off the shelf nowadays (and rainbow tables)

Bruteforcing it may be possible but....c'mon even Pentagon servers would required couple of years
Hacker has been preparing to hack this forum since 200x Oh maybe he was just lucky lol

[Irenicus]

Quote:

Originally Posted by NightWish

Not for regular members. For the accounts where the forum does enforce password uniqueness within a time period, a list of previous hashes is kept but only long enough to cover that period.

There is no evidence that the password history information was disclosed.

Good to know. Thanks.

[Haak]

Looks like my new security measures are working perfectly. I already forgot my Animesuki password and had to reset it. XP