PDA

View Full Version : Someone's Upset.



Kiwifan
11-26-05, 11:27 AM
Looks like someone's upset at CCF as they appear hacked. Hmmmmm?

Keep it tight here Boss, gotta get my daily dose. ;)

Rusty.

Kiwifan
11-27-05, 08:18 PM
Nevermind. :o

Rusty.

TravelGal
11-27-05, 08:43 PM
Second time in two days though. vbulletin appears to have an unhappy customer somewhere. Or just some dolt stuck in idiot-land, thinking he's "cooooool." :rolleyes:

Kiwifan
11-28-05, 01:33 AM
Thanks TG, I thought it was just me. ;)

Rusty.

devilmaster
11-28-05, 03:18 PM
Sorry to Matt and Marissa - there is no reason to resort to this because of the split :shakehead .........

But this does give a chace to warn to those here and other sites:

This is a time for a good reminder about personal passwords for users. Don't use the same password there and here (or other similar sites) and change your passwords once in a while.

If you are a member over there (like I still am) realize that whomever hacked them may now have your personal password for CCF - best to make sure it isn't the same for other sites, just in case.

SteveH
11-28-05, 03:28 PM
Aren't passwords (or at least the password offset) kept in an encrypted file? If not, why not?

password offset = the result of running the password through encryption, hard if not impossible to reverse engineer the password from the end result.

devilmaster
11-28-05, 03:31 PM
Aren't passwords (or at least the password offset) kept in an encrypted file? If not, why not?

password offset = the result of running the password through encryption, hard if not impossible to reverse engineer the password from the end result.

Its entirely possible and you are more than likely right, but to err on the side of caution is why I posted it.

nrc
11-28-05, 05:19 PM
Passwords are stored in a database in encrypted form. That's the case for most versions of VBB. If someone gets a list of encrypted passwords whether they can crack it depends on how much time and effort they want to spend, and how complex the passwords are.

VBB uses PHP which has had a series of known security problems. The VBB folks have been good about patching the BBS to avoid them as they are discovered, but the more custom extensions you add to VBB the harder it is to keep things patched and the more likely one of those extensions is to open the door that a patch is supposed to close.

I don't know if CF was the victim of a script kiddie exploiting one of these known problems, or whether they were singled out for attack over split politics.