open All Channels
seplocked EVE General Discussion
blankseplocked Security Notification - Scrapheap Challenge Database Compromise
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: 1 [2]

Author Topic

Karbowiak
Sniggerdly
Posted - 2011.04.12 16:03:00 - [31]
 

Originally by: EntroX
Edited by: EntroX on 12/04/2011 16:01:52
Originally by: Karbowiak
Originally by: EntroX
Edited by: EntroX on 12/04/2011 15:56:02
Originally by: Karbowiak
Edited by: Karbowiak on 12/04/2011 15:43:47
From a reliable source i was told that K.com also collects passwords (unhashed format even) everytime you login.
So using Kugut-sumen (WHY ARE YOU CENSORING THIS NAME CCP??) is about as secure as it was to use Scrapheap.

Can't imagine Failheap is any different Confused

So, here's to hoping T'Amber actually implement proper 3rd party authentication, so i never have to give any user og password to any EVE related fansite ever again.
Mostly cause everyone is a bunch of greedy ****ing pigs that are only out to steal ur ****


Well that's not nice coming from you since you offered this very same "greedy ****ing pic" to host the site for me.

Way to save face~

edit: i did also post spiral's password to prove that they indeed are not in plain-text, but then again, when have you ever given an educated argument Laughing


Don't see how me offering to help out Failheap is of any relation to this tho?..
I said 'i can't imagine failheap is any different' - prove me wrong.

As for saving face, where am i trying to save face?
Do you even know what you are writing? Rolling Eyes



http://pics.entrox.me/Screen%20shot%202011-04-12%20at%2012.00.09%20PM.png


you happy now?


Much more. Very Happy
Still doesn't explain why you decided to say im trying to save face tho.

But whatever.. My offer still stand btw.

EntroX
Elements of Harmony
Posted - 2011.04.12 16:06:00 - [32]
 

we'll cross that bridge as soon as we reach it.

tho at this rate i can see it now and the brakes seem to be broken...

Helen
White Noise.
Posted - 2011.04.12 16:08:00 - [33]
 

Heh Karb and forums.

Toby Le'rone
Posted - 2011.04.12 16:14:00 - [34]
 

FHC truly is the place to be

Jiro Rans
Perkone
Posted - 2011.04.12 16:14:00 - [35]
 

Originally by: Helen
Heh Karb and forums.
Are you trying to say Karb would go full emo and decide to post the whole db on the webs o just delete it all of a sudden?

Karbowiak
Sniggerdly
Posted - 2011.04.12 16:18:00 - [36]
 

Originally by: Jiro Rans
Originally by: Helen
Heh Karb and forums.
Are you trying to say Karb would go full emo and decide to post the whole db on the webs o just delete it all of a sudden?


Pretty sure thats what he ment.. Wink

Bhattran
Posted - 2011.04.12 16:36:00 - [37]
 

Originally by: whispous
I see CCP only noticed and posted 2 days late, when they supposedly keep tabs on community sites


CCP has been telling people to not use the same password on multiple sites for months/years? and especially not the one you use for your eve account. Really if people are that idiotic in the first place then didn't bother to read the ever living 'Protect your accounts' thread stickied at the top of this forum so another topic isn't going to help them.

http://www.eveonline.com/ingameboard.asp?a=topic&threadID=1125764

Sofia Roseburn
Caldari
Lone Star Exploration
Posted - 2011.04.12 16:55:00 - [38]
 

BUTTHURT

Viper ShizzIe
Habitual Euthanasia
Pandemic Legion
Posted - 2011.04.12 23:15:00 - [39]
 

Originally by: Karbowiak

From a reliable source i was told that K.com also collects passwords (unhashed format even) everytime you login.



Yes but we only collect them when you log into other sites.

Kugutsumen Dot Com
Posted - 2011.04.12 23:20:00 - [40]
 

Originally by: Viper ShizzIe
Originally by: Karbowiak

From a reliable source i was told that K.com also collects passwords (unhashed format even) everytime you login.



Yes but we only collect them when you log into other sites.


Sadly, this is the easier method.

Sullen Skoung
Posted - 2011.04.12 23:48:00 - [41]
 

Originally by: Kuar Z'thain
Edited by: Kuar Z''thain on 12/04/2011 15:04:52
Everyone to *snip* Inappropriate link removed. Spitfire



hey what the heck? its not filtered

MpozoY
GoonWaffe
Goonswarm Federation
Posted - 2011.04.13 00:02:00 - [42]
 

I don't know about K.com collecting passwords but they've been running this thing that turns on your webcam and snaps pictures of you when you're not expecting it, I got in an argument with one of their mods (not to name names but it rhymes with Cyber Sizzle) and he showed me a picture of my own hairy butt, turns out he had an entire folder of pictures of my bare tuckus!

If you go to K.com don't let this happen to you, keep your screen turned around facing away from you the whole time you're logged in, it's the best way to remain safe on the world wide web

Sullen Skoung
Posted - 2011.04.13 00:11:00 - [43]
 

Originally by: MpozoY
I don't know about K.com collecting passwords but they've been running this thing that turns on your webcam and snaps pictures of you when you're not expecting it, I got in an argument with one of their mods (not to name names but it rhymes with Cyber Sizzle) and he showed me a picture of my own hairy butt, turns out he had an entire folder of pictures of my bare tuckus!

If you go to K.com don't let this happen to you, keep your screen turned around facing away from you the whole time you're logged in, it's the best way to remain safe on the world wide web


or dont own a web cam lol

mazzilliu
Caldari
Sniggerdly
Pandemic Legion
Posted - 2011.04.13 00:16:00 - [44]
 

Edited by: mazzilliu on 13/04/2011 00:28:03
Originally by: MpozoY
I don't know about K.com collecting passwords but they've been running this thing that turns on your webcam and snaps pictures of you when you're not expecting it, I got in an argument with one of their mods (not to name names but it rhymes with Cyber Sizzle) and he showed me a picture of my own hairy butt, turns out he had an entire folder of pictures of my bare tuckus!

If you go to K.com don't let this happen to you, keep your screen turned around facing away from you the whole time you're logged in, it's the best way to remain safe on the world wide web


you post with your butt facing the monitor?

explains a lot. teeee heeeee


edit- people should be treating all 3rd party sites as potentially compromised and should not re-use the passwords for their emails or anything like that

leboe
Stimulus
Rote Kapelle
Posted - 2011.04.13 06:40:00 - [45]
 

Edited by: leboe on 13/04/2011 06:40:05
Calmdown hacked my bank account and paid off my visa :(



what a babby

Flynn Fetladral
Royal Order of Security Specialists
Posted - 2011.04.13 20:12:00 - [46]
 

Originally by: Gavjack Bunk
Originally by: Helen
Luckily only stupid people will be effected.



Everybody is so smart until they meet somebody smarter. Hold onto that humility, you might need it later.


This Cool

Xavier Liche
Posted - 2011.04.14 03:20:00 - [47]
 

wth?!!?

Anyone who is posting on multiple sites is posting from work because you know, that is the only time anyone has to post on forums, that and when they are Comcast users. So now we are supposed to have all these different usernames and passwords?

It is way easier if you use your LAN username, LAN password and corp email address for everything, then you don't have to keep stickies all over with fansite logins, which can make your boss suspicious.

Furb Killer
Gallente
Posted - 2011.04.14 08:47:00 - [48]
 

Originally by: Bhattran
Originally by: whispous
I see CCP only noticed and posted 2 days late, when they supposedly keep tabs on community sites


CCP has been telling people to not use the same password on multiple sites for months/years? and especially not the one you use for your eve account. Really if people are that idiotic in the first place then didn't bother to read the ever living 'Protect your accounts' thread stickied at the top of this forum so another topic isn't going to help them.

http://www.eveonline.com/ingameboard.asp?a=topic&threadID=1125764

That is alot easier in theory than in practise. They already want us to use a pass with capitals, special chars, numbers, etc (which is kinda useless since it is pretty much impossible to do a brute force attempt over the web), then add that everyone else also wants us to do that, I got at my work arround 5 logins, another 10-15 privately (several email, several forums, several games, other stuff like government sites, ebay, and that is excluding a ****load of webshops that all want to use an own login).

So then I should remember 20 different logins, all preferably long with special chars and all that stuff. And that is excluding the username that CCP also wants unique for everything where you login. Of course you can do an easy solution like using "SHCpassword", but you dont need to be brilliant to realise you can then also use "kugupassword" for that site that shall not be named.

And nop I was not affected by this in any way, dont even had an SHC account. And of course I do not use the same password for everything, but every password unique is also unrealistic. Yes I can use a password manager, but I want to be able to login from computers without that manager too.

RedSplat
Posted - 2011.04.14 14:53:00 - [49]
 

Get a random number generator and run up 200 10 digit strings on some A4; make several copies and lodge one with your bank in case your house burns down. Use each string for no more than a month, then cross it off and change your PW to the next one.

Pick a small font size and you can have several columns of 10 digit strings on each page, one column per account.

Rejoice that you no longer use 5f4dcc3b5aa765d61d8327deb882cf99 to secure your internet spaceships

Bhattran
Posted - 2011.04.14 17:08:00 - [50]
 

Originally by: Furb Killer
Originally by: Bhattran
Originally by: whispous
I see CCP only noticed and posted 2 days late, when they supposedly keep tabs on community sites


CCP has been telling people to not use the same password on multiple sites for months/years? and especially not the one you use for your eve account. Really if people are that idiotic in the first place then didn't bother to read the ever living 'Protect your accounts' thread stickied at the top of this forum so another topic isn't going to help them.

http://www.eveonline.com/ingameboard.asp?a=topic&threadID=1125764

That is alot easier in theory than in practise. They already want us to use a pass with capitals, special chars, numbers, etc (which is kinda useless since it is pretty much impossible to do a brute force attempt over the web), then add that everyone else also wants us to do that, I got at my work arround 5 logins, another 10-15 privately (several email, several forums, several games, other stuff like government sites, ebay, and that is excluding a ****load of webshops that all want to use an own login).

So then I should remember 20 different logins, all preferably long with special chars and all that stuff. And that is excluding the username that CCP also wants unique for everything where you login. Of course you can do an easy solution like using "SHCpassword", but you dont need to be brilliant to realise you can then also use "kugupassword" for that site that shall not be named.

And nop I was not affected by this in any way, dont even had an SHC account. And of course I do not use the same password for everything, but every password unique is also unrealistic. Yes I can use a password manager, but I want to be able to login from computers without that manager too.


Agreed but the issue at hand is internet spaceships, if people are so thoughtless as to use the SAME password they use for their account as on some 3rd party forum while also being the 'same' character or main to further identify the pw/account relationship along with maybe email address it is kind of late to help them.

For what you are mostly talking about it comes down to categorizing accounts, a forum where you read about cars doesn't need a really secure password and might even share the same PW with another forum you use. You also don't need to use the same username on every site you visit, nor do you need to always be 'you' everywhere you go. Some sites might benefit from you managing your personal profile for work/family etc but most don't need that level of detail or privacy.

For using sites when you aren't on your machine back to categories, do you need to use that car forum when you are away or can you not deal with it until later, do you need to login to your CC account or wouldn't calling customer service offer nearly all the same information. Worst case you can have written PW with abbreviations for the account that you carry if you can't remember them all or need to have access when you aren't home.

Depending on your work accounts/job your work PW's might be written down on card you bring to work, bank/financial institutions something similar but kept at home in a secure place. Any of those can be 'coded' from backwards to extra characters that are omitted like PW is 45mo98Jl you write 459moj982Jlp and 'you' know you had a 2 number/letter pattern.

I also was not affected by this, probably not a surprise, even if I was 'Eve famous' I wouldn't be using the same pw as an account I pay for with some 3rd party site that deals with that paid account's content. That is like going to some anti bank site and using your account's pw there too.

It is a problem we face with so many services and personally I'd rather have numerous pw/login/accounts than some universal internet ID that links everything I do through one 'provider' and point of failure/compromise.


Pages: 1 [2]

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only