Password breach discussion.

About this bulletin board and the Pale Moon website

Moderator: satrow

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Password breach discussion.

Unread postby John connor » Thu, 04 Jan 2018, 12:53

The passwords were clear text. Since phpBB uses Bcrypt, I don't think I or anyone else has anything to worry about. What's your server logs say? See anything suspicious? My password is created with PWD Hash and is at least 16 characters long. With that Bcrypted there's a snowball chance in hell it's been discovered.

I like how that site recommends Last Pass. That asinine cloud-based crap was hacked twice.

Edit- So reading further, it appears some of these were dehashed.
Last edited by Moonchild on Fri, 05 Jan 2018, 09:56, edited 5 times in total.
Reason: unfiltered

User avatar
New Tobin Paradigm
Banned user
Banned user
Posts: 4417
Joined: Tue, 09 Oct 2012, 19:37

Re: Please change your password.

Unread postby New Tobin Paradigm » Thu, 04 Jan 2018, 14:54

tl;dr There was no breach here.. Just gonna state that because people will ask.. But if your password here is one you use elsewhere.. You might want to change it.
Last edited by New Tobin Paradigm on Thu, 04 Jan 2018, 14:54, edited 1 time in total.
I hate Pod Six. Tch, I don't even know why we have a Pod Six. Total suck Pod.
[ ニュー・トビン・パラダイム ]

JSB2000
Hobby Astronomer
Hobby Astronomer
Posts: 23
Joined: Tue, 24 Jun 2014, 16:57
Location: Philadelphia, PA

Re: Please change your password.

Unread postby JSB2000 » Thu, 04 Jan 2018, 15:13

I use a highly complex and sophisticated password, so I doubt that it's been compromised. At the same time, it's amazingly easy to remember, since it's the same one I use for my luggage!

https://www.youtube.com/watch?v=a6iW-8xPw3k

User avatar
New Tobin Paradigm
Banned user
Banned user
Posts: 4417
Joined: Tue, 09 Oct 2012, 19:37

Re: Please change your password.

Unread postby New Tobin Paradigm » Thu, 04 Jan 2018, 15:20

Is it used in more than one location? If so it might be in the 42gb database.
I hate Pod Six. Tch, I don't even know why we have a Pod Six. Total suck Pod.
[ ニュー・トビン・パラダイム ]

User avatar
Admin
Site Admin
Site Admin
Posts: 226
Joined: Thu, 17 May 2012, 19:06

Re: Please change your password.

Unread postby Admin » Thu, 04 Jan 2018, 15:29

@John Connor: what part of "precautionary measure" didn't you understand? Not everything posted is about you. If you use good secure measures already, great! Then this is N/A and you can move right along your merry way.

If your password is currently:
  • Not unique for your user name to this forum
  • Used on ANY other website than this forum
  • Very similar to a user name/password combination you use elsewhere (e.g. just a number different)
  • Short
  • A dictionary word
  • Easily guessed
Then you should change it to be on the safe side.

There has been an increase in password guessing attempts both on our forum and on our mail server since December. This database is actively being used to guess user's passwords.
Last edited by Admin on Thu, 04 Jan 2018, 16:09, edited 3 times in total.
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 3276
Joined: Mon, 03 Oct 2011, 10:19
Location: Texas, USA

Re: Please change your password.

Unread postby Night Wing » Thu, 04 Jan 2018, 16:49

Admin wrote:There has been an increase in password guessing attempts both on our forum and on our mail server since December.


Just curious (as always).

1) Did any of the password guessers' get lucky?
2) The password guessers doing the guessing, did you ban their IP address since I'm going to guess you can see it.
Linux Mint 19 (Tara) Xfce 64-Bit (Default OS) with 64-Bit linux Pale Moon
Windows 7 SP1 64 Bit (Backup OS) with 32-Bit windows Pale Moon

dark_moon

Re: Please change your password.

Unread postby dark_moon » Thu, 04 Jan 2018, 17:30

@Admin:
It is possible to add 2FA to this forum?

User avatar
New Tobin Paradigm
Banned user
Banned user
Posts: 4417
Joined: Tue, 09 Oct 2012, 19:37

Re: Please change your password.

Unread postby New Tobin Paradigm » Thu, 04 Jan 2018, 18:47

dark_moon wrote:@Admin:
It is possible to add 2FA to this forum?


God I hope not. I HATE Two-Factor Authentication.
I hate Pod Six. Tch, I don't even know why we have a Pod Six. Total suck Pod.
[ ニュー・トビン・パラダイム ]

dark_moon

Re: Please change your password.

Unread postby dark_moon » Thu, 04 Jan 2018, 19:40

New Tobin Paradigm wrote:
dark_moon wrote:@Admin:
God I hope not. I HATE Two-Factor Authentication.

Why? It increase your account security a lot

User avatar
New Tobin Paradigm
Banned user
Banned user
Posts: 4417
Joined: Tue, 09 Oct 2012, 19:37

Re: Please change your password.

Unread postby New Tobin Paradigm » Thu, 04 Jan 2018, 20:19

dark_moon wrote:
New Tobin Paradigm wrote:
dark_moon wrote:@Admin:
God I hope not. I HATE Two-Factor Authentication.

Why? It increase your account security a lot


Nah dood.
I hate Pod Six. Tch, I don't even know why we have a Pod Six. Total suck Pod.
[ ニュー・トビン・パラダイム ]

User avatar
Admin
Site Admin
Site Admin
Posts: 226
Joined: Thu, 17 May 2012, 19:06

Re: Please change your password.

Unread postby Admin » Thu, 04 Jan 2018, 22:08

Night Wing wrote:1) Did any of the password guessers' get lucky?
2) The password guessers doing the guessing, did you ban their IP address since I'm going to guess you can see it.


1) not that we know of, because
2) that's automatic.

dark_moon wrote:@Admin:
It is possible to add 2FA to this forum?


Anything is possible. But most cases of "2FA" that are going around these days are not, actually, 2-factor. They are just a "more inconvenient 1-factor" and no, it does not significantly improve your security in that case. Marginally, at best. Strong, unique credentials are a much better improvement of your security than any "2FA".
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"

User avatar
Rickkins
Fanatic
Fanatic
Posts: 129
Joined: Wed, 14 May 2014, 19:04
Location: Montreal Canada

Re: Please change your password.

Unread postby Rickkins » Fri, 05 Jan 2018, 00:22

Done...............................

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Please change your password.

Unread postby John connor » Fri, 05 Jan 2018, 06:42

Can someone enlighten me as to why the words asinine and crap in my post were asterisked? Are we that fragile? I could have used the F word. LOL :lol:

User avatar
New Tobin Paradigm
Banned user
Banned user
Posts: 4417
Joined: Tue, 09 Oct 2012, 19:37

Re: Please change your password.

Unread postby New Tobin Paradigm » Fri, 05 Jan 2018, 07:26

John connor wrote:Can someone enlighten me as to why the words asinine and crap in my post were asterisked? Are we that fragile? I could have used the F word. LOL :lol:


That is a GOOD FUCKING QUESTION, actually... Shit dude, why would anyone censor crap? It is a socially acceptable word in most circumstances.. Also asinine, adjective, "extremely stupid or foolish", isn't even a curse word PERIOD.. What a pain in the ass eh? Seems someone is abusing the Admin account and that pisses me off slightly.
Last edited by New Tobin Paradigm on Fri, 05 Jan 2018, 07:33, edited 5 times in total.
I hate Pod Six. Tch, I don't even know why we have a Pod Six. Total suck Pod.
[ ニュー・トビン・パラダイム ]

User avatar
Terryphi
Fanatic
Fanatic
Posts: 160
Joined: Wed, 26 Aug 2015, 06:32
Location: Wales, UK

Re: Please change your password.

Unread postby Terryphi » Fri, 05 Jan 2018, 08:11

New Tobin Paradigm,
I'm sure you can guess the identity of Admin. Check the writing style. :wink:
Linux Mint 19.0 64bit MATE. Latest release builds of Pale Moon and Basilisk.

User avatar
New Tobin Paradigm
Banned user
Banned user
Posts: 4417
Joined: Tue, 09 Oct 2012, 19:37

Re: Please change your password.

Unread postby New Tobin Paradigm » Fri, 05 Jan 2018, 08:22

Admin does not always mean Moonchild. It does mean official though..
Last edited by New Tobin Paradigm on Fri, 05 Jan 2018, 08:23, edited 1 time in total.
I hate Pod Six. Tch, I don't even know why we have a Pod Six. Total suck Pod.
[ ニュー・トビン・パラダイム ]

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Please change your password.

Unread postby John connor » Fri, 05 Jan 2018, 09:19

I can see crap... I guess. But the word asinine? Please.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 21426
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Password breach discussion.

Unread postby Moonchild » Fri, 05 Jan 2018, 10:10

John; this was a global announcement and a special case because of high visibility. Having your response to it be immediately spitting venom and flinging crap and being extremely aggressive was uncalled for.
It's now split off, and you can (dis)cuss all you want. I even unfiltered your initial response, so there.
Last edited by Moonchild on Fri, 05 Jan 2018, 10:11, edited 1 time in total.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

User avatar
Admin
Site Admin
Site Admin
Posts: 226
Joined: Thu, 17 May 2012, 19:06

Re: Password breach discussion.

Unread postby Admin » Fri, 05 Jan 2018, 12:03

From now on, we'll make global announcements by default locked to prevent undesired need for editing when responses are not necessarily palatable enough for the entire forum to have on top of every board.

P.S.: John, don't assume anything based on writing style - you are likely going to be wrong.
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Password breach discussion.

Unread postby John connor » Fri, 05 Jan 2018, 14:05

Admin wrote:
P.S.: John, don't assume anything based on writing style - you are likely going to be wrong.



Yeah, BS. The word asinine isn't profanity. Just because I can't stand LastPass and expressed myself well, doesn't mean you need to silence me.
Last edited by John connor on Fri, 05 Jan 2018, 14:05, edited 1 time in total.


Return to “Forum and website”

Who is online

Users browsing this forum: No registered users and 2 guests