search the site
 daily menu » rate the banner | guess the city | one on oneforums map | privacy policy | DMCA | news magazine | posting guidelines

Go Back   SkyscraperCity > Fun Forums > About the forums

About the forums » Testing | Archive



Global Announcement

As a general reminder, please respect others and respect copyrights. Go here to familiarize yourself with our posting policy.


Reply

 
Thread Tools
Old July 10th, 2016, 06:34 PM   #1
DaiTengu
SSC System Administrator
 
DaiTengu's Avatar
 
Join Date: Sep 2006
Location: Appleton
Posts: 2,685
Likes (Received): 682

Please Change Your Password!

Hi,

Yesterday (July 9, 2016) we detected a hack on Skyscrapercity. The attackers were apparently after the SSC user data and made no attempt to cover their tracks.

Due to the way SSC's back-end works, the damage was minimal. It is possible, however, that some of our user data was accessed. This user data includes:
username, e-mail addresses, and encrypted/salted passwords. The user data does include the "salt" for the password as well.

At this point, we strongly suggest everyone changes their password. If you use the same password on multiple websites, you should change your password on those sites as well.

The stronger your password, the less likely it is to be cracked. Someone who has a 42-character password with random letters, numbers and punctuation is quite safe. Someone who has passwords similar to "abc123" should probably be concerned.

Keeping and managing complicated passwords can be difficult. I use a program called Lastpass: https://lastpass.com/ It's easy to use and works across all my devices (Windows, Linux, OS-X, Chrome, Firefox, Safari, Android, Windows Phone, and iOS). This is the program I recommend.

Alternatives can be found here: http://lifehacker.com/5529133/five-b...sword-managers
__________________
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.
- Douglas Adams


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Last edited by DaiTengu; July 18th, 2016 at 06:26 PM. Reason: add date
DaiTengu no está en línea   Reply With Quote

Sponsored Links
Old July 10th, 2016, 06:58 PM   #2
blantyre bazaar
Registered User
 
blantyre bazaar's Avatar
 
Join Date: Dec 2011
Posts: 1,810
Likes (Received): 2056

Thanks
__________________
Luâ fika ku mi más um kusinha. Dexâ-m lambuxa na bo. Limia nha korpu ku káima.

Morata liked this post
blantyre bazaar no está en línea   Reply With Quote
Old July 10th, 2016, 07:02 PM   #3
siamu maharaj
樂豪酒店
 
siamu maharaj's Avatar
 
Join Date: Jun 2006
Posts: 12,055
Likes (Received): 3865

We trust you DaiTengu!
__________________
ho ho to pa ki ho
siamu maharaj no está en línea   Reply With Quote
Old July 10th, 2016, 07:05 PM   #4
Ivan the Immigrant
Registered User
 
Ivan the Immigrant's Avatar
 
Join Date: May 2014
Location: Zadar, Croatia
Posts: 974
Likes (Received): 1412

Jesus Christ, how am I going to remember 42 characters password?...
__________________
I like Disneyland but never have been there.:)

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Ivan the Immigrant no está en línea   Reply With Quote
Old July 10th, 2016, 07:26 PM   #5
fieldsofdreams
PH + SF Supermod
 
fieldsofdreams's Avatar
 
Join Date: Sep 2012
Location: Manila • San Francisco
Posts: 17,694
Likes (Received): 9464

You can always turn on "Remember my Password" on Chrome or IE so that you won't need to type it over and over (especially if you sign in from your own devices). However, it is necessary to remember long passwords when possible to avoid being attacked. In fact, I randomize my passwords every time so that no one can catch me.
__________________
Anthony or FOD the MOD • Urban Studies & Planning, SF State, UC Berkeley, and San Jose State

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
NEW!
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Photo Albums:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
fieldsofdreams no está en línea   Reply With Quote
Old July 10th, 2016, 07:41 PM   #6
rafark
Mirador SSC México
 
rafark's Avatar
 
Join Date: May 2011
Location: no importa el país, somos humanos viviendo en un mismo lugar.
Posts: 3,648
Likes (Received): 4357

:S
__________________
FOUR LEGS GOOD, TWO LEGS BAD

La grandeza de mexico esta en su futuro.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


¡ NO AL FLÚOR !
rafark no está en línea   Reply With Quote
Old July 10th, 2016, 08:06 PM   #7
Sgt. Pepper's
Ex nihilo nihil fit
 
Sgt. Pepper's's Avatar
 
Join Date: Aug 2012
Posts: 6,989
Likes (Received): 7192

TKS Dai
Sgt. Pepper's no está en línea   Reply With Quote
Old July 10th, 2016, 08:15 PM   #8
Antonio227
Registered User
 
Join Date: Mar 2006
Location: Córdoba, Argentina
Posts: 1,797
Likes (Received): 2155

Quote:
Originally Posted by DaiTengu View Post
Hi,

Yesterday we detected a hack on Skyscrapercity. The attackers were apparently after the SSC user data and made no attempt to cover their tracks.

Due to the way SSC's back-end works, the damage was minimal. It is possible, however, that some of our user data was accessed. This user data includes:
username, e-mail addresses, and encrypted/salted passwords. The user data does include the "salt" for the password as well.

At this point, we strongly suggest everyone changes their password. If you use the same password on multiple websites, you should change your password on those sites as well.

The stronger your password, the less likely it is to be cracked. Someone who has a 42-character password with random letters, numbers and punctuation is quite safe. Someone who has passwords similar to "abc123" should probably be concerned.

Keeping and managing complicated passwords can be difficult. I use a program called Lastpass: https://lastpass.com/ It's easy to use and works across all my devices (Windows, Linux, OS-X, Chrome, Firefox, Safari, Android, Windows Phone, and iOS). This is the program I recommend.

Alternatives can be found here: http://lifehacker.com/5529133/five-b...sword-managers
Done! And thanks.

I am curious...Could you determine some characteristics of the attack? Geographical position, local hour?
__________________

Sparks Bogota liked this post
Antonio227 no está en línea   Reply With Quote
Old July 10th, 2016, 08:46 PM   #9
Cedar Teeth
Caçador de pessimildos
 
Cedar Teeth's Avatar
 
Join Date: Nov 2008
Posts: 2,264
Likes (Received): 575

I wouldn't be surprised if this attack was carried out by fascists.
__________________
É melhor não acertar em cheio, tentando fazer o bem, do que errar feio fazendo o mal.
Cedar Teeth no está en línea   Reply With Quote
Old July 10th, 2016, 09:21 PM   #10
DaiTengu
SSC System Administrator
 
DaiTengu's Avatar
 
Join Date: Sep 2006
Location: Appleton
Posts: 2,685
Likes (Received): 682

Quote:
Originally Posted by Antonio227 View Post
Done! And thanks.

I am curious...Could you determine some characteristics of the attack? Geographical position, local hour?
They used Tor to hide their IP, which is not surprising.

It happened around 9am Saturday, Pacific Daylight time. (17:00 UTC)
__________________
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.
- Douglas Adams


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Zaz965, Antonio227 liked this post
DaiTengu no está en línea   Reply With Quote
Old July 10th, 2016, 09:29 PM   #11
Markhoz
Bori and jamaican style
 
Markhoz's Avatar
 
Join Date: Jan 2009
Location: Ourense Cidade
Posts: 2,583
Likes (Received): 1120

Thank´s for the warning!
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Ourense Cidade Termal/Auria Civitas Thermae

Markhoz no está en línea   Reply With Quote
Old July 10th, 2016, 11:02 PM   #12
Ivan the Immigrant
Registered User
 
Ivan the Immigrant's Avatar
 
Join Date: May 2014
Location: Zadar, Croatia
Posts: 974
Likes (Received): 1412

This is what I think: it's probably CIA, North Korea or FSB(KGB) or Islamic State...


..or maybe just my ex-girlfriend...
__________________
I like Disneyland but never have been there.:)

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Zaz965, Autobahn-mann, codivine liked this post
Ivan the Immigrant no está en línea   Reply With Quote
Old July 10th, 2016, 11:07 PM   #13
Ivan the Immigrant
Registered User
 
Ivan the Immigrant's Avatar
 
Join Date: May 2014
Location: Zadar, Croatia
Posts: 974
Likes (Received): 1412

Can you gives us some clues, are there particular users that were attacked?
__________________
I like Disneyland but never have been there.:)

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Ivan the Immigrant no está en línea   Reply With Quote
Old July 10th, 2016, 11:36 PM   #14
Ondro
Augusmir Cautin
 
Ondro's Avatar
 
Join Date: Jul 2009
Location: Bratislava/Praha
Posts: 1,693
Likes (Received): 561

Don't you use a hash(and salt) to store them? Do you store the passwords in a plaintext? That would be rather irresponsible...
__________________
We'll bang, OK?
Messing with Cautin is a cos(x) + i*sin(x).

Last edited by Ondro; July 11th, 2016 at 12:01 AM.
Ondro no está en línea   Reply With Quote
Old July 11th, 2016, 12:04 AM   #15
Romb
Registered User
 
Join Date: Jan 2016
Posts: 171
Likes (Received): 177

Recently When i was using You Tube i couldnt open my account.There was an alert message from Google or You Tube that somebody tried to hack my account.
Romb no está en línea   Reply With Quote
Old July 11th, 2016, 12:18 AM   #16
Birdmanek1985
Registered User
 
Join Date: Sep 2012
Location: Żary (lubuskie) FZA
Posts: 936
Likes (Received): 1861

Recently... Please more precisely. When You had a problem with Youtube? Attack was early saturday. Did you have the same password as on SCC? Maybe it's a coincidence burglary.
Birdmanek1985 está en línea ahora   Reply With Quote
Old July 11th, 2016, 01:04 AM   #17
DaiTengu
SSC System Administrator
 
DaiTengu's Avatar
 
Join Date: Sep 2006
Location: Appleton
Posts: 2,685
Likes (Received): 682

Quote:
Originally Posted by Ondro View Post
Don't you use a hash(and salt) to store them? Do you store the passwords in a plaintext? That would be rather irresponsible...
As posted in the announcement, the passwords are hashed and salted.
__________________
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.
- Douglas Adams


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Zaz965 liked this post
DaiTengu no está en línea   Reply With Quote
Old July 11th, 2016, 01:48 AM   #18
jjdns
Registered User
 
Join Date: Dec 2015
Posts: 925
Likes (Received): 469

Why would someone or somegroup hack this forum?

Could be some pissed off guy who ran to an argument with another user here.
jjdns no está en línea   Reply With Quote
Old July 11th, 2016, 03:06 AM   #19
joshsam
JR
 
joshsam's Avatar
 
Join Date: Jul 2009
Location: Sint-Truiden
Posts: 6,622
Likes (Received): 4210

It's probably a troll wich has bombarded the site with virusses before.
__________________
Ceci n'est pas un pays, een bananenrepubliek ja!
joshsam no está en línea   Reply With Quote
Old July 11th, 2016, 03:44 AM   #20
Feleru*
Capitalino
 
Feleru*'s Avatar
 
Join Date: Apr 2009
Location: Bogotá D.C
Posts: 18,425
Likes (Received): 18685

Probably ISIS trying to reclute new members. Lots of users here have the accurate profile. Xd
__________________

"Cuanto más conozco a los humanos, más quiero a mi perro."

Diógenes de Sínope

Feleru* no está en línea   Reply With Quote


Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Related topics on SkyscraperCity


All times are GMT +2. The time now is 06:55 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Feedback Buttons provided by Advanced Post Thanks / Like (Pro) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.

SkyscraperCity ☆ In Urbanity We trust ☆ about us | privacy policy | DMCA policy

Hosted by Blacksun, dedicated to this site too!
Forum server management by DaiTengu