daily menu » rate the banner | guess the city | one on oneforums map | privacy policy (aug.2, 2013) | DMCA policy | flipboard magazine

Go Back   SkyscraperCity > Fun Forums > About the forums

About the forums » Testing | Archive

Reply
 
Thread Tools
Old July 10th, 2016, 06:34 PM   #1
DaiTengu
SSC System Administrator
 
DaiTengu's Avatar
 
Join Date: Sep 2006
Location: Appleton
Posts: 2,687
Likes (Received): 682

Please Change Your Password!

Hi,

Yesterday (July 9, 2016) we detected a hack on Skyscrapercity. The attackers were apparently after the SSC user data and made no attempt to cover their tracks.

Due to the way SSC's back-end works, the damage was minimal. It is possible, however, that some of our user data was accessed. This user data includes:
username, e-mail addresses, and encrypted/salted passwords. The user data does include the "salt" for the password as well.

At this point, we strongly suggest everyone changes their password. If you use the same password on multiple websites, you should change your password on those sites as well.

The stronger your password, the less likely it is to be cracked. Someone who has a 42-character password with random letters, numbers and punctuation is quite safe. Someone who has passwords similar to "abc123" should probably be concerned.

Keeping and managing complicated passwords can be difficult. I use a program called Lastpass: https://lastpass.com/ It's easy to use and works across all my devices (Windows, Linux, OS-X, Chrome, Firefox, Safari, Android, Windows Phone, and iOS). This is the program I recommend.

Alternatives can be found here: http://lifehacker.com/5529133/five-b...sword-managers
__________________
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.
- Douglas Adams


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Last edited by DaiTengu; July 18th, 2016 at 06:26 PM. Reason: add date
DaiTengu no está en línea   Reply With Quote
Old July 10th, 2016, 06:58 PM   #2
blantyre bazaar
Registered User
 
blantyre bazaar's Avatar
 
Join Date: Dec 2011
Posts: 1,840
Likes (Received): 2323

Thanks
__________________
Luâ fika ku mi más um kusinha. Dexâ-m lambuxa na bo. Limia nha korpu ku káima.

Morata liked this post
blantyre bazaar no está en línea   Reply With Quote
Old July 10th, 2016, 07:02 PM   #3
siamu maharaj
樂豪酒店
 
siamu maharaj's Avatar
 
Join Date: Jun 2006
Posts: 12,065
Likes (Received): 3922

We trust you DaiTengu!
__________________
ho ho to pa ki ho
siamu maharaj no está en línea   Reply With Quote
Old July 10th, 2016, 07:05 PM   #4
Ivan the Immigrant
Registered User
 
Ivan the Immigrant's Avatar
 
Join Date: May 2014
Location: Zadar, Croatia
Posts: 986
Likes (Received): 1477

Jesus Christ, how am I going to remember 42 characters password?...
__________________
I like Disneyland but never have been there.:)

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Ivan the Immigrant no está en línea   Reply With Quote
Old July 10th, 2016, 07:26 PM   #5
fieldsofdreams
PH + SF Supermod
 
fieldsofdreams's Avatar
 
Join Date: Sep 2012
Location: Manila • San Francisco
Posts: 17,749
Likes (Received): 9654

You can always turn on "Remember my Password" on Chrome or IE so that you won't need to type it over and over (especially if you sign in from your own devices). However, it is necessary to remember long passwords when possible to avoid being attacked. In fact, I randomize my passwords every time so that no one can catch me.
__________________
Anthony or FOD the MOD • Urban Studies & Planning, SF State, UC Berkeley, and San Jose State

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
NEW!
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Photo Albums:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
fieldsofdreams está en línea ahora   Reply With Quote
Old July 10th, 2016, 07:41 PM   #6
rafark
Mirador SSC México
 
rafark's Avatar
 
Join Date: May 2011
Location: no importa el país, somos humanos viviendo en un mismo lugar.
Posts: 3,650
Likes (Received): 4360

:S
__________________
FOUR LEGS GOOD, TWO LEGS BAD

La grandeza de mexico esta en su futuro.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


¡ NO AL FLÚOR !
rafark no está en línea   Reply With Quote
Old July 10th, 2016, 08:06 PM   #7
Sgt. Pepper's
Ex nihilo nihil fit
 
Sgt. Pepper's's Avatar
 
Join Date: Aug 2012
Posts: 7,007
Likes (Received): 7230

TKS Dai
Sgt. Pepper's no está en línea   Reply With Quote
Old July 10th, 2016, 08:15 PM   #8
Antonio227
Registered User
 
Join Date: Mar 2006
Location: Córdoba, Argentina
Posts: 1,800
Likes (Received): 2184

Quote:
Originally Posted by DaiTengu View Post
Hi,

Yesterday we detected a hack on Skyscrapercity. The attackers were apparently after the SSC user data and made no attempt to cover their tracks.

Due to the way SSC's back-end works, the damage was minimal. It is possible, however, that some of our user data was accessed. This user data includes:
username, e-mail addresses, and encrypted/salted passwords. The user data does include the "salt" for the password as well.

At this point, we strongly suggest everyone changes their password. If you use the same password on multiple websites, you should change your password on those sites as well.

The stronger your password, the less likely it is to be cracked. Someone who has a 42-character password with random letters, numbers and punctuation is quite safe. Someone who has passwords similar to "abc123" should probably be concerned.

Keeping and managing complicated passwords can be difficult. I use a program called Lastpass: https://lastpass.com/ It's easy to use and works across all my devices (Windows, Linux, OS-X, Chrome, Firefox, Safari, Android, Windows Phone, and iOS). This is the program I recommend.

Alternatives can be found here: http://lifehacker.com/5529133/five-b...sword-managers
Done! And thanks.

I am curious...Could you determine some characteristics of the attack? Geographical position, local hour?
__________________

Sparks Bogota liked this post
Antonio227 no está en línea   Reply With Quote
Old July 10th, 2016, 08:46 PM   #9
Cedar Teeth
Caçador de pessimildos
 
Cedar Teeth's Avatar
 
Join Date: Nov 2008
Posts: 2,276
Likes (Received): 575

I wouldn't be surprised if this attack was carried out by fascists.
__________________
É melhor não acertar em cheio, tentando fazer o bem, do que errar feio fazendo o mal.
Cedar Teeth no está en línea   Reply With Quote
Old July 10th, 2016, 09:21 PM   #10
DaiTengu
SSC System Administrator
 
DaiTengu's Avatar
 
Join Date: Sep 2006
Location: Appleton
Posts: 2,687
Likes (Received): 682

Quote:
Originally Posted by Antonio227 View Post
Done! And thanks.

I am curious...Could you determine some characteristics of the attack? Geographical position, local hour?
They used Tor to hide their IP, which is not surprising.

It happened around 9am Saturday, Pacific Daylight time. (17:00 UTC)
__________________
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.
- Douglas Adams


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Zaz965, Antonio227 liked this post
DaiTengu no está en línea   Reply With Quote
Old July 10th, 2016, 09:29 PM   #11
Markhoz
Bori and jamaican style
 
Markhoz's Avatar
 
Join Date: Jan 2009
Location: Ourense Cidade
Posts: 2,587
Likes (Received): 1120

Thank´s for the warning!
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Ourense Cidade Termal/Auria Civitas Thermae

Markhoz no está en línea   Reply With Quote
Old July 10th, 2016, 11:02 PM   #12
Ivan the Immigrant
Registered User
 
Ivan the Immigrant's Avatar
 
Join Date: May 2014
Location: Zadar, Croatia
Posts: 986
Likes (Received): 1477

This is what I think: it's probably CIA, North Korea or FSB(KGB) or Islamic State...


..or maybe just my ex-girlfriend...
__________________
I like Disneyland but never have been there.:)

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Zaz965, Autobahn-mann, codivine liked this post
Ivan the Immigrant no está en línea   Reply With Quote
Old July 10th, 2016, 11:07 PM   #13
Ivan the Immigrant
Registered User
 
Ivan the Immigrant's Avatar
 
Join Date: May 2014
Location: Zadar, Croatia
Posts: 986
Likes (Received): 1477

Can you gives us some clues, are there particular users that were attacked?
__________________
I like Disneyland but never have been there.:)

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Ivan the Immigrant no está en línea   Reply With Quote
Old July 10th, 2016, 11:36 PM   #14
Ondro
Augusmir Cautin
 
Ondro's Avatar
 
Join Date: Jul 2009
Location: Bratislava/Praha
Posts: 1,709
Likes (Received): 584

Don't you use a hash(and salt) to store them? Do you store the passwords in a plaintext? That would be rather irresponsible...
__________________
We'll bang, OK?
Messing with Cautin is a cos(x) + i*sin(x).

Last edited by Ondro; July 11th, 2016 at 12:01 AM.
Ondro no está en línea   Reply With Quote
Old July 11th, 2016, 12:04 AM   #15
Romb
Registered User
 
Join Date: Jan 2016
Posts: 201
Likes (Received): 188

Recently When i was using You Tube i couldnt open my account.There was an alert message from Google or You Tube that somebody tried to hack my account.
Romb no está en línea   Reply With Quote
Old July 11th, 2016, 12:18 AM   #16
Birdmanek1985
Registered User
 
Join Date: Sep 2012
Location: Żary (lubuskie) FZA
Posts: 941
Likes (Received): 1899

Recently... Please more precisely. When You had a problem with Youtube? Attack was early saturday. Did you have the same password as on SCC? Maybe it's a coincidence burglary.
Birdmanek1985 no está en línea   Reply With Quote
Old July 11th, 2016, 01:04 AM   #17
DaiTengu
SSC System Administrator
 
DaiTengu's Avatar
 
Join Date: Sep 2006
Location: Appleton
Posts: 2,687
Likes (Received): 682

Quote:
Originally Posted by Ondro View Post
Don't you use a hash(and salt) to store them? Do you store the passwords in a plaintext? That would be rather irresponsible...
As posted in the announcement, the passwords are hashed and salted.
__________________
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.
- Douglas Adams


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Zaz965 liked this post
DaiTengu no está en línea   Reply With Quote
Old July 11th, 2016, 01:48 AM   #18
jjdns
Registered User
 
Join Date: Dec 2015
Posts: 1,093
Likes (Received): 550

Why would someone or somegroup hack this forum?

Could be some pissed off guy who ran to an argument with another user here.
jjdns no está en línea   Reply With Quote
Old July 11th, 2016, 03:06 AM   #19
joshsam
JR
 
joshsam's Avatar
 
Join Date: Jul 2009
Location: Sint-Truiden
Posts: 6,697
Likes (Received): 4330

It's probably a troll wich has bombarded the site with virusses before.
__________________
Ceci n'est pas un pays, een bananenrepubliek ja!
joshsam no está en línea   Reply With Quote
Old July 11th, 2016, 03:44 AM   #20
Feleru*
Capitalino
 
Feleru*'s Avatar
 
Join Date: Apr 2009
Location: Bogotá D.C
Posts: 18,546
Likes (Received): 19303

Probably ISIS trying to reclute new members. Lots of users here have the accurate profile. Xd
__________________

"Cuanto más conozco a los humanos, más quiero a mi perro."

Diógenes de Sínope

Feleru* no está en línea   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT +2. The time now is 04:12 AM. • styleid: 14


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Feedback Buttons provided by Advanced Post Thanks / Like (Pro) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.

SkyscraperCity ☆ In Urbanity We trust ☆ about us | privacy policy | DMCA policy

Hosted by Blacksun, dedicated to this site too!
Forum server management by DaiTengu