Advertisement:

Author Topic: IMPORTANT: Community security breach  (Read 2021730 times)

Offline Oldcrow

  • Jr. Member
  • **
  • Posts: 268
  • Gender: Male
  • "One foot in the grave!"
    • Seniors Worldwide
Re: IMPORTANT: Community security breach
« Reply #20 on: July 23, 2013, 01:34:47 PM »
Thanks for the report.. Good to know your ahead of it..

I also changed my password..

Ron..

Offline Herman's Mixen

  • SMF Hero
  • ******
  • Posts: 7,228
    • Herman's Mixen
Re: IMPORTANT: Community security breach
« Reply #21 on: July 23, 2013, 01:35:04 PM »
Thanks for the information, changed mine also thanks Antes for the message he just sended me ;)
Met vriendelijke groet, The Burglar!

 House Mixes | Mixcloud | Any Intelligent fool can make things bigger, more complex, and more violent.
It takes a touch of genius - and a lot of courage - to move in the opposite direction. - Albert Einstein

Former Godfather of our dutch community ;)

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 16,990
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: IMPORTANT: Community security breach
« Reply #22 on: July 23, 2013, 01:35:49 PM »
Thanks for the information, changed mine also thanks Antes for the message he just sended me ;)

That raises my curiosity, did you not get our email?
We did send out a notification, so please let me know if you received it. It's very important people receive it.

Thank you :)
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline Herman's Mixen

  • SMF Hero
  • ******
  • Posts: 7,228
    • Herman's Mixen
Re: IMPORTANT: Community security breach
« Reply #23 on: July 23, 2013, 01:38:56 PM »
I dont read that email much as its an old account wich i dont see much....
i like to change the email someday to my own one... as Antes did mentioned it... i logged into the email account then yes i got the announcement...

Met vriendelijke groet, The Burglar!

 House Mixes | Mixcloud | Any Intelligent fool can make things bigger, more complex, and more violent.
It takes a touch of genius - and a lot of courage - to move in the opposite direction. - Albert Einstein

Former Godfather of our dutch community ;)

Offline vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 19,361
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: IMPORTANT: Community security breach
« Reply #24 on: July 23, 2013, 01:41:49 PM »
Haven't see any notifications yet but probably has a lot of email to send out for the community
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Crip

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 3,139
  • Gender: Male
  • C-4 QUAD
    • Cripzone
Re: IMPORTANT: Community security breach
« Reply #25 on: July 23, 2013, 01:44:33 PM »
good to know.
I have become comfortably numb!


I remember my mother's prayers and they have always followed me.
   - Abraham Lincoln -


TOTM Winner. | Demo Site1on1 Theme Support

Offline Tomy Tran

  • Senior Translator
  • Jr. Member
  • *
  • Posts: 314
  • Gender: Male
  • Vietnamese Translator
    • the.tomytran on Facebook
    • tomytran on LinkedIn
    • @_tomytran on Twitter
    • Call to +84 9 0602 6930 or visit www.tomytran.com
Re: IMPORTANT: Community security breach
« Reply #26 on: July 23, 2013, 01:53:23 PM »
I have changed my pass, but we lost another: our address. They now have a huge of email addresses to sell to spamers.

By the way, pay attention on your Secret Question/Answer <== it has lost and this way may be hacked some other accounts.

Offline Bas

  • Jr. Member
  • **
  • Posts: 371
  • Gender: Male
  • Ex MSI forum Admin.
    • HardwareGurus.net
Re: IMPORTANT: Community security breach
« Reply #27 on: July 23, 2013, 01:57:37 PM »
How can they guess a password? That can only be done if it was too simple in the first place.
I would fire that admin ;D

Greetings Bas.

Offline Antes

  • Evil Black Cat
  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,649
  • Gender: Male
  • Black cat rulz!
    • Antes on GitHub
    • merta on LinkedIn
    • @antesistan on Twitter
    • Lunarfall
Re: IMPORTANT: Community security breach
« Reply #28 on: July 23, 2013, 01:58:57 PM »
How can they guess a password? That can only be done if it was too simple in the first place.
I would fire that admin ;D

Yes, they are encrypted. Unfortunately it's possible to brute force with about 6.7 million 3 billion, or more, attempts *per second*.
A very interesting article about that, if you care, is located here:
http://www.zdnet.com/blog/hardware/cheap-gpus-are-rendering-strong-passwords-useless/13125
Active Project(s): [ SimpleDesk ] # [ Lunarfall ] # [ CoreStore ]

Past Project(s): [ ezPortal ]

Offline phantomm

  • Sophist Member
  • *****
  • Posts: 1,063
  • Gender: Male
    • pages/smfpl/171860759503032 on Facebook
    • Polish ElkArte community
Re: IMPORTANT: Community security breach
« Reply #29 on: July 23, 2013, 02:00:32 PM »
Password changed everywhere :)

That raises my curiosity, did you not get our email?
We did send out a notification, so please let me know if you received it. It's very important people receive it.
I didn't get any email about this incident.
Polskie wsparcie SMF na simplemachines.org

My mods

Offline Tony Reid

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 4,149
  • Gender: Male
    • @AbsoluteBreeze on Twitter
    • www.fertilityfriends.co.uk
Re: IMPORTANT: Community security breach
« Reply #30 on: July 23, 2013, 02:07:51 PM »
I just want to say thank you to all of you who are working on this for your swift action and dedication to sealing the breach and limiting the damage.  Unfortunately mistakes happen.  It's the slime who prey on such mistakes that are to blame.

I agree.

My main concern other than users sharing usernames and passwords via PM is that the helpdesk may contain usernames and passwords - Was the helpdesk database compromised? I realise the announcement has gone out - but if the helpdesk has been compromised do we need to take further steps and reiterate to people who have used the helpdesk?

Thanks for the fast action on this.
Tony Reid


My Big Board
www.FertilityFriends.co.uk/forum - An SMF powered forum with over 5 million posts

Offline Owdy

  • SMF Fossil
  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 15,590
  • Gender: Male
  • W00t!
    • janoloferiksson on LinkedIn
    • @@jaoler on Twitter
Re: IMPORTANT: Community security breach
« Reply #31 on: July 23, 2013, 02:11:04 PM »
My main concern other than users sharing usernames and passwords via PM
This!
Former Lead Support Specialist

Tarvitsetko apua SMF foorumisi kanssa? Otan työtehtäviä vastaan, lue:http://www.simplemachines.org/community/index.php?topic=375918.0

Offline Tony Reid

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 4,149
  • Gender: Male
    • @AbsoluteBreeze on Twitter
    • www.fertilityfriends.co.uk
Re: IMPORTANT: Community security breach
« Reply #32 on: July 23, 2013, 02:13:41 PM »
Oh - and we need to force users to change their passwords on this site asap.

Its standard practice with breaches like this.



Tony Reid


My Big Board
www.FertilityFriends.co.uk/forum - An SMF powered forum with over 5 million posts

Offline BryanD

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 22,023
  • Gender: Male
    • BryanRunicDeakin on Facebook
    • @bryandeakin on Twitter
    • Bryan Deakin dot Com
Re: IMPORTANT: Community security breach
« Reply #33 on: July 23, 2013, 02:15:23 PM »
We are still investigating but are assuming the worst, so at this we are running under premis that use it has been we will be working with charter members to change there passwords if they do not know how, I have also spoken to a couple of or hosts on here asking them to remind there users that use smf to update there passwords for there sites.

Online Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 55,122
  • Gender: Male
    • Kindred-999 on GitHub
Re: IMPORTANT: Community security breach
« Reply #34 on: July 23, 2013, 02:16:37 PM »
Yes, we are aware of the potential information which is avaiable in PMs and from the helpdesk records.

We are still attempting for figure out exactly WHAT information was garnered, but we did not want to delay the notification of the main issue while we narrowed down details on potentials.

I believe that we are also working to inform charter members separately.

Luckily, I do not believe that there are any currently open tickets with connection details.

Finally, just a general security note: Any time you share connection details, even with the trustworthy staff here - it is always good to change the password(s) after your issue is resolved.

Tony,
I am not aware of any feature in SMF which forces users to change their password.

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Oldcrow

  • Jr. Member
  • **
  • Posts: 268
  • Gender: Male
  • "One foot in the grave!"
    • Seniors Worldwide
Re: IMPORTANT: Community security breach
« Reply #35 on: July 23, 2013, 02:18:22 PM »
I dont read that email much as its an old account wich i dont see much....
i like to change the email someday to my own one... as Antes did mentioned it... i logged into the email account then yes i got the announcement...

Did not get an email, I seen it on my Facebook

Offline BryanD

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 22,023
  • Gender: Male
    • BryanRunicDeakin on Facebook
    • @bryandeakin on Twitter
    • Bryan Deakin dot Com
Re: IMPORTANT: Community security breach
« Reply #36 on: July 23, 2013, 02:22:38 PM »
OldCrow may take a few hours with the size of member list :P

Offline Oldcrow

  • Jr. Member
  • **
  • Posts: 268
  • Gender: Male
  • "One foot in the grave!"
    • Seniors Worldwide
Re: IMPORTANT: Community security breach
« Reply #37 on: July 23, 2013, 02:24:45 PM »
OldCrow may take a few hours with the size of member list :P

No problem Bryan, I'm not worried about this, I know you and the others have it under control. What happens, happens..

Offline Colin

  • Lead Developer
  • SMF Hero
  • *
  • Posts: 7,767
  • Gender: Male
  • SMF Developer
    • colinschoen on GitHub
Re: IMPORTANT: Community security breach
« Reply #38 on: July 23, 2013, 02:26:13 PM »
Thanks for your understanding. I can say with confidence that everything possible to minimize the damage and prevent this from happening again is happening.
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

Offline Tony Reid

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 4,149
  • Gender: Male
    • @AbsoluteBreeze on Twitter
    • www.fertilityfriends.co.uk
Re: IMPORTANT: Community security breach
« Reply #39 on: July 23, 2013, 02:26:33 PM »
Kindred - there was once a method used with a flag on a table that forced users to update when logging in. It was used if their password was stored in MD5, and that updated it to salted SHA1.

I guess the alternative is to do something forced with a password reset - or custom code something.

Tony Reid


My Big Board
www.FertilityFriends.co.uk/forum - An SMF powered forum with over 5 million posts