News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

IMPORTANT: Community security breach

Started by LiroyvH, July 23, 2013, 12:45:08 PM

Previous topic - Next topic

Ronald_1938

What happened, happened, it was an error on passwords.. Why can't people accept the error and carry on..

How many times have your personal passwords been just not quite right, whether not long enough or not a variety of figures..It happens to all of us at one time or another...

We have 12 pages of the same thing, why complain, take this as a lesson from this error and make your passwords better..

Move on....let  the folks get back to doing what they best, by making smf better for us!

Ron..

dafydd

The change of password does not seem to show up on this forum for me. Can someone point me in the right direction?

Owdy

Former Lead Support Specialist

Tarvitsetko apua SMF foorumisi kanssa? Otan työtehtäviä vastaan, lue:http://www.simplemachines.org/community/index.php?topic=375918.0

Kindred

Quote from: Safeway on July 25, 2013, 01:10:29 PM
Quote from: Kindred on July 25, 2013, 12:40:49 PM
Random password reset emails from simplemachines.org?

No, from Apple at the email associated with my SMF account. Three so far.

Once again, this particular hacker seems to be targeting places where he can progressively get more data on other ADMIN roles. He does not seem interested in defacement (actually defacement defeats his purpose - to go unnoticed as long as possible, so people don't change their passwords).
So, unless you are an admin in the Apple account, it is unlikely to be related.

Three attempts at a reset is not so many...   it is more likely that someone with a similar appleID forgot theirs and accidentally tried to login using yours.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

BigBen

Changed my password.. I think I have an account on Ubuntu forums, but they took their forums down because of this recent event.

LiroyvH

Quote from: BigBen on July 25, 2013, 02:54:34 PM
Changed my password.. I think I have an account on Ubuntu forums, but they took their forums down because of this recent event.


They did, and Canonical is now going to manage it themselves instead of a third party doing it.
Not sure what their plans are, but they were shocked as well it got hacked.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

NickTNZ

A quick "Me too" I have seen six attempts to re-set my apple ID since the passwords were hacked. Fortunately it is a different password from SMF.

Nick-T

floridaflatlander

Quote from: Medalta on July 25, 2013, 10:47:23 AM
Sorry but "stuff doesn't just happen". This was a failure on the part of the admins here. By not following a basic tenant of board management you have conceivably compromised everyone that has supported and used this system. When you give someone admin rights you take the time to insure they follow proper protocol, if they are that dense they don't understand the consequences of their laziness they shouldn't be granted anything but basic rights.

I really don't appreciate you telling me of the need to, and reasons for, changing my passwords. I figured that out by the time I had read the subject line of your email.

Getting hacked is a part of doing business we all have to deal with, but getting hacked because of someone laziness and stupidity is unacceptable.

I am done with SMF (S****d M****r F*****'s)

I am deleting my account once this is posted. Have the decency to ensure all my related data is removed from your system.

Jesus people, what can you say ... besides goodbye. As one of my old English teachers used to say about 35 years ago "Don't let the doe knob hit you in the back."

londonblue

I din't even know I was a member of this forum!

"How many times have your personal passwords been just not quite right, whether not long enough or not a variety of figures..It happens to all of us at one time or another..."

Actually, never. This is a security breach not an inability to set passwords correctly. I just hope they really were encrypted properly as that narrows down the risks.

"why complain, take this as a lesson from this error and make your passwords better.."

Why complain? Because SMF f**ked up. I could have a 63-character random string password, or a common word, but that's immaterial to the breach itself.

"Now, tell me that you've never made a mistake and I'll call you a damned liar."

Why should I? Of course people make mistakes but this was negligent. This isn't spilling a bit of milk on the kitchen floor.

I'm glad you're all so comfortable continuing to use a system coded by people this lax. You really think there isn't vulnerability in SMF now?

Oh, and what's a "doe knob"?

NanoSector

Quote from: londonblue on July 25, 2013, 04:06:50 PM
I din't even know I was a member of this forum!

"How many times have your personal passwords been just not quite right, whether not long enough or not a variety of figures..It happens to all of us at one time or another..."

Actually, never. This is a security breach not an inability to set passwords correctly. I just hope they really were encrypted properly as that narrows down the risks.

"why complain, take this as a lesson from this error and make your passwords better.."

Why complain? Because SMF f**ked up. I could have a 63-character random string password, or a common word, but that's immaterial to the breach itself.

"Now, tell me that you've never made a mistake and I'll call you a damned liar."

Why should I? Of course people make mistakes but this was negligent. This isn't spilling a bit of milk on the kitchen floor.

I'm glad you're all so comfortable continuing to use a system coded by people this lax. You really think there isn't vulnerability in SMF now?

Oh, and what's a "doe knob"?

Have you bothered reading the first post?

This is ***NOT*** a vulnerability in SMF. Don't ask why, it's described in the first post.

(if putting up an attitude is the only way to get it through, so be it...)
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

BillF

Are you talking about my SMF Forum password, or something else associated with my SMF board?

NanoSector

Quote from: BillF on July 25, 2013, 04:16:33 PM
Are you talking about my SMF Forum password, or something else associated with my SMF board?
Please read the first post.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

[yub] Lazo

Quote from: londonblue on July 25, 2013, 04:06:50 PM
You really think there isn't vulnerability in SMF now?


Who has ever said that? If you had read some pages in this topic to know what was going on. And, it was said(already 30 times) earlier, this was not a security breach in the SMF system. It was an accident.


Quote from: BillF on July 25, 2013, 04:16:33 PM
Are you talking about my SMF Forum password, or something else associated with my SMF board?

Yes, your SMF Forum password and private messages you've sent/received in the past.

Dynamic forum signatures v1.2

NanoSector

Quote from: [yub] Lazo on July 25, 2013, 04:18:20 PM
Yes, your SMF Forum password and private messages you've sent/received in the past.
Note that the password is encrypted and would take a long while to figure out depending on its strength, and only passwords from here and other forums attacked were taken (so not your forum). Also only PMs sent and received on this forum are compromised.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

combatking0

I'll have to try encrypting my databases with Zero Encrypter - since I'm the only one who knows how it works, the spammers / hackers would need to either interrogate me or examine my modified SMF sources.

LiroyvH

Quote from: [yub] Lazo on July 25, 2013, 04:18:20 PM
Quote from: BillF on July 25, 2013, 04:16:33 PM
Are you talking about my SMF Forum password, or something else associated with my SMF board?

Yes, your SMF Forum password and private messages you've sent/received in the past.

No.
The password you use *here* on simplemachines.org is vulnerable.
The one of your own forum is safe.

Unless...  you used the password to your account here for the admin account on your own forum as well. Then you have a potential problem indeed, so change your password here and change your password on your own forum. Then you'll be safe. :)
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

[yub] Lazo

I just realized that I have read the post wrong, my fold. :-X

Dynamic forum signatures v1.2

Spacedust

So have they got my user name, password and e-mail address?


BTW I never got the warning e-mail. 

ARG01

Quote from: londonblue on July 25, 2013, 04:06:50 PM
I din't even know I was a member of this forum!

"How many times have your personal passwords been just not quite right, whether not long enough or not a variety of figures..It happens to all of us at one time or another..."

Actually, never. This is a security breach not an inability to set passwords correctly. I just hope they really were encrypted properly as that narrows down the risks.

"why complain, take this as a lesson from this error and make your passwords better.."

Why complain? Because SMF f**ked up. I could have a 63-character random string password, or a common word, but that's immaterial to the breach itself.

"Now, tell me that you've never made a mistake and I'll call you a damned liar."

Why should I? Of course people make mistakes but this was negligent. This isn't spilling a bit of milk on the kitchen floor.

I'm glad you're all so comfortable continuing to use a system coded by people this lax. You really think there isn't vulnerability in SMF now?

Oh, and what's a "doe knob"?


Okay God, since you're so intelligent tell us the proper way of doing things.  Apparently you know more than the rest of us.

Oh wait! You cant be that intelligent because remember,  you din't even know that  you was a member of this forum :o
No, I will not offer free downloads to Premium DzinerStuido themes. Please stop asking.


Advertisement: