News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

IMPORTANT: Community security breach

Started by LiroyvH, July 23, 2013, 12:45:08 PM

Previous topic - Next topic

青山 素子

For all those that want to complain about "lax security" and such, it has made the news that Stanford University's network was hacked. The university is urging everyone with an account on their network to do a password reset.

Current speculation is that the hacker behind the intrusion also hacked Harvard and MIT back in May and possibly Rutgers, NASA, Mazda, Suzuki, Isuzu, Bose's Chinese branch, and Mopar even earlier.

So, please stop before criticizing the people here as if this is some special Simple Machines-only issue. It's Internet-wide.

The big takeaway from the announcement here is that the compromise was the result of password reuse, not a flaw in the software. As such, it's further reinforcement that you shouldn't be reusing passwords, at least between important and non-important sites.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


The Hobo

Quote from: TimL on July 24, 2013, 02:27:39 PM
Wow. How many professions have a 100% success rate?

I HOPE the UNDERTAKER is 100%..... sure dont want to be buried alive.

the warning email has only just arrived here so i guess the mailer is still working overtime to get through the amount of members

georaldc

I wonder if this hack is related to any of the other website hacks that's happened these past few days (Apple Dev site, Yii Framework site)

Deaks

these hacks have been done in a similar way and have taken the same info aka memberlists.  With the available info and how hacks have been done we believe it is same people.
~~~~
Former SMF Project Manager
Former SMF Customizer

"For as lang as hunner o us is in life, in nae wey
will we thole the Soothron tae owergang us. In truth it isna for glory, or wealth, or
honours that we fecht, but for freedom alane, that nae honest cheil gies up but wi life
itsel."

ARG01

Going thru my emails I just discovered that I received my notice on this issue on Tuesday at 1:01pm. Just 16 minutes after this topic was created.  ;)
No, I will not offer free downloads to Premium DzinerStuido themes. Please stop asking.

青山 素子

Quote from: The Hobo on July 25, 2013, 06:56:29 PM
I HOPE the UNDERTAKER is 100%..... sure dont want to be buried alive.

Even that isn't 100%. There are verified reports from the 18th and 19th centuries of people being buried alive. Heck, there was even the whole category of safety coffin to help signal if someone was actually alive. Luckily, modern medical science has nearly eliminated that risk in developed countries.


Quote from: georaldc on July 25, 2013, 07:59:34 PM
I wonder if this hack is related to any of the other website hacks that's happened these past few days (Apple Dev site, Yii Framework site)

It is likely related.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


MadMick

Thanks for the notification guys, password on here and my own forum changed.

Regards,

Mick.

AHN Moderators - Can explain it to you, but they can't understand it for you"

SleePy

Quote from: 青山 素子 on July 25, 2013, 11:31:41 AM
Please make sure to let the people running the Apple Developer website, NASDAQ forums, Ubuntu forums, Club Nintendo, Morningstar Document Research, and Ubisoft's account system know the same too.
And that is just the tip of the iceberg!  Although I am sure you didn't continue to list to not sound repetitive  :P
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

Deaks

~~~~
Former SMF Project Manager
Former SMF Customizer

"For as lang as hunner o us is in life, in nae wey
will we thole the Soothron tae owergang us. In truth it isna for glory, or wealth, or
honours that we fecht, but for freedom alane, that nae honest cheil gies up but wi life
itsel."

Locksmith Trader

Tackling the issue head on is the only way. I would like to have my chances over not to make the mistakes I have made.
On my own forum for some weeks I have noticed several failed attempts to log on as an administrator so someone is trying all the time even at my little site

Thank you for letting me know
Thank you for making me think
Thank you for reminding me that complacency is the enemy - many a battle was lost because someone fell asleep

If the big guys can be hacked then we can only do the very best we can.
We install strong locks fully aware of the fact that the burglar will just bring a bigger lever

As for the dummy spit- Remember that all people can please you, some when they arrive and some when they leave :D

Keep up the good work moderators- I for one appreciate your work and help when I need it.

Pawan

Oh Man, Hacker has attack globally. I use different password for all my accounts. :)

miDnIghtEr20C

Got the email today.. thanks for the  heads up. 

vtel57

Account password changed.

Thanks for the fast alert.

Regards,

~Eric

a10

2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

gobbler


josan

Account password changed.

Thanks for the fast alert.

Regards.


PosibleHost.Com » Proudly serving websites since 2009.
Shared Hosting » Reseller Hosting » VPS Servers. At An Affordable Price.
English and Spanish 24/7 Support Staff!

kat

Quote from: gobbler on July 26, 2013, 05:09:41 AM
You outta be sued for negligence.

Away you go, then. See you in court. :)

MadMick

Hey guys,

Just to put this in some sort of perspective for the few drama queens in this thread, the following is a "real" serious security breach  ::)

http://www.sportingshootermag.com.au/news/firearms-data-compromised-says-nsw-police-sergeant
Regards,

Mick.

AHN Moderators - Can explain it to you, but they can't understand it for you"

petabyte

Thank you for the quick action  received the email about an hour ago, checked and changed the few places that use the same password.  Done and done.

Really not sure why people are going off at the admin here,  mistake was made - sure, we all make them - it happens, what people should judge is how the mistake is 'cleaned up' - for that, SMF has done well, very well.

My username here is unique, as in I do not use it anywhere... and upon checking the password was used for 4 other sites I frequent, all changed.


aprilreign

Thanks for the info. Passwords changed.

Advertisement: