NOTICE SECURITY NOTICE - everybody read

Discussion in 'Site Help and Suggestions' started by retro, Oct 29, 2016.

  1. CodeAsm

    CodeAsm ohci_write: Bad offset 30

    Joined:
    Dec 22, 2010
    Messages:
    1,500
    Likes Received:
    176
    Amazon send me an email telling me to change my password. nothing anywhere about them being hacked, probably everybody is warning erverybody. gonna change all my passwords soon
     
  2. UnrealNStuff

    UnrealNStuff Robust Member

    Joined:
    May 20, 2013
    Messages:
    273
    Likes Received:
    81
    Ebay did the same to me fam
     
  3. Johnace 2.0

    Johnace 2.0 Member

    Joined:
    Aug 6, 2015
    Messages:
    15
    Likes Received:
    3
    This makes my piss boil.....fucking jokers "advising" you to use different passwords THEN when you have a issue with your password and can't login they will do fuck all to help you!

    Next advise will be to delete your account before the hackers do....dicks.
     
  4. Rogue

    Rogue Intrepid Member

    Joined:
    Feb 16, 2008
    Messages:
    638
    Likes Received:
    28
    Thank for the warning.
    I don't think anybody would hack me though. My posts are mostly silly and/or mispelled. n_n
    I wonder if the website to check leaked content is trustworthy though. I don't usually type e-mails anywhere.
     
    Syclopse likes this.
  5. Kaicer

    Kaicer Site Supporter 2014

    Joined:
    Mar 24, 2012
    Messages:
    555
    Likes Received:
    5
    Damn my email appeared compromised on that site with 4 breach.
     
  6. D_Ban

    D_Ban Robust Member

    Joined:
    Aug 11, 2008
    Messages:
    289
    Likes Received:
    348
    HaveIBeenPwned.com is a legit service offered by security researcher Troy Hunt.

    No passwords/hashes are stored within the HiBP database only emails/usernames/names/etc. But no passwords.

    There are other services like this but many are untrustworthy and will expose all information. Many are run by hackers it seems. But HiBP is fully safe to use.

    I've helped Troy get the news out before about some breaches that had been covered up.

    You can read more about him on his twitter/personal website.

    https://twitter.com/troyhunt / https://www.troyhunt.com/
     
    CodeAsm likes this.
  7. Borman

    Borman Digital Games Curator

    Joined:
    Mar 24, 2005
    Messages:
    9,552
    Likes Received:
    1,891
    1 year of premium LastPass is included for new users with the latest humblebundle BTA. Around 7.50 US right now.
     
    D_Ban likes this.
  8. Syclopse

    Syclopse .

    Joined:
    Dec 17, 2013
    Messages:
    1,512
    Likes Received:
    537
    Or use Brainsync.
     
  9. retro

    retro Resigned from mod duty 15 March 2018

    Joined:
    Mar 13, 2004
    Messages:
    10,354
    Likes Received:
    822
    Coincidence.

    No.

    Let's make this absolutely clear:

    ASSEMblergames.com HAS NOT been compromised.

    This is a public service announcement to remind you to take adequate steps to ensure your security online.


    I'll remind you that conversations ARE NOT deleted here unless both parties delete it. Therefore, anyone logging into your account will have access to your PMs. Buy something off someone and give them your address - the hacker has your address. Send them files - the hacker has your files.

    As mentioned above, you should really send sensitive information via a method that you can delete - send a link to a picture with your address and delete the picture afterwards. Use Dropbox or similar to send files, then delete them or rename.

    Site gets hacked... let's call it crapsecurity.com

    USER: Auser
    e-mail: Auser@hotmail.com
    password: crappw123

    What's the first thing you'd do with that info as a hacker?

    Go to Hotmail... you have his e-mail. Try crappw123.

    If that works, and the user saves e-mails, you can now see what other sites he's joined.

    Or... more probably... let's say Auser boasts about having betas here. Someone finds his details in another breach and goes on the hunt for his beta backup. They try logging in here.

    As covered here, we suggest you don't.. although you do so at your own risk if you do. If your account gets banned through association with someone who has used the same IP, it's your fault for using a public VPN. If something happens relating to your account and we look and your IP addresses are all over the place, we will probably assume you have something to hide or are up to no good.

    Amazon looked up all their customers' e-mail addresses on compromised lists (haveIbeenpwned most likely) and told them they found them on there and have changed their password as a security measure, because they automatically assume you'll have used the same password. I believe this is in violation of their TOS as to what they will do with your data. Furthermore, they flat out refuse to tell you where they found the data on you, what data they collected on you or even what site was compromised. As such, it could be that your PayPal was compromised or your bank account and they're not helping you rectify that situation. So long as nobody tries to buy a few books on your card, they don't give a damn.

    It's your responsibility to remember your own password and ensure that your account is always tied to an active e-mail address that you control. ASSEMbler told you to PM him and fill out a form, which (as far as I am aware) you haven't done. If being part of the community meant so much to you, surely you would have signed in when you changed ISP and updated your e-mail address.... or not signed up with your wife's e-mail address in the first place. So who's really the joker? As per the advice given in this thread, this is purely for your own protection.
     
    HEX1GON, Digmac, CodeAsm and 2 others like this.
  10. Moo

    Moo Gutsy Member

    Joined:
    May 3, 2012
    Messages:
    497
    Likes Received:
    177
    I keep getting notices to read this thread. Will they stop if I change my password?
     
    CodeAsm likes this.
  11. HEX1GON

    HEX1GON FREEZE! Scumbag

    Joined:
    May 4, 2011
    Messages:
    9,916
    Likes Received:
    837
    Click the X on the notification. Goes away after that for me.
     
    Last edited: Nov 4, 2016
    CodeAsm likes this.
  12. ZEN

    ZEN Rising Member

    Joined:
    Jan 27, 2016
    Messages:
    54
    Likes Received:
    25
    The game companies are trying to stop us from uploading betas of games pls save us
     
  13. LeHaM

    LeHaM Site Soldier

    Joined:
    May 5, 2013
    Messages:
    2,634
    Likes Received:
    292
    I've been loggin in via a shared Ip because I'm too lazy to turn my vpn off ha
     
  14. Unseen

    Unseen Spirited Member

    Joined:
    Sep 1, 2014
    Messages:
    126
    Likes Received:
    17
    This is considered to be bad security advice nowadays. See for example here or here.
     
    Syclopse likes this.
  15. retro

    retro Resigned from mod duty 15 March 2018

    Joined:
    Mar 13, 2004
    Messages:
    10,354
    Likes Received:
    822
    No. Idiots trying to use similar passwords is a bad idea. Changing your password doesn't mean change a single character... that's just ridiculous.

    Nope.. you've been logging in via SEVERAL shared IPs :p
     
  16. CodeAsm

    CodeAsm ohci_write: Bad offset 30

    Joined:
    Dec 22, 2010
    Messages:
    1,500
    Likes Received:
    176
    Just recieved an email...
    "In August 2016, the Unreal Engine Forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 530k accounts including usernames, email addresses and salted MD5 hashes of passwords."
    same as I use here. if you registered at that forum and did not get updates from https://haveibeenpwned.com/ yet...
     
  17. Nanis149

    Nanis149 Rapidly Rising Member

    Joined:
    Jan 24, 2016
    Messages:
    80
    Likes Received:
    9
    I am confused.
     
  18. ASSEMbler

    ASSEMbler Administrator Staff Member

    Joined:
    Mar 13, 2004
    Messages:
    19,394
    Likes Received:
    995
    Stop using the same damn password for everything.
     
    Digmac, storm132, D_Ban and 2 others like this.
  19. Antonioks

    Antonioks Active Member

    Joined:
    Dec 3, 2015
    Messages:
    25
    Likes Received:
    11
    Thank you for the tips.
     
  20. Eviltaco64

    Eviltaco64 or your money back

    Joined:
    Jul 16, 2008
    Messages:
    1,027
    Likes Received:
    136
    Hello ma'am, I would like the #5 and 3 40s of your finest malt liquor. Just kidding, make it a small Coke!

    Hm,Iwlt#5a340ofyfml. Jk,miasC!

    EDIT:

    When you fill out security questions like, "your favorite color" or "your hometown", do you actually enter in your favorite color or the place where your first job was?

    A lot of it could be considered common knowledge: childhood hero, vacation home, maiden & pet names, etc. In too many instances, it's not very hard to extract that info from social media.

    Creativity is the key!

    If "McDonalds" was your first job like it was for uncountable millions, something like "Not Wendy's", "Hamburglartron 5000", or "help, I've fallen and I can't get up" would be much harder to figure out
    If "blue" is your favorite color, make it "OS/2 Warp" or "the number seven"

    Make it tangible and relative in some way that only clicks in your head.
     
    Last edited: Nov 13, 2016
    Wolfcarnage likes this.

Share This Page