+- Fazer Owners Club - Unofficial (https://foc-u.co.uk/mybb)
+-- Forum: General (https://foc-u.co.uk/mybb/forumdisplay.php?fid=65)
+--- Forum: General (https://foc-u.co.uk/mybb/forumdisplay.php?fid=69)
+--- Thread: foc-u, hacking and your data (a warning) (/showthread.php?tid=65251)
Pages:
1
2
foc-u, hacking and your data (a warning) - Farjo - 29-08-13
As far as I know, foc-u has not been hacked and no data has been stolen. This post is just a warning, a heads-up.
** Forum hacking has become more and more common. **
There's nothing bad about foc-u's security and we are probably not big enough to be a target. However we should have it in mind.
Therefore:
- Don't have the same password for foc-u as your banks (etc).
- Don't send personal information via PM. If you have done so then delete those PMs.
Please note that this is not related to getting spam postings, which you should continue to report using the 'Report to moderator' link.
Re: foc-u, hacking and your data (a warning) - ChristoT - 29-08-13
Personally, I never post anything to the internet I have any intention of keeping private. I think the most personal stuff I've sent by PM has been my number and email. And my email's been hacked before now anyway.... :rolleyes
Re: foc-u, hacking and your data (a warning) - Chris - 30-08-13
Just to confirm for anyone who took part in the Silicone hose group buy that I have deleted all your personal info from my PM's a long time ago.
Chris
Re: foc-u, hacking and your data (a warning) - noggythenog - 30-08-13
Thanks Farjo, deadeye was chatting to me about this sort of thing yesterday as he's a crook
, i mean an IT guru! 
Ive now gone through all of my messages & deleted any sensitive data.surprising how much was there.
Actually ive also gone way back to my introduction & deleted it too as i told my life story on there.
Once deleted is there pretty much no way of hacking the info???, well unless you were GCHQ, but i take it you have like a bulk delete of deleted info or something?
We should prob keep this thread bumped & see if most of the forum can do some spring cleaning.
Re: foc-u, hacking and your data (a warning) - mickvp - 30-08-13
Once its deleted mate its gone. Well, that's how it works on the bulletin database anyway, smf may be slightly different.
Re: foc-u, hacking and your data (a warning) - noggythenog - 30-08-13
(30-08-13, 09:58 AM)mickvp link Wrote: Once its deleted mate its gone. Well, that's how it works on the bulletin database anyway, smf may be slightly different.
Cheers Mick
Re: foc-u, hacking and your data (a warning) - simonm - 30-08-13
I use lastpass to create and manage random passwords. I can highly recommend it.
As for your bank logon mine is about 15 stages and requires blood and urine samples to get in to. So anyone that wants those has to have a screw loose.
I'd also recommend giving credit card details (verbally if possible) as the credit card company will reimburse you against fraudulent use.
Re: foc-u, hacking and your data (a warning) - dBfazer600 - 30-08-13
Deleted all PM's that I have sent and received to keep peoples minds at rest. I always delete messages with personal details immediately.
Daz
Re: foc-u, hacking and your data (a warning) - simonm - 30-08-13
Ol Jezza makes me laugh
http://news.bbc.co.uk/2/hi/7174760.stm
Re: foc-u, hacking and your data (a warning) - dBfazer600 - 30-08-13
:rollin :rollin :rollin That man is priceless and a foc-u from his friendly fan who had to proof him a knob jockey on this occasion :lol
Daz
Re: foc-u, hacking and your data (a warning) - His Dudeness - 31-08-13
Would it be possible to put an expiration date on message? So say after two months they automatically get deleted.
Re: foc-u, hacking and your data (a warning) - Farjo - 31-08-13
Nice suggestion, however it would upset many people who keep useful information in their PMs.
Re: foc-u, hacking and your data (a warning) - Dead Eye - 31-08-13
I think he means an optional expiry date which you as the user can set on messages that you send. In any case, there is nothing to guarantee that the end user won't copy that data to some other place. The only guaranteed security is to not send sensitive information that could be compromising and lets not even talk about man-in-the-middle attacks...
Re: foc-u, hacking and your data (a warning) - goldfazer - 01-09-13
Can the login passwords not be encrypted?
That's web security for dummies stuff!!
Re: foc-u, hacking and your data (a warning) - simonm - 01-09-13
(01-09-13, 07:16 PM)goldfazer link Wrote:Can the login passwords not be encrypted?This kinda stuff :-) http://stackoverflow.com/questions/5482437/md5-hashing-using-password-as-salt
That's web security for dummies stuff!!
Re: foc-u, hacking and your data (a warning) - Dead Eye - 01-09-13
I'd be horrifically surprised if SMF didn't use MD5 as a minimum on the passwords. These days though, MD5 is beginning to show a weakness against the sheer processing power available in modern machines coupled with the use of Rainbow Tables (too large a topic to cover)
On most systems I work with I use SHA-1 as minimum but am often using SHA-256 now
Re: foc-u, hacking and your data (a warning) - nick crisp - 01-09-13
I just whisper very quietly... :pc
Re: foc-u, hacking and your data (a warning) - simonm - 01-09-13
Apparently bcrypt is the way forward but who knows.... I'm guessing security and mathematics experts. I.e. not me.
http://codahale.com/how-to-safely-store-a-password/
Re: foc-u, hacking and your data (a warning) - Farjo - 03-09-13
(01-09-13, 07:16 PM)goldfazer link Wrote: Can the login passwords not be encrypted?Yes they're encrypted, however this is whar I've read elsewhere:
That's web security for dummies stuff!!
"Yes, they are encrypted. Unfortunately it's possible to brute force with about 3 billion, or more, attempts *per second*.
A very interesting article about that, if you care, is located here:
http://www.zdnet.com/blog/hardware/cheap-gpus-are-rendering-strong-passwords-useless/13125"
Re: foc-u, hacking and your data (a warning) - mickvp - 03-09-13
I'm not sure if you have implemented this or not, but if not, you could add something that times users out after xx minutes if they make xx number of failed logins. It still doesn't solve the problem, but its a deterrent.