As far as I know, foc-u has not been hacked and no data has been stolen. This post is just a warning, a heads-up.
** Forum hacking has become more and more common. **
There's nothing bad about foc-u's security and we are probably not big enough to be a target. However we should have it in mind.
Therefore: - Don't have the same password for foc-u as your banks (etc).
- Don't send personal information via PM. If you have done so then delete those PMs.
Please note that this is not related to getting spam postings, which you should continue to report using the 'Report to moderator' link.
Personally, I never post anything to the internet I have any intention of keeping private. I think the most personal stuff I've sent by PM has been my number and email. And my email's been hacked before now anyway.... :rolleyes
The Deef's apprentice
Just to confirm for anyone who took part in the Silicone hose group buy that I have deleted all your personal info from my PM's a long time ago. 
Chris
![[Image: 208008.png]](http://badges.fuelly.com/images/smallsig-uk/208008.png)
It wouldn't be fun if it was easy, I just wish it wasn't this much fun.
Thanks Farjo, deadeye was chatting to me about this sort of thing yesterday as he's a crook , i mean an IT guru! 
Ive now gone through all of my messages & deleted any sensitive data.surprising how much was there.
Actually ive also gone way back to my introduction & deleted it too as i told my life story on there.
Once deleted is there pretty much no way of hacking the info???, well unless you were GCHQ, but i take it you have like a bulk delete of deleted info or something?
We should prob keep this thread bumped & see if most of the forum can do some spring cleaning.
Easiest way to go fast........don't buy a blue bike
Once its deleted mate its gone. Well, that's how it works on the bulletin database anyway, smf may be slightly different.
(30-08-13, 09:58 AM)mickvp link Wrote: Once its deleted mate its gone. Well, that's how it works on the bulletin database anyway, smf may be slightly different.
Cheers Mick
Easiest way to go fast........don't buy a blue bike
I use lastpass to create and manage random passwords. I can highly recommend it.
As for your bank logon mine is about 15 stages and requires blood and urine samples to get in to. So anyone that wants those has to have a screw loose.
I'd also recommend giving credit card details (verbally if possible) as the credit card company will reimburse you against fraudulent use.
Opinions are like A**holes, Everyone has one. Some people seem to have more than one though which is a bit odd.
Deleted all PM's that I have sent and received to keep peoples minds at rest. I always delete messages with personal details immediately.
Daz
She Ain't Exactly Pretty, She Ain't Exactly Small, Fourt'two Thirt'ninefiftysix
You Could Say She's Got It All.
Opinions are like A**holes, Everyone has one. Some people seem to have more than one though which is a bit odd.
:rollin :rollin :rollin That man is priceless and a foc-u from his friendly fan who had to proof him a knob jockey on this occasion :lol
Daz
She Ain't Exactly Pretty, She Ain't Exactly Small, Fourt'two Thirt'ninefiftysix
You Could Say She's Got It All.
Would it be possible to put an expiration date on message? So say after two months they automatically get deleted.
Nice suggestion, however it would upset many people who keep useful information in their PMs.
I think he means an optional expiry date which you as the user can set on messages that you send. In any case, there is nothing to guarantee that the end user won't copy that data to some other place. The only guaranteed security is to not send sensitive information that could be compromising and lets not even talk about man-in-the-middle attacks...
Can the login passwords not be encrypted?
That's web security for dummies stuff!!
(01-09-13, 07:16 PM)goldfazer link Wrote:Can the login passwords not be encrypted?
That's web security for dummies stuff!! This kinda stuff :-) http://stackoverflow.com/questions/54824...rd-as-salt
Opinions are like A**holes, Everyone has one. Some people seem to have more than one though which is a bit odd.
I'd be horrifically surprised if SMF didn't use MD5 as a minimum on the passwords. These days though, MD5 is beginning to show a weakness against the sheer processing power available in modern machines coupled with the use of Rainbow Tables (too large a topic to cover)
On most systems I work with I use SHA-1 as minimum but am often using SHA-256 now
I just whisper very quietly... :pc
Apparently bcrypt is the way forward but who knows.... I'm guessing security and mathematics experts. I.e. not me.
http://codahale.com/how-to-safely-store-a-password/
Opinions are like A**holes, Everyone has one. Some people seem to have more than one though which is a bit odd.
(01-09-13, 07:16 PM)goldfazer link Wrote: Can the login passwords not be encrypted?
That's web security for dummies stuff!! Yes they're encrypted, however this is whar I've read elsewhere:
"Yes, they are encrypted. Unfortunately it's possible to brute force with about 3 billion, or more, attempts *per second*.
A very interesting article about that, if you care, is located here:
http://www.zdnet.com/blog/hardware/cheap...less/13125"
I'm not sure if you have implemented this or not, but if not, you could add something that times users out after xx minutes if they make xx number of failed logins. It still doesn't solve the problem, but its a deterrent.
|
![[Image: 151860.png]](http://badges.fuelly.com/images/smallsig-uk/151860.png)
![[Image: 242673.png]](http://badges.fuelly.com/images/smallsig-uk/242673.png)
![[Image: 174802.png]](http://badges.fuelly.com/images/smallsig-uk/174802.png)
