dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
48757
share rss forum feed


antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA
Reviews:
·Comcast
reply to Weirdal

Re: site user password intrusion info

said by Weirdal:

Yes, blame the users for this security hole, not our dearest Justin!

I'm not a crazy person who thinks DSLR should offer identity theft protection, but you're blaming the users when DSLR was storing passwords in plain text. Come on...


I'm not blaming anyone here. I'm simply taking responsibility for my own security. In 2000 a retail site I used was hacked, and they assured everyone that no usable information was compromised. But the next day there was a charge on my account from Moscow, Russia. I got the money back eventually, but not due to any help from the victimized site. That taught me that I was the only one that really cared about securing my information, and I swore not to use any info on any site that duplicated the info I used to protect my sensitive data, to the best of my abilities. So I don't share login info/passwords from any banking/email accounts with any other sites. Your mileage may vary.

Sure, plain text storage was a bad idea, no doubt. Using the same password for multiple sites, including sites where any financial or personal data resides, is an order of magnitude worse. And that's nobody else's fault but the poor dumb schmuck that chose to be so careless.

Glass houses, and all that.
--

"My goal in life is to become the kind of problem that people throw money at".


Mentat
Premium
join:2001-02-25
Sugar Land, TX
reply to tcmits
said by tcmits:

What steps, have been specifically taken, to assure us that any new usernames/passwords, won't be hacked like has happened?

Superfluous commas in every account's password.
--
»mmoQQ.com


GeekNJ
Premium
join:2000-09-23
Waldwick, NJ
Reviews:
·Optimum Online
·Verizon FiOS
reply to Rick
If this was Verizon, Comcast, OOL, Time Warner or any other ISP that had the exact same thing happen, and no financial or personal info beyond what was accessible here was compromised by those sites, it would be front page news on this site, people would be screaming bloody murder and no one would be thanking them for telling us.

The site had multiple flaws already identified just by this once instance. The site was compromised. It's the site's fault, not any user's fault. I would have thought there was better security implemented here on the site but that would have just been my own [incorrect] observation from what else I saw.

Glad it was caught before everyone's data was extracted. Sucks to be one of those users that was impacted.
--
Tweaked your connection? | Mail Parse | Speed Converter


antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA
Reviews:
·Comcast
said by GeekNJ:

Sucks to be one of those users that was impacted.


My account was one of those compromised. Doesn't suck much at all, for me. It's been a trivial inconvenience so far. But it is entertaining to read some of the comments.
Expand your moderator at work


tonycpsu

join:2000-11-30
Pittsburgh, PA
reply to GeekNJ

Re: site user password intrusion info

It is the site's fault (well, the administrators' fault) that the site got compromised. That is correct.

It is also the users' fault for re-using passwords across multiple sites.

These are not incompatible statements. There's plenty of blame to go around.
--
TV: Dish Network
Internet: FiOS 15/5
Expand your moderator at work


antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA

1 edit

Re: site user password intrusion info


edit - since the post that generated this reply was deleted, it makes little sense. So, in the words of Emily Litella, "Never Mind".


fatness
subtle
Premium,ex-mod 01-13
join:2000-11-17
fishing
kudos:14
reply to justin
The identity protection topic is here: »identity protection
--
ain't gonna pee pee the bed tonight


GeekNJ
Premium
join:2000-09-23
Waldwick, NJ
Reviews:
·Optimum Online
·Verizon FiOS
reply to tonycpsu
said by tonycpsu:

It is the site's fault (well, the administrators' fault) that the site got compromised. That is correct.

It is also the users' fault for re-using passwords across multiple sites.

These are not incompatible statements. There's plenty of blame to go around.

I don't disagree that the impact to each user of DSLR being compromised has a direct bearing on what info a user supplied here. I have a thread at »Impacted by DSLR breach - what are your best practices? I'd appreciate your input on.

With your specific response, are you using a different email everywhere so the fact that your email was compromised has no impact on you, you're deleting the account and have a different one setup here with a new one? If you hypothetically start receiving hundreds of spam messages a day, it's no big deal I guess for you since your email was just used here and was throwaway.
--
Tweaked your connection? | Mail Parse | Speed Converter

tcmits

join:2000-06-12
Greenbelt, MD

1 recommendation

reply to tonycpsu
It is the site's fault (well, the administrators' fault) that the site got compromised. That is correct.

It is also the users' fault for re-using passwords across multiple sites.

These are not incompatible statements. There's plenty of blame to go around.

That's not relevant. Did anyone pay for credits to this site? Wasn't there a contract, either real or implied, as a result. Would a reasonable person believe that all necessary measures to protect against this sort of problem was done by the owner?

I do not understand computers well enough to know if a "simple file" as I have read, is enough or not. If it is, then the owner did what they should have done. If it was not, then IMHO, it is time to contact the insurance company for the business, report what occurred and follow their guidance. I would think, at the least, that short-term identity protection would be the minimum suggested by them. A lawyer may have another opinion.

I think this is a business, not a hobby. If I'm wrong, I apologize. If I'm right though, than it needs to be managed as a business.

A good, first, step was the notification. Now comes the crucial follow-up steps such as identity protection, IMHO.

I'm not going to debate this ad nauseum. I will do all that I can to protect myself. If I am exposed to liability of any type as a result, I will reevaluate at that time what my options may be.

Again though, it would be a strong gesture of good faith and customer support/relations, I think, for short-term identity protection to be offered everyone involved in this.


Mentat
Premium
join:2001-02-25
Sugar Land, TX

1 recommendation

You're funny, bro.
--
»mmoQQ.com

tcmits

join:2000-06-12
Greenbelt, MD
reply to fatness
said by fatness:

The identity protection topic is here: »identity protection

This seems to me to be a way to restrict discussion on an issue that goes hand in hand with the breach that occurred.


JRBlood
Premium
join:1999-12-28
Syracuse, NY
reply to fatness
Tanks Got it and changed.


Alcohol
Premium
join:2003-05-26
Climax, MI
kudos:4
reply to tcmits
said by tcmits:

said by fatness:

The identity protection topic is here: »identity protection

This seems to me to be a way to restrict discussion on an issue that goes hand in hand with the breach that occurred.

Yeah, we should be financially reimbursed for this atrocity.
--
I found the key to success but somebody changed the lock.


Raphion

join:2000-10-14
Samsara
Reviews:
·Verizon FiOS
reply to justin
Thanks for the quick heads up Justin.

I have always used unique passwords for every site, so this is no damage on my end.

I hadn't changed my dslreports password in over 11 years though, so it was due for a change anyways.


Ryan
Premium
join:2001-03-03
Braintree, MA
reply to justin
Shit happens. Appreciate your honesty Justin. Working on changing my passwords. Luckly my most important (banking, email) are using different stronger passwords..


Phil
Rojo Sol
Premium
join:2001-06-11
Downers Grove, IL
kudos:2
Reviews:
·Comcast
reply to justin
said by justin:

and your original site password.

Does this mean the password I originally used when signing up at this site back in 2001? I know that I have changed the password many times since then...

psx_defector

join:2001-06-09
Allen, TX
kudos:1

1 recommendation

reply to tcmits
said by tcmits:

A good, first, step was the notification. Now comes the crucial follow-up steps such as identity protection, IMHO.

WTF? Identity protection? You mean you actually use your NAME on the internet?

My drivers license doesn't say PSX_Defector. My CCs don't say PSX_Defector.

There is no identity to protect. My real life persona is not in any way related to my handle on forums like these. I don't think I've ever used my handle anywhere in real life. And notice that the stolen data wasn't anything to do with the payment system, so there is no vector to the real world.

This is an unreasonable demand and would get bounced out of any court in two seconds flat. You have to prove with reasonable expectation that your account info here led to a direct harm. Most you will get is tertiary damage, your info here was used to get into your email account which was then used to provide a man in the middle effort to get your info.


HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
Reviews:
·TekSavvy DSL
·TekSavvy Cable
reply to justin
I was lucky that I used a different password for DSLR.

I think I need to review my passwords on other sites and see where i use what...

Thanks for the heads up Justin.
--
BUCK FELL. From UBB to AVP. Same wolf in sheep's clothing.


Barbara Ann
Premium,MVM
join:2000-10-17
reply to justin
Thanks Justin for being so quick to spot it and letting us know.
I have already changed 128 sites where I use the same e-mail address.

armarshall
Premium
join:2000-12-28
Bedford, MA
reply to krd
Ditto. The link did not go to the main topic.

donaldk
Premium
join:2000-10-19
Halifax, NS
reply to justin
Thanks for the heads up, thankfully this site I used a rare username/password combo and it only shared with one other forum (its changed too).

I have multiple user/pass pairs and they are zoned.

Keping systems secure nowadays is not just a one day deal.... its a constant game of cat and mouse.

markbot3

join:2001-02-07
Palm Harbor, FL
reply to Barbara Ann
I just had someone try to set up a Windows Live ID using my email account that was compromised during the PlayStation thing and the DSLReports thing. So someone is trying to use what they have.

Just so you know.


Kevin83165

join:2002-03-31
Herrin, IL
reply to justin
At least this guy was up front with us and let us know about this breach. I must say I am concerned now and have been all day at work and I hope noone gets in to anything else of mine


jrobert69
How High?
Premium
join:2001-05-19
Rochester, NH
reply to justin
Dont see what the big deal is. What are they gonna post for me?
Anybody that this has a negative impact on should not have a single password for multiple sites. Thats just common internet sense. It happened dealt with quickly and is over. Move along nothing to see here.
--
Spring at last


Phil
Rojo Sol
Premium
join:2001-06-11
Downers Grove, IL
kudos:2
Reviews:
·Comcast
said by jrobert69:

Dont see what the big deal is. What are they gonna post for me?
Anybody that this has a negative impact on should not have a single password for multiple sites. Thats just common internet sense. It happened dealt with quickly and is over. Move along nothing to see here.

You're wrong. This is a big deal.


jig

join:2001-01-05
Hacienda Heights, CA
reply to markbot3
so, apparently, we have maybe one possible attempt to use the info out of the selection that got taken.

i would like people to post here if they see further attempts to use their dslr credentials. if you can get access to any logs of such, keep them and (in private) offer them to justin or fatness.

aside from that, i'll reiterate my questions before: are the current/new passwords more secure than the last ones? is the site fairly secure against, for example, a back door installed when the intruders got in the first time?
--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.

zeusage

join:2002-06-04
Los Angeles, CA
reply to justin
Justin,

Will you please answer the question that several people have now asked.

Have the usernames also been compromised?

hrobins
Premium
join:2000-10-15
White Rock, BC
reply to justin
Justin, thanks for the heads up. It takes a true person to admit when they goofed up and I respect that you are trying to make things right. While there are going to be upset users at least you did the right thing. Thanks again.