Everyone Change Your Forum Password Now - Not a joke

Avlis Headlines - www.avlis.org

Moderator: Dungeon Masters

User avatar
Ghostie
CCC
CCC
Posts: 4789
Joined: Sun Dec 18, 2005 10:06 pm
Timezone: CET (UTC+1)

Re: Everyone Change Your Forum Password Now - Not a joke

Post by Ghostie » Sun Nov 02, 2008 7:48 pm

Jo' d wrote:Alex sez:
...Zebranky got a hold of a PW...
...With this he has the ability to reverse the encryption on forums PWs and log in as someone else.
Could we have an informative (think low level internet law savvy here) post with pertinent info, as to the legal ramifications this char 'Zebranky' has opened himself too, by his actions? Do we have anyone speaking with this person in RL? Do we know who he/she is in RL? I have changed all my PWs (copap wide), but still do not understand the tech as to what he learned and any effects it could have on my internet exp or my privacy.

Sorry for what may be lame questions, I suspect Im not alone in the community as to being a little (in truth, 'little' doesnt do me justice, 'seriously' would be closer to the mark) deficient in Techspeak literacy.
Unless you start posting your bank details online, I wouldn't worry about it. The information that Zebranky got access to is also accessible by Avlis admins, i.e ninja, xarthna and Sunscream. The passwords on the forums are encrypted and not easily (note: not impossible, but very very very very very very very very difficult to decode.)

Changing your forum passwords was a precaution, not a necessity. There is no risk to your personal information.
Your password must contain at least 8 letters, a capital, a plot, a protagonist with good character development, a twist, and a happy ending.

Snow
Team Member; Retired with Honors
Posts: 5822
Joined: Sun Jul 11, 2004 2:27 am

Re: Everyone Change Your Forum Password Now - Not a joke

Post by Snow » Sun Nov 02, 2008 9:51 pm

I think that by having the db he can log in with any account but he can't see the actual password since it's encrypted. I'm not expert though so I could be wrong.

User avatar
Faeldridge
Scholar of Fools
Posts: 451
Joined: Tue May 24, 2005 11:47 pm
Contact:

Re: Everyone Change Your Forum Password Now - Not a joke

Post by Faeldridge » Mon Nov 03, 2008 2:41 am

I get it... I just don't understand why...

:(

Trole
Prince of Bloated Discourse
Posts: 192
Joined: Thu Sep 20, 2007 8:00 pm

Re: Everyone Change Your Forum Password Now - Not a joke

Post by Trole » Mon Nov 03, 2008 4:10 am

Faeldridge wrote:I get it... I just don't understand why...

:(
He was givin' a choice,
1) resist temptation, continue on path,
2) give in, take up new path of being viewed as a dumbass thief by a whole bunch of people

I view it like the sceen from IJLC, the knight says, "He did not choose wisely", after the dude ages turning into dust dead and gone..

User avatar
DeadEyeDave
Scholar
Posts: 1355
Joined: Thu Jan 04, 2007 9:41 pm
Location: schwenksville
Contact:

Re: Everyone Change Your Forum Password Now - Not a joke

Post by DeadEyeDave » Mon Nov 03, 2008 4:12 am

so this dude is a DM or something on hades? can avlis chars still go to hades? would going there do anything bad to my chars?
Bad poetry?
Oh noetry!

User avatar
Pekarion
Sage
Posts: 1768
Joined: Tue May 13, 2003 2:03 pm
Timezone: GMT+1
Location: Norway

Re: Everyone Change Your Forum Password Now - Not a joke

Post by Pekarion » Mon Nov 03, 2008 4:36 am

Faeldridge wrote:I get it... I just don't understand why...

:(
I deem it as a case of "curiousity killed the cat"
Ice-T on D&D:
"Dungeons & Dragons is some of the most crazy, deep, deep, deep nerd shit ever invented. Every word you're saying is made up. Motherfuckers talk like Yoda.".

Brayon
Team Member; Retired with Honors
Posts: 4087
Joined: Mon Nov 21, 2005 3:57 am
Timezone: GMT -5
Location: Tampa, Florida
Contact:

Re: Everyone Change Your Forum Password Now - Not a joke

Post by Brayon » Mon Nov 03, 2008 5:09 am

DeadEyeDave wrote:so this dude is a DM or something on hades? can avlis chars still go to hades? would going there do anything bad to my chars?
As far as I know Hades has been disconnected from CoPaP. I know that Hala cut their link when news of this got out.

Hades was also going to close shop, in a few weeks as well.

EDIT: He was a World Leader, like Orleron, Themi, Arkon, TaryRayC....

Pleth is the Best!
AJ is Arcadia's Brother


CoPaP Ambassador for Arkaz, DM Ralyorm for Arkaz/Hala.

Jo' d
Silver Member
Posts: 1234
Joined: Wed Jun 16, 2004 3:10 pm
Location: Somewhere called Ar-Kansas (-6 GMT)

Re: Everyone Change Your Forum Password Now - Not a joke

Post by Jo' d » Mon Nov 03, 2008 5:45 pm

Thanks for the Techspeak lessons. I got the impression of this guys personal char from the posts, and was curious as to what kind of WHup-ass he's got coming his way. I suspect he can access the profiles, and therefore,knows my name and age as well as resident state? If that is in fact the case, and he has that info, I request to know the same of him. For I would know the villains of the RL world firsthand, and spread their infamy for all the world to know.

J
PEACE PLEASE!

User avatar
sinn
Elder Sage
Posts: 4136
Joined: Thu Nov 13, 2003 4:58 pm
Location: CA, USA (GMT - 8 hours)
Contact:

Re: Everyone Change Your Forum Password Now - Not a joke

Post by sinn » Mon Nov 03, 2008 6:16 pm

something else to think about people..

some peeps use the same password for many things.. like their email.. I imagine he may have gotten a list of emails in this ruse he pulled.. if your email PW is the same as your forum PW.. you might want to change that as well...
you can run all your life, but not go anywhere.

User avatar
terror2001
Scholar
Posts: 1030
Joined: Wed Jun 22, 2005 1:48 am
Location: Colorado

Re: Everyone Change Your Forum Password Now - Not a joke

Post by terror2001 » Mon Nov 03, 2008 11:15 pm

Brayon wrote:As far as I know Hades has been disconnected from CoPaP. I know that Hala cut their link when news of this got out.
Hala did cut their link, but that is not the only link to Hades. The other one is still active.
Terror2001
Playing:
Vicky - Maiden Defender and Vanguard Valkyrie of Dre'Ana
Delcina Le'te'te'fer - Verossa's Flame-thrower
Sally (Nadiya) Silverbreeze - Indeed
Badger (Bobb) - Supporter of Freedom Cow
Olivia Stonebridge - Holy imbiber of Mishlekh

User avatar
PlasmaJohn
Team Member; Retired with Honors; Has a Tom Selleck Stache
Posts: 8847
Joined: Fri Dec 26, 2003 10:37 pm
Timezone: US/Eastern
Location: Tyria
Contact:

Re: Everyone Change Your Forum Password Now - Not a joke

Post by PlasmaJohn » Tue Nov 04, 2008 4:49 pm

something else to think about people..

some peeps use the same password for many things..
Ok, enough of the fear-mongering :evil:

Up front, it is a security best practice to change your passwords regularly. If you have not done so in awhile, then this is as good a time as any. While there is a risk, it is reasonably unlikely. I will discuss that at the end.

The passwords are stored as "hashes" which is a "one-way transform". That means that there is no way to derive the password algorithmically. There are techniques that allows one to guess the password but those depend on the user picking something weak like a dictionary word or name. Things like "password" or "P@5sW0rd" are equally bad. If it's not weak, it cannot be guessed.

If the server told you your password was too weak when you created it, then you are at risk. Financial institutions or any other login with elevated security requirements will refuse to let you set a weak one. Many banks will refuse to work with computers that do not have an additional cookie derived from alternate data and require you to use alternative authentications.

Now the risk. An attacker may be able to derive a "collision". What that means is that an equivalent password may be calculated but since this is computationally intensive it is unlikely.
Calvin: This is so cool!
Hobbes: This is so stupid.

User avatar
PsiOmega
CCC
CCC
Posts: 4889
Joined: Tue Jun 08, 2004 4:55 pm
Timezone: GMT+1/+2 (DST)
Location: Sweden
Contact:

Re: Everyone Change Your Forum Password Now - Not a joke

Post by PsiOmega » Tue Nov 04, 2008 5:44 pm

As an addition so does phpBB3 not only hash the password but before that add a string, by default "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" for those curious, your userID (basically the number of registered users when you created your account +1), a string from a file and a few other semi-random (must be repeatable, obviously) things. The collection of all this is then hashed and compared to the hash stored in the database.

While this doesn't make it harder to find another password which creates the same hash it does make it even more unlikely that the attacker finds your real password as well as makes any collisions (with an extremely high probability at least) unusable anywhere else but on these forums.

User avatar
Fifty
Uber Posting Whor3
Posts: 8835
Joined: Mon May 26, 2003 8:45 am
Location: London Town
Contact:

Re: Everyone Change Your Forum Password Now - Not a joke

Post by Fifty » Tue Nov 04, 2008 6:16 pm

Makes me glad I don't reuse the same pasword in very many places. I had the same one here as for a few other low-security message boards, but entirely different ones for each email account, another different one for Facebook, completely different ones for banking, Paypal etc...

Does anyone know who he is in real life?
Hovering around the edges of polite society

User avatar
DeadEyeDave
Scholar
Posts: 1355
Joined: Thu Jan 04, 2007 9:41 pm
Location: schwenksville
Contact:

Re: Everyone Change Your Forum Password Now - Not a joke

Post by DeadEyeDave » Tue Nov 04, 2008 6:26 pm

Fifty wrote:Does anyone know who he is in real life?

I heard he's a secret operative for a Christian Childrens Charity, and he's trying to gather information so they can weed out the bad money. heh
Bad poetry?
Oh noetry!

User avatar
NecroZombie
Team Member; Retired with Honors
Posts: 2744
Joined: Tue May 11, 2004 10:28 pm
Timezone: GMT -5
Location: The Republic of Texas

Re: Everyone Change Your Forum Password Now - Not a joke

Post by NecroZombie » Tue Nov 04, 2008 8:16 pm

Does anyone know who he is in real life?
Narrowing down where he lives now.

Just wanted to spread the word of jesus and pray with him a bit.
CoEMF
:devil:
spool32 wrote: [spool32] Gorethar : [Talk] As a Team, we're very pro-evil.

User avatar
ninja
Legacy DM
Legacy DM
Posts: 6602
Joined: Wed Apr 07, 2004 1:01 am
Timezone: GMT -5
Location: Chicago, IL, USA
Contact:

Re: Everyone Change Your Forum Password Now - Not a joke

Post by ninja » Tue Nov 04, 2008 8:50 pm

and that's the thread...
Interested in being an interviewee or an interviewer for a community interview, send me a PM!
Go here for your custom DM item.
"Mages are over powered" - Spool32, previous head DM, said 300 times during Austin meet.

Locked