Go Back   Android Forums > Android Forums Community > Site Updates & Announcements

Like Tree101Likes

test: Reply
 
LinkBack Thread Tools
Old July 12th, 2012, 06:53 PM   #151 (permalink)
Member
 
TVictory's Avatar
 
Join Date: Aug 2010
Posts: 161
 
Device(s):
Carrier: Not Provided

Thanks: 52
Thanked 256 Times in 71 Posts
Default

Quote:
Originally Posted by Kaldek View Post
I'm interested in whether the password hashes were salted. I'll feel better knowing they were salted.
Each user has his/her own unique salt.

Advertisements
TVictory is offline  
Reply With Quote
The Following User Says Thank You to TVictory For This Useful Post:
Kn1nJa (July 12th, 2012)
sponsored links
Old July 12th, 2012, 06:56 PM   #152 (permalink)
~Play Nice~
 
Unforgiven's Avatar
 
Join Date: Jun 2010
Location: Douglas, MA
Gender: Male
Posts: 24,939
 
Device(s): Moto X Developer Edition, Nexus 7 (2012 & 2013), Note II, S3
Carrier: Not Provided

Thanks: 15,578
Thanked 16,918 Times in 9,307 Posts
Default

They are salted as well. This was mentioned by the forum admin earlier in the thread so I am just repeating what he said as I really don't know what that means.

Seems like peanuts to me.
__________________

Join the fun and make some friends, register for free here.
If someone helped, hit Thanks, if you see rude or abusive posts, spam, or threads that need staff attention, hit Report.
Site Rules / Android Forums FAQ
*** Do you want to talk guns? ***

Unforgiven is offline  
Reply With Quote
Old July 12th, 2012, 07:03 PM   #153 (permalink)
4 8 15 16 23 42
 
Xyro's Avatar
 
Join Date: Dec 2009
Location: UK
Posts: 12,238
 
Device(s): SGS3, Nexus 7, HTC Desire HD, HTC Hero (GSM)
Carrier: Orange

Thanks: 3,280
Thanked 7,641 Times in 4,000 Posts
xyro.af@gmail.com
Default

Quote:
Originally Posted by Kaldek View Post
I'm interested in whether the password hashes were salted. I'll feel better knowing they were salted.
They were salted, yes.
__________________
Site Rules/Guidelines

If you see a post that needs a mod's attention, hit the button.
Xyro is offline  
Reply With Quote
Old July 12th, 2012, 07:16 PM   #154 (permalink)
Member
 
TVictory's Avatar
 
Join Date: Aug 2010
Posts: 161
 
Device(s):
Carrier: Not Provided

Thanks: 52
Thanked 256 Times in 71 Posts
Default

Quote:
Originally Posted by Xyro View Post
They were salted, yes.
Thanks for hitting up the reddit thread in /r/android.
TVictory is offline  
Reply With Quote
Old July 12th, 2012, 07:30 PM   #155 (permalink)
4 8 15 16 23 42
 
Xyro's Avatar
 
Join Date: Dec 2009
Location: UK
Posts: 12,238
 
Device(s): SGS3, Nexus 7, HTC Desire HD, HTC Hero (GSM)
Carrier: Orange

Thanks: 3,280
Thanked 7,641 Times in 4,000 Posts
xyro.af@gmail.com
Default

Quote:
Originally Posted by TVictory View Post
Thanks for hitting up the reddit thread in /r/android.
No problem

I probably should have thought to post it there when I found /r/android a few days ago.
Xyro is offline  
Reply With Quote
Old July 12th, 2012, 08:25 PM   #156 (permalink)
Member
 
Blacklight82's Avatar
 
Join Date: May 2010
Posts: 209
 
Device(s): Samsung Galaxy S3, Logitech Revue
Carrier: Not Provided

Thanks: 12
Thanked 31 Times in 25 Posts
Default

Changed my password but someone tried 50 times (got 10 emails) to get into my account. Pathetic punk.
Blacklight82 is offline  
Reply With Quote
Old July 12th, 2012, 08:28 PM   #157 (permalink)
~Play Nice~
 
Unforgiven's Avatar
 
Join Date: Jun 2010
Location: Douglas, MA
Gender: Male
Posts: 24,939
 
Device(s): Moto X Developer Edition, Nexus 7 (2012 & 2013), Note II, S3
Carrier: Not Provided

Thanks: 15,578
Thanked 16,918 Times in 9,307 Posts
Default

Quote:
Originally Posted by Blacklight82 View Post
Changed my password but someone tried 50 times (got 10 emails) to get into my account. Pathetic punk.
Check your phone for any apps that connect to the forum (Tapatalk, Forum Runner, or the official AF app) as they will keep polling the site under your old credentials. Log out of those apps and log back in with your new password.
Unforgiven is offline  
Reply With Quote
The Following User Says Thank You to Unforgiven For This Useful Post:
jbenham (July 13th, 2012)
Old July 12th, 2012, 08:35 PM   #158 (permalink)
4 8 15 16 23 42
 
Xyro's Avatar
 
Join Date: Dec 2009
Location: UK
Posts: 12,238
 
Device(s): SGS3, Nexus 7, HTC Desire HD, HTC Hero (GSM)
Carrier: Orange

Thanks: 3,280
Thanked 7,641 Times in 4,000 Posts
xyro.af@gmail.com
Default

Quote:
Originally Posted by Blacklight82 View Post
Changed my password but someone tried 50 times (got 10 emails) to get into my account. Pathetic punk.
If you want to send us the IP from the emails, we'll be able to compare them to the IPs you've used to visit the site previously.

Please send it via PM or by reporting your post though - it's highly likely that it's your own IP as Unforgiven explained.
Xyro is offline  
Reply With Quote
Old July 12th, 2012, 09:09 PM   #159 (permalink)
Member
 
Blacklight82's Avatar
 
Join Date: May 2010
Posts: 209
 
Device(s): Samsung Galaxy S3, Logitech Revue
Carrier: Not Provided

Thanks: 12
Thanked 31 Times in 25 Posts
Default

Quote:
Originally Posted by Unforgiven View Post
Check your phone for any apps that connect to the forum (Tapatalk, Forum Runner, or the official AF app) as they will keep polling the site under your old credentials. Log out of those apps and log back in with your new password.

Quote:
Originally Posted by Xyro View Post
If you want to send us the IP from the emails, we'll be able to compare them to the IPs you've used to visit the site previously.

Please send it via PM or by reporting your post though - it's highly likely that it's your own IP as Unforgiven explained.
Done and done.
Blacklight82 is offline  
Reply With Quote
Old July 12th, 2012, 09:38 PM   #160 (permalink)
wly
Junior Member
 
Join Date: Aug 2010
Posts: 17
 
Device(s):
Carrier: Not Provided

Thanks: 1
Thanked 0 Times in 0 Posts
Default

If you guys really cared about security of your users, you would send out a mass email to every user with the information you provided in this post.

I don't log in often and found out about this from slashdot.
DenverRalphy likes this.
wly is offline  
Reply With Quote
sponsored links
Old July 12th, 2012, 10:03 PM   #161 (permalink)
New Member
 
Join Date: May 2012
Posts: 5
 
Device(s):
Carrier: Not Provided

Thanks: 8
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by wly View Post
If you guys really cared about security of your users, you would send out a mass email to every user with the information you provided in this post.

I don't log in often and found out about this from slashdot.
Whoa! Take it easy...

You obviously have no clue just how challenging it is to recover from a breach like this.

They did an excellent job of getting this under control.
droidsix is offline  
Reply With Quote
Old July 12th, 2012, 11:35 PM   #162 (permalink)
Member
 
Rootmepls's Avatar
 
Join Date: Jan 2011
Location: NorCal
Posts: 264
 
Device(s): Samsung Captivate:Rooted&ROMed iPhone 3G:Jailbroken w/redsn0w_win_0.9.6rc8 Xoom:Stock
Carrier: Not Provided

Thanks: 13
Thanked 29 Times in 22 Posts
Default

Saw the news on Slashdot and came right over. Gave me time to change my sig on this site. Luckily I'm one of those people that uses a different password on every site so no worries.

Keep up the good work!
__________________
Phone: SGS3 US AT&T Stock
Phone: Retired SGS Captivate SGH-I897 AT&T
ROM: AOKP Milestone 6
Tablet: WiFi Xoom ICS 4.0.4
ROM: Team Eos ICS 2.0.0 Stable
Rootmepls is offline  
Reply With Quote
Old July 12th, 2012, 11:42 PM   #163 (permalink)
Member
 
Join Date: Dec 2010
Posts: 312
 
Device(s): HTC Thunderbolt&Samsung Fascinate
Carrier: Not Provided

Thanks: 72
Thanked 21 Times in 18 Posts
Default

Thanks for the warning and the info. The time spent to help us understand the threat and the possibilities is terrific. On the other hand. Although I have changed password, I am still getting an email box full of attempt emails even still at 1 AM. Friday. Someone is still trying to access.
__________________

djb28 is offline  
Reply With Quote
Old July 12th, 2012, 11:51 PM   #164 (permalink)
Member
 
Join Date: Dec 2010
Posts: 312
 
Device(s): HTC Thunderbolt&Samsung Fascinate
Carrier: Not Provided

Thanks: 72
Thanked 21 Times in 18 Posts
Default

I dont know if it helps. But the person who attempted to log in to my account has tried 18 times so far tonight. Each and every email says the same IP address from them. [Hidden]
djb28 is offline  
Last edited by Xyro; July 13th, 2012 at 12:39 AM.
Reply With Quote
Old July 13th, 2012, 12:38 AM   #165 (permalink)
4 8 15 16 23 42
 
Xyro's Avatar
 
Join Date: Dec 2009
Location: UK
Posts: 12,238
 
Device(s): SGS3, Nexus 7, HTC Desire HD, HTC Hero (GSM)
Carrier: Orange

Thanks: 3,280
Thanked 7,641 Times in 4,000 Posts
xyro.af@gmail.com
Default

Quote:
Originally Posted by djb28 View Post
I dont know if it helps. But the person who attempted to log in to my account has tried 18 times so far tonight. Each and every email says the same IP address from them.
That IP comes within a range of myvzw (Verizon, I believe) addresses that you have regularly used to post here.

Please check update your outdated password on all of your forum related apps, even if you don't think they're the culprit, and let us know if they stop.
Xyro is offline  
Reply With Quote
The Following User Says Thank You to Xyro For This Useful Post:
jbenham (July 13th, 2012)
Old July 13th, 2012, 12:41 AM   #166 (permalink)
Member
 
DenverRalphy's Avatar
 
Join Date: May 2010
Location: Aurora CO
Posts: 440
 
Device(s): Galaxy Nexus
Carrier: Not Provided

Thanks: 13
Thanked 86 Times in 65 Posts
Send a message via AIM to DenverRalphy Send a message via Yahoo to DenverRalphy
Default

Quote:
Originally Posted by wly View Post
If you guys really cared about security of your users, you would send out a mass email to every user with the information you provided in this post.

I don't log in often and found out about this from slashdot.
QFT. If I hadn't been reading Slashdot, it would have been a while before I learned about it. A mass email takes only a few moments to send out.
__________________
"Some see the glass as half-empty, some see the glass as half-full. I see the glass as too big." --George Carlin
DenverRalphy is offline  
Reply With Quote
The Following User Says Thank You to DenverRalphy For This Useful Post:
heero884 (July 13th, 2012)
Old July 13th, 2012, 03:52 AM   #167 (permalink)
Junior Member
 
Join Date: Jul 2011
Location: Chicago
Posts: 27
 
Device(s): Moto Photon
Carrier: Not Provided

Thanks: 11
Thanked 5 Times in 3 Posts
Default

Quote:
Originally Posted by dervari View Post
A "solution" shouldn't have been needed. This type of thing should not have happened in the first place.
^^This! Agreed. :-/
DMC-12 is offline  
Reply With Quote
Old July 13th, 2012, 05:45 AM   #168 (permalink)
New Member
 
xploited's Avatar
 
Join Date: Sep 2010
Posts: 11
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 4 Times in 3 Posts
Default

Oh damn how much I hate you guys now.

I only registered on these forums because of your "greed" policies - hiding info and download links from unregistered users.

Not only do you lock up information posted on your forums (kudos to the android openness spirit), you also don't bother patching the forums against knows exploits.

But hey, thank you for leaking my info to spammers / thiefs. Luckily I use separate passwords for public forums and my main sensitive accounts.

And I find out about this from major news sites? I guess you didn't bother sending a mass email to your user list either.

Lesson of the day - don't make people register if you are amateurs in security.
xploited is offline  
Last edited by xploited; July 13th, 2012 at 05:48 AM.
Reply With Quote
The Following 2 Users Say Thank You to xploited For This Useful Post:
heero884 (July 13th, 2012), knightresearch (July 13th, 2012)
Old July 13th, 2012, 06:55 AM   #169 (permalink)
Beware The Milky Pirate!
 
El Presidente's Avatar
 
Join Date: Jan 2011
Location: Scotland
Posts: 27,268
 
Device(s): Xperia Z1, Nexus 7 3G, HTC One X, SGS3 Mini
Carrier: EE

Thanks: 14,350
Thanked 16,351 Times in 8,750 Posts
Default

I'm sorry you feel that way, it obviously wasn't intentional and the admin and devs have done all they can to be as transparent as possible about what went on and what they've done to resolve.

Fwiw, we're not the only site (Android or otherwise) that requires registration to view download links, it's not that uncommon. Likewise, we're not the only high profile site/organisation to be a victim of something like this and we most certainly won't be the last. As above, Phases and the rest of the team have done all they can to ensure everyone is fully informed of what went on and what they're doing to ensure something like this doesn't happen again.
Crashumbc likes this.
__________________
Site Rules & Guidelines / Staff List / Ask the Staff
Want to bring naughty posts to our attention? Use:
Be respectful to each other - That's what we're all about.
El Presidente is online now  
Reply With Quote
The Following 6 Users Say Thank You to El Presidente For This Useful Post:
CafeKampuchia (August 8th, 2012), Crashumbc (July 13th, 2012), mamawm (July 15th, 2012), NightAngel79 (July 21st, 2012), Unforgiven (July 13th, 2012), Xyro (July 13th, 2012)
Old July 13th, 2012, 08:06 AM   #170 (permalink)
Senior Member
 
Join Date: Apr 2010
Location: B'more
Posts: 1,805
 
Device(s): LG G4, S4 (VZW)[died a early death] , (old)Galaxy Nexus (LTE), (old)HTC Incredible, (oldest phone)Sa
Carrier: Not Provided

Thanks: 1,633
Thanked 790 Times in 484 Posts
Default

Personally, I think you should ban the idiots posting stupid crap. like the few above me.

They

A. HAVE NO UNDERSTANDING computer security. It's like saying anyone that's ever had their car broken into, is at fault. You can lock your, use security system, park in "safe" areas. It CAN still happen.

B. Probably have been violated on a dozen forums, they just never knew because, most admins don't have balls to do the responsible thing and notify their user base. (much less offer a detailed explanation)

Again, phases and others, you have my heart felt thanks for doing the right thing. I feel bad for the crap your getting.
Crashumbc is offline  
Reply With Quote
The Following 2 Users Say Thank You to Crashumbc For This Useful Post:
mamawm (July 15th, 2012), NightAngel79 (July 21st, 2012)
sponsored links
Old July 13th, 2012, 08:14 AM   #171 (permalink)
Member
 
jbenham's Avatar
 
Join Date: Dec 2011
Location: Northern Wisconsin
Posts: 397
 
Device(s): Sony Experia Tablet Z
Carrier: Not Provided

Thanks: 17
Thanked 40 Times in 32 Posts
Default

Quote:
Originally Posted by Blacklight82 View Post
Done and done.
And done. Had 12 attempts on my account last night.
jbenham is offline  
Reply With Quote
Old July 13th, 2012, 08:18 AM   #172 (permalink)
Member
 
jbenham's Avatar
 
Join Date: Dec 2011
Location: Northern Wisconsin
Posts: 397
 
Device(s): Sony Experia Tablet Z
Carrier: Not Provided

Thanks: 17
Thanked 40 Times in 32 Posts
Default

Quote:
Originally Posted by Blacklight82 View Post
Done and done.
Quote:
Originally Posted by Xyro View Post
That IP comes within a range of myvzw (Verizon, I believe) addresses that you have regularly used to post here.

Please check update your outdated password on all of your forum related apps, even if you don't think they're the culprit, and let us know if they stop.
I do not have Verizon or any other cell phone service.
jbenham is offline  
Reply With Quote
Old July 13th, 2012, 08:31 AM   #173 (permalink)
4 8 15 16 23 42
 
Xyro's Avatar
 
Join Date: Dec 2009
Location: UK
Posts: 12,238
 
Device(s): SGS3, Nexus 7, HTC Desire HD, HTC Hero (GSM)
Carrier: Orange

Thanks: 3,280
Thanked 7,641 Times in 4,000 Posts
xyro.af@gmail.com
Default

Quote:
Originally Posted by jbenham View Post
I do not have Verizon or any other cell phone service.
That post was directed at djb28, as he posted his IP too (although I edited it out).

Did you PM the IP from your email to one of the other moderators to check? I didn't get it and don't see any reports from you.
Xyro is offline  
Reply With Quote
Old July 13th, 2012, 08:37 AM   #174 (permalink)
Senior Member
 
Pitamakan's Avatar
 
Join Date: Jan 2010
Location: Bozeman, Montana
Posts: 586
 
Device(s): HTC Droid Eris (retired)
Carrier: Not Provided

Thanks: 10
Thanked 82 Times in 58 Posts
Default

I have to agree that AF's public response to this was woefully inadequate. In order for people to hear about the breach -- and the need to change their password -- they've either needed to be regular visitors to the site, or regular readers of some of the tech sites. People who aren't in one of those categories are still unaware that they have a possibly-hacked password.

AF has roughly a million registered user accounts at this point, and I think it's very safe to say that the strong majority of those accounts are currently inactive. That means that there are almost certainly several hundred thousand people out there who need to change their online passwords, but still haven't been notified of that yet.

A mass e-mail is the only responsible action when something like this happens.
Pitamakan is offline  
Reply With Quote
The Following 2 Users Say Thank You to Pitamakan For This Useful Post:
heero884 (July 13th, 2012), knightresearch (July 13th, 2012)
Old July 13th, 2012, 08:50 AM   #175 (permalink)
Member
 
Join Date: Jul 2011
Posts: 199
 
Device(s): droid eris, motorola droid (d1), droid bionic, acer a100, motorola zoom wifi, droid dna, LG G2
Carrier: Not Provided

Thanks: 40
Thanked 43 Times in 37 Posts
Default

To those who are still receiving the emails about someone trying to access your account, PLEASE, PLEASE, go to Google play and download the free app Network Info II. Once you launch it touch IP at the top of the screen and it will obtain your external IP address . This is the IP address used by your internet service provider. You will most likely find that this is the same IP address trying to access your account.
mamawm is online now  
Reply With Quote
The Following User Says Thank You to mamawm For This Useful Post:
jbenham (July 13th, 2012)
Old July 13th, 2012, 08:51 AM   #176 (permalink)
Member
 
godsdragon's Avatar
 
Join Date: Jan 2010
Location: Florida
Gender: Male
Posts: 449
 
Device(s): Samsung Galaxy S2 Epic, Nexus 7
Carrier: Sprint

Thanks: 366
Thanked 20 Times in 17 Posts
Send a message via MSN to godsdragon Send a message via Yahoo to godsdragon Send a message via Skype™ to godsdragon
Default Thank you!

You guys and gals are doing a great job! and for that, I am grateful!

You rock!!!
__________________
A relationship with no trust is like a cell phone with no service, all you can do is play games.
"Seize the time, Meribor. Live now; make now always the most precious time. Now will never come again" -- Picard (The Inner Light)
godsdragon is offline  
Reply With Quote
Old July 13th, 2012, 08:54 AM   #177 (permalink)
4 8 15 16 23 42
 
Xyro's Avatar
 
Join Date: Dec 2009
Location: UK
Posts: 12,238
 
Device(s): SGS3, Nexus 7, HTC Desire HD, HTC Hero (GSM)
Carrier: Orange

Thanks: 3,280
Thanked 7,641 Times in 4,000 Posts
xyro.af@gmail.com
Default

Quote:
Originally Posted by mamawm View Post
To those who are still receiving the emails about someone trying to access your account, PLEASE, PLEASE, go to Google play and download the free app Network Info II. Once you launch it touch IP at the top of the screen and it will obtain your external IP address . This is the IP address used by your internet service provider. You will most likely find that this is the same IP address trying to access your account.
Googling 'My IP' from your phone/PC will show you it too, at the top of the results.

Also worth noting is that your wireless router and your mobile data connection have different IP addresses.
Xyro is offline  
Last edited by Xyro; July 13th, 2012 at 08:56 AM.
Reply With Quote
Old July 13th, 2012, 09:24 AM   #178 (permalink)
Junior Member
 
Join Date: Jun 2011
Location: Arizona
Posts: 24
 
Device(s): Samsung Galaxy Tab 7 Plus Samsung 8 Note
Carrier: Not Provided

Thanks: 3
Thanked 0 Times in 0 Posts
Default

Thanks for being on top of this so quickly! I just received an email from Nvidia about the very same thing on their forum passwords so I need to change another one shortly as well.
daenas is offline  
Reply With Quote
Old July 13th, 2012, 09:41 AM   #179 (permalink)
Junior Member
 
Join Date: Sep 2011
Location: Newport News, VA
Posts: 31
 
Device(s): Motorola Photon, Samsung Galaxy Tab 8.9, Sony Google TV 40 inch, Nexus 7
Carrier: Not Provided

Thanks: 14
Thanked 3 Times in 3 Posts
Default

Glad I read this thread before freaking out lol. I had attempts of someone logging into my account and if I had not read this thread letting me know it was the app on my phone that was continuing to try and log in I would be in a little paranoid ball in a corner. Although, I might have figured it out by the IP address being used as well, which I also checked after reading this thread.

I have to thank cNet for the heads up on this one.
Torisen is offline  
Reply With Quote
Old July 13th, 2012, 12:20 PM   #180 (permalink)
Member
 
jbenham's Avatar
 
Join Date: Dec 2011
Location: Northern Wisconsin
Posts: 397
 
Device(s): Sony Experia Tablet Z
Carrier: Not Provided

Thanks: 17
Thanked 40 Times in 32 Posts
Default

Quote:
Originally Posted by Xyro View Post
That post was directed at djb28, as he posted his IP too (although I edited it out).

Did you PM the IP from your email to one of the other moderators to check? I didn't get it and don't see any reports from you.
I must have pushed a wrong button. I went to the CONTACT page and sent an email. It would have been from my gmail account. Basically I just wanted to verify that the emails were coming from you, so you can ignore it.

Thanks mamawm! The ip address in the emails that were sent is my external address.
mamawm likes this.
jbenham is offline  
Reply With Quote
sponsored links
Old July 13th, 2012, 12:32 PM   #181 (permalink)
New Member
 
knightresearch's Avatar
 
Join Date: Sep 2010
Location: St Paul, MN - USA
Posts: 7
 
Device(s): HTC EVO 3D, EVO 4G
Carrier: Not Provided

Thanks: 4
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by xploited View Post
Oh damn how much I hate you guys now.

I only registered on these forums because of your "greed" policies - hiding info and download links from unregistered users.

Not only do you lock up information posted on your forums (kudos to the android openness spirit), you also don't bother patching the forums against knows exploits.

But hey, thank you for leaking my info to spammers / thiefs. Luckily I use separate passwords for public forums and my main sensitive accounts.

And I find out about this from major news sites? I guess you didn't bother sending a mass email to your user list either.

Lesson of the day - don't make people register if you are amateurs in security.
You are correct. The pathetic "whoops, we're idiots" apology isn't enough! Thanks for giving the spammers my email address. Do you have 2-factor auththentication? Do you have a "strength meter" on your passwords? If Bank of America or American-Express had done this...do you think "whoops" would be enough?! Stop thinking your site is safe. Get professionals to audit your system, and stop the "once I get in the front door, I can do anything" mentality you run your site with.
knightresearch is offline  
Reply With Quote
Old July 13th, 2012, 12:53 PM   #182 (permalink)
Senior Member
 
Rachel A's Avatar
 
Join Date: Aug 2010
Location: In front of my S3
Gender: Female
Posts: 2,459
 
Device(s): VZW GS3 4.0.4 Rooted, Droid Incredible (Retired) , Motorola Xoom 4.0.4 (Unrooted)
Carrier: Not Provided

Thanks: 607
Thanked 869 Times in 637 Posts
Default

Quote:
Originally Posted by knightresearch View Post
You are correct. The pathetic "whoops, we're idiots" apology isn't enough! Thanks for giving the spammers my email address. Do you have 2-factor auththentication? Do you have a "strength meter" on your passwords? If Bank of America or American-Express had done this...do you think "whoops" would be enough?! Stop thinking your site is safe. Get professionals to audit your system, and stop the "once I get in the front door, I can do anything" mentality you run your site with.
Holy Jeez. I've lived through 2 hack attacks on a large financial system we ran with more security than I've been through before and the hackers still got in.

There's no such thing as an impervious system - we get the site for free and you get all ungrateful about just how quickly they turned this thing around?

I don't think you have the first clue as to how hard it is to run a secure website.

Things wouldn't be so bad if users practiced safe security but they don't, and, as a result, people find other accounts compromised as a result.

Stop whining and be thankful the admins worked as diligently as they did. My hats off to Phases and his team for an excellent job well done.
twospirits likes this.
__________________
If I helped you then please consider thanking me. A thanks produces lots of warm and fuzzies and is cheaper and easier than buying me a round of booze.
Rachel A is offline  
Reply With Quote
The Following User Says Thank You to Rachel A For This Useful Post:
jbenham (July 13th, 2012)
Old July 13th, 2012, 01:30 PM   #183 (permalink)
Junior Member
 
phor11's Avatar
 
Join Date: Dec 2011
Posts: 23
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 16 Times in 6 Posts
Default

Quote:
Originally Posted by Rachel_Ambler View Post
There's no such thing as an impervious system - we get the site for free and you get all ungrateful about just how quickly they turned this thing around?

Stop whining and be thankful the admins worked as diligently as they did. My hats off to Phases and his team for an excellent job well done.
They worked diligently to contain the breach and secure admin accounts, but I have to agree with some other posters that an email should have been sent out to users. It's been 3 days now and I just found out about it via a completely different site.

In my case, it's not a huge deal because I use a different long/secure randomly generated password for every site so there's no way they could decrypt it in 3 days, and even if they did they couldn't do much of anything with it...

But you KNOW there are people out there that don't visit the site every day and use the same password for multiple sites. A quick email blast about the intrusion would have gone (and would still go) a long way toward helping mitigate possible damages.
phor11 is offline  
Reply With Quote
Old July 13th, 2012, 02:00 PM   #184 (permalink)
=Luceat Lux Vestra=
 
Frisco's Avatar
 
Join Date: Jan 2010
Gender: Male
Posts: 22,490
 
Device(s): Samsung Galaxy S5, Galaxy Tab 7" 2
Carrier: Verizon

Thanks: 7,156
Thanked 9,265 Times in 5,119 Posts
Default

No, it wasn't me, and no I'm not mad at anyone here.



Meanwhile, I just got a screen obscuring "phandroid" ad, the content being (copy/paste quote):

]o 0 ' ?xL"W + 8 Mi @ v1 5N Ab N U b\ C s $ I U t B) " $ N1 Xn ] E%K Sh @ lt I^ ; 3 VL w! ⑇ 1 ؉ Seš" ~i z " 5 k` ( GO n Y ŗ' _% u * r s ݁ ;K I P g &z+ ] l g @2*J l | XGQ } ތ =^+ " o rm |X ~ Y G b x ` F ?0 J U t .ᗹ ԅ d i͈о RB v W " S g 棂 > k ) I C ]I h }T r!% \ & cR- z& / C ,Z & )V YIl tO moz F֯


Yipe?
Frisco is offline  
Reply With Quote
Old July 13th, 2012, 02:25 PM   #185 (permalink)
Member
 
TVictory's Avatar
 
Join Date: Aug 2010
Posts: 161
 
Device(s):
Carrier: Not Provided

Thanks: 52
Thanked 256 Times in 71 Posts
Default

Quote:
Originally Posted by Frisco View Post
No, it wasn't me, and no I'm not mad at anyone here.



Meanwhile, I just got a screen obscuring "phandroid" ad, the content being (copy/paste quote):

]o 0 ' ?xL"W + 8 Mi @ v1 5N Ab N U b\ C s $ I U t B) " $ N1 Xn ] E%K Sh @ lt I^ ; 3 VL w! ⑇ 1 ؉ Seš" ~i z " 5 k` ( GO n Y ŗ' _% u * r s ݁ ;K I P g &z+ ] l g @2*J l | XGQ } ތ =^+ " o rm |X ~ Y G b x ` F ?0 J U t .ᗹ ԅ d i͈о RB v W " S g 棂 > k ) I C ]I h }T r!% \ & cR- z& / C ,Z & )V YIl tO moz F֯


Yipe?
That looks like a bad HTTP header when they sent you gz data but diddn't set the zip header. I would think its harmless.
TVictory is offline  
Reply With Quote
Old July 13th, 2012, 04:22 PM   #186 (permalink)
Member
 
DenverRalphy's Avatar
 
Join Date: May 2010
Location: Aurora CO
Posts: 440
 
Device(s): Galaxy Nexus
Carrier: Not Provided

Thanks: 13
Thanked 86 Times in 65 Posts
Send a message via AIM to DenverRalphy Send a message via Yahoo to DenverRalphy
Default

Quote:
Originally Posted by Rachel_Ambler View Post
There's no such thing as an impervious system - we get the site for free and you get all ungrateful about just how quickly they turned this thing around?
Somewhat correct.

The fallacy in your logic though, is that the breach was through a "known exploit". That's an administrative failure, plain and simple. You patch a known exploit before it is used, and not put it off until damage is done. Site administrators should be checking daily for patches and issuing those patches immediately.

After the breach, the administrators should have notified every registered user immediately. Not to do so is irresponsible and lazy.

Your argument that since the forums are provided as a free service is unfounded. Requiring personal and sensitive information to use the free service also places a reasonable assumption of obligation and responsibility upon the service provider to react, mitigate, and inform. An "oopsie, protect yourself!" statement does not fulfill that obligation.

Every single registered user should have been notified immediately. I can't believe a mass notification STILL hasn't been sent. I'm sure there are still many users who aren't yet aware of the breach.

[edit] Forgot to mention.. If for whatever reason a mass email couldn't be sent (doubtful), all user logins should have been suspended until after an important MOTD was read, and the user forced change their password.
DenverRalphy is offline  
Last edited by DenverRalphy; July 13th, 2012 at 04:31 PM.
Reply With Quote
The Following 2 Users Say Thank You to DenverRalphy For This Useful Post:
heero884 (July 13th, 2012), lucids (July 13th, 2012)
Old July 13th, 2012, 05:57 PM   #187 (permalink)
Senior Member
 
Rachel A's Avatar
 
Join Date: Aug 2010
Location: In front of my S3
Gender: Female
Posts: 2,459
 
Device(s): VZW GS3 4.0.4 Rooted, Droid Incredible (Retired) , Motorola Xoom 4.0.4 (Unrooted)
Carrier: Not Provided

Thanks: 607
Thanked 869 Times in 637 Posts
Default

Like I say, I've lived through this - and millions of dollars were at risk. We had two factor authentication in place and patches deployed on all servers on a regular basis. We were diligent. We worked hard. It still happened. And you cannot begin to imagine the grief and heartache we went through investigating the incident.

Until you've experienced this you cannot even begin to fathom what it's like on the other end. The fact that the admins took whatever action they did and contained it is to be commended.

Yeah, it's crappy it happened. Yeah it's a pain in the arse. Yeah it sucks. But like it or not, it IS a free site. It's hard to keep your eye on the ball 24/7 when you run a site like this. We had oodles of eyes on servers and the buggers still broke through.

As for notifications, there could be any # of reasons why they were not sent out. I've been in situations were my accounts were compromised and more data potentially stolen and I've still to receive official notification from at least one of them.
Rachel A is offline  
Reply With Quote
Old July 13th, 2012, 06:20 PM   #188 (permalink)
Member
 
Join Date: Jul 2010
Posts: 186
 
Device(s):
Carrier: Not Provided

Thanks: 23
Thanked 26 Times in 20 Posts
Default

if i try change the password i just get a database error and invalid token error???

The change worked but there is obviously a problem as i got database error page when posting this message!
lucids is offline  
Last edited by lucids; July 13th, 2012 at 06:24 PM.
Reply With Quote
Old July 13th, 2012, 06:27 PM   #189 (permalink)
4 8 15 16 23 42
 
Xyro's Avatar
 
Join Date: Dec 2009
Location: UK
Posts: 12,238
 
Device(s): SGS3, Nexus 7, HTC Desire HD, HTC Hero (GSM)
Carrier: Orange

Thanks: 3,280
Thanked 7,641 Times in 4,000 Posts
xyro.af@gmail.com
Default

Quote:
Originally Posted by DenverRalphy View Post
Somewhat correct.

The fallacy in your logic though, is that the breach was through a "known exploit". That's an administrative failure, plain and simple. You patch a known exploit before it is used, and not put it off until damage is done. Site administrators should be checking daily for patches and issuing those patches immediately.
Phases did not mention any kind of previously known exploit. What he did say was that the exploit had been identified after the fact.

Quote:
Originally Posted by Phases
- The exploit used has been identified and resolved.
Xyro is offline  
Last edited by Xyro; July 13th, 2012 at 06:30 PM.
Reply With Quote
The Following 2 Users Say Thank You to Xyro For This Useful Post:
EarlyMon (July 13th, 2012), El Presidente (July 13th, 2012)
Old July 13th, 2012, 06:29 PM   #190 (permalink)
Daleks ‹ber Alles
 
agentc13's Avatar
 
Join Date: Aug 2011
Location: Skaro
Posts: 7,905
 
Device(s): Samsung Galaxy Note 3
Carrier: AT&T

Thanks: 4,174
Thanked 5,458 Times in 2,814 Posts
Default

Quote:
Originally Posted by DenverRalphy View Post
The fallacy in your logic though, is that the breach was through a "known exploit". That's an administrative failure, plain and simple. You patch a known exploit before it is used, and not put it off until damage is done. Site administrators should be checking daily for patches and issuing those patches immediately.

After the breach, the administrators should have notified every registered user immediately. Not to do so is irresponsible and lazy.
Where did you get that it was a "known exploit"? All I have seen said that they know how it was done, and remidied that exploit immediately.

From the OP:
Quote:
Originally Posted by Phases
- The exploit used has been identified and resolved. The server has been further hardened and extra "just in case" actions have been taken.. and will continue to be taken.
agentc13 is offline  
Last edited by agentc13; July 13th, 2012 at 06:31 PM.
Reply With Quote
The Following 2 Users Say Thank You to agentc13 For This Useful Post:
EarlyMon (July 13th, 2012), El Presidente (July 13th, 2012)
sponsored links
Old July 13th, 2012, 06:30 PM   #191 (permalink)
Member
 
Join Date: Jul 2010
Posts: 186
 
Device(s):
Carrier: Not Provided

Thanks: 23
Thanked 26 Times in 20 Posts
Default

I came here by accident while looking for something but would have appreciated an email informing me of the breach. i don't understand why this cant be done I would have come and changed password immediately not a few days later.
lucids is offline  
Reply With Quote
Old July 13th, 2012, 06:49 PM   #192 (permalink)
Member
 
DenverRalphy's Avatar
 
Join Date: May 2010
Location: Aurora CO
Posts: 440
 
Device(s): Galaxy Nexus
Carrier: Not Provided

Thanks: 13
Thanked 86 Times in 65 Posts
Send a message via AIM to DenverRalphy Send a message via Yahoo to DenverRalphy
Default

Quote:
Originally Posted by Xyro View Post
Phases did not mention any kind of previously known exploit. What he did say was that the exploit had been identified after the fact.


Quote:
Originally Posted by agentc13 View Post
Where did you get that it was a "known exploit"? All I have seen said that they know how it was done, and remidied that exploit immediately.

From the OP:
The original post has been edited. At one point it specifically stated "unknown intruders using a known exploit". Believe who you will, but the original statement has been posted around the Web.

Regardless.. The damage control was mishandled.
DenverRalphy is offline  
Reply With Quote
Old July 13th, 2012, 07:13 PM   #193 (permalink)
Member
 
jbenham's Avatar
 
Join Date: Dec 2011
Location: Northern Wisconsin
Posts: 397
 
Device(s): Sony Experia Tablet Z
Carrier: Not Provided

Thanks: 17
Thanked 40 Times in 32 Posts
Default

I found out about it right here on July 10.

(July 10, 2012) Important Notice - Security Breach - Update Your Password - Click for Details
jbenham is offline  
Reply With Quote
Old July 13th, 2012, 07:54 PM   #194 (permalink)
Senior Member
 
dautley's Avatar
 
Join Date: Jul 2010
Location: Dickson, TN.
Posts: 1,754
 
Device(s): M8, LG Ally Retired, BIONIC XT875 Retired, Nexus 7, Nexus 10.
Carrier: Verizon

Thanks: 306
Thanked 471 Times in 308 Posts
Default

Quote:
Originally Posted by agentc13 View Post
Where did you get that it was a "known exploit"? All I have seen said that they know how it was done, and remidied that exploit immediately.

From the OP:
A press release on slashdot.org said it was a known exploit:
"Phandroid's AndroidForums.com has been hacked. The database that powers the site was compromised and more than one million user account details were stolen. If you use the forum, make sure to change your password ASAP. From the article: 'Phandroid has revealed that its Android Forums website was hacked this week using a known exploit. The data that was accessed includes usernames, e-mail addresses, hashed passwords, registration IP addresses, and other less-critical forum-related information. At the time of writing, the forum listed 1,034,235 members.'"

And to be honest it could have been up to a day before we were notified, Phases own words:
"I have some unfortunate news to pass along. Yesterday I was informed by our sever/developer team that the server hosting androidforums.com was compromised"

Just passing that along because you asked.
dautley is online now  
Last edited by dautley; July 13th, 2012 at 08:34 PM.
Reply With Quote
Old July 13th, 2012, 07:58 PM   #195 (permalink)
Beware The Milky Pirate!
 
El Presidente's Avatar
 
Join Date: Jan 2011
Location: Scotland
Posts: 27,268
 
Device(s): Xperia Z1, Nexus 7 3G, HTC One X, SGS3 Mini
Carrier: EE

Thanks: 14,350
Thanked 16,351 Times in 8,750 Posts
Default

Quote:
Originally Posted by dautley View Post
A press release on slashdot.org said it was a known exploit:
"Phandroid's AndroidForums.com has been hacked. The database that powers the site was compromised and more than one million user account details were stolen. If you use the forum, make sure to change your password ASAP. From the article: 'Phandroid has revealed that its Android Forums website was hacked this week using a known exploit. The data that was accessed includes usernames, e-mail addresses, hashed passwords, registration IP addresses, and other less-critical forum-related information. At the time of writing, the forum listed 1,034,235 members.'"
I don't know where they've got that from because Phases doesn't mention "known exploit" in any of the edits.
dautley likes this.
El Presidente is online now  
Last edited by El Presidente; July 13th, 2012 at 08:04 PM.
Reply With Quote
The Following User Says Thank You to El Presidente For This Useful Post:
dautley (July 13th, 2012)
Old July 13th, 2012, 08:05 PM   #196 (permalink)
4 8 15 16 23 42
 
Xyro's Avatar
 
Join Date: Dec 2009
Location: UK
Posts: 12,238
 
Device(s): SGS3, Nexus 7, HTC Desire HD, HTC Hero (GSM)
Carrier: Orange

Thanks: 3,280
Thanked 7,641 Times in 4,000 Posts
xyro.af@gmail.com
Default

Quote:
Originally Posted by DenverRalphy View Post
The original post has been edited. At one point it specifically stated "unknown intruders using a known exploit". Believe who you will, but the original statement has been posted around the Web.
I found that slashdot article you said that you read, which includes the exact quote you mentioned. They took that quote from a zdnet article, which cites its source as our Phandroid article, which quotes Phases' post in its entirety as you see it now. Clearly zdnet have misrepresented the situation.

Having checked the edit log on Phases' post, that paragaph has not been edited whatsoever since the first draft.

It's an unfortunate situation, certainly. And I'm pretty annoyed too, to be honest (don't forget, I'm not being paid to be biassed here, nor being paid whatsoever ). But please, lets not misrepresent the situation by believing a third hand account of the problem rather than the quote from the site's administrator.
dautley likes this.
Xyro is offline  
Reply With Quote
The Following 2 Users Say Thank You to Xyro For This Useful Post:
dautley (July 13th, 2012), EarlyMon (July 14th, 2012)
Old July 13th, 2012, 08:31 PM   #197 (permalink)
Senior Member
 
dautley's Avatar
 
Join Date: Jul 2010
Location: Dickson, TN.
Posts: 1,754
 
Device(s): M8, LG Ally Retired, BIONIC XT875 Retired, Nexus 7, Nexus 10.
Carrier: Verizon

Thanks: 306
Thanked 471 Times in 308 Posts
Default

Quote:
Originally Posted by Xyro View Post
But please, lets not misrepresent the situation by believing a third hand account of the problem rather than the quote from the site's administrator.
I 100% agree! Just passing along what's out there so the staff knows where some of the posts in this thread are coming from.
dautley is online now  
Reply With Quote
The Following 2 Users Say Thank You to dautley For This Useful Post:
El Presidente (July 13th, 2012), Xyro (July 13th, 2012)
Old July 13th, 2012, 10:15 PM   #198 (permalink)
Community Manager
Thread Author (OP)
 
Phases's Avatar
 
Join Date: Sep 2008
Location: Nashville, TN
Gender: Male
Posts: 7,206
 
Device(s): Galaxy Note 3
Carrier: Verizon

Thanks: 701
Thanked 16,302 Times in 3,143 Posts
phases78@gmail.com
Default

I never said known exploit. That's a fact. Not sure where it came from but it didn't come from me.

As for the rest of the feedback - well, it is appreciated and understood, but I need to talk with others on the team about this one before I give a proper response.

Thanks..
__________________
Every forum should have a Phases.
Phases is offline  
Reply With Quote
The Following 9 Users Say Thank You to Phases For This Useful Post:
agentc13 (July 14th, 2012), CafeKampuchia (August 8th, 2012), dautley (July 13th, 2012), EarlyMon (July 14th, 2012), El Presidente (July 14th, 2012), Mexjoker (July 13th, 2012), Rachel A (July 13th, 2012), Unforgiven (July 14th, 2012), Xyro (July 13th, 2012)
Old July 14th, 2012, 01:12 AM   #199 (permalink)
New Member
 
Join Date: Jul 2012
Posts: 4
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 1 Time in 1 Post
Default good work and good follow up

well its unfortunate that you guys have to spend your time on such events. seems that as long as there is an available internet connection, we are forced to deal with such nuisances in our environments.

loved the thorough post of the notification, and you guys do a great job with the information you provide on this site, and are very effective with handling all posts and requests.

I am a fan of this site.
DosDawg is offline  
Reply With Quote
The Following User Says Thank You to DosDawg For This Useful Post:
EarlyMon (July 14th, 2012)
Old July 14th, 2012, 03:46 AM   #200 (permalink)
Junior Member
 
GirlFriday's Avatar
 
Join Date: Mar 2012
Gender: Female
Posts: 97
 
Device(s): Galaxy Nexus, Galaxy Tab 3 8.0, Galaxy Tab 2 7.0, Dell Latitude 10 (Win8)
Carrier: Sprint

Thanks: 32
Thanked 13 Times in 9 Posts
Default

Thank you for the notification and quick response. Unfortunately these things happen. There is no such thing as a hacker proof site. I'm sorry there are so many lazy people on this site though. This thread would be only half as long if it weren't for the people who couldn't be bothered to read through the thread or search and asked "are passwords salted and/or hashed" over and over and who reported the "x amount of attempts to log in to my account what gives?" OVER and OVER. You admins must have the patience of saints to put up with it.
GirlFriday is offline  
Reply With Quote
Reply


Go Back   Android Forums > Android Forums Community > Site Updates & Announcements
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 05:01 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.