1. Download our Official Android App: Forums for Android!

Thread Status:
Not open for further replies.

Important Notice - Security Breach

Discussion in 'Site Updates & Announcements' started by Phases, Jul 10, 2012.

  1. Petrah

    Petrah Psychotic Female
    Rank:
    None
    Points:
    333
    Posts:
    4,086
    Joined:
    Jun 13, 2011

    Jun 13, 2011
    4,086
    1,468
    333
    Female
    Annoying my X-Husband
    Hanover Park, IL
    Thank you for the notice!!

    Edit: Huh... when did I hit 2k posts lol.
     

    Advertisement

  2. EarlyMon

    EarlyMon The PearlyMon
    Rank:
     #1
    Points:
    5,218
    Posts:
    57,632
    Joined:
    Jun 10, 2010

    Jun 10, 2010
    57,632
    70,418
    5,218
    New Mexico, USA
    That's one of our mods. :D :p ;)

    Srsly.
     
    Granite1 likes this.
  3. Atma

    Atma Android Expert
    Rank:
    None
    Points:
    533
    Posts:
    6,069
    Joined:
    Dec 26, 2011

    Dec 26, 2011
    6,069
    2,901
    533
    Male
    Survival
    North Carolina
    Thank you for being open, honest and straight forward with all the members. And for watching our backs. :)

    I applaud you all. :congrats:


    On a side note, if anyone wants to steal my identity you're welcome to it. :D
     
  4. slimchance

    slimchance Well-Known Member
    Rank:
    None
    Points:
    43
    Posts:
    116
    Joined:
    May 31, 2011

    May 31, 2011
    116
    25
    43
    Male
    UK
    Thanks for your prompt action and advice. I changed my password immediately and had no problem in changing my Tapatalk password.
     
  5. colchiro

    colchiro Android Expert
    Rank:
    None
    Points:
    323
    Posts:
    8,886
    Joined:
    Jun 4, 2010

    Jun 4, 2010
    8,886
    1,784
    323
    Male
    Web developer/IT
    Am I the only one upset at having to (again) change all my forum and email passwords? We hear about hacking attempts all the time. The time to harden the servers was when you heard of other servers being compromised.... waaay before last week.

    I'm seriously hoping this was a wake-up call and you'll be more pro-active going forward.

    Also, this little message at the top of the forum is not enough enough. I was on this forum for 3 hours before noticing the message at the top. I believe the standard is to EMAIL all users. Not everyone checks in daily. Not everyone is active.

    Congrats for keeping the server up and checking for malware, but IMO, there's room for improvement.
     
    javaman70, Jacob32123 and baldmosher like this.
  6. dogdayz

    dogdayz Well-Known Member
    Rank:
     #479
    Points:
    53
    Posts:
    194
    Joined:
    May 28, 2012

    May 28, 2012
    194
    29
    53
    Male
    ogden,Utah
    Thanks for the posted alert and keeping us save awesome team u guys are :)
     
  7. agentc13

    agentc13 Daleks Über Alles
    Rank:
    None
    Points:
    823
    Posts:
    7,916
    Joined:
    Aug 31, 2011

    Aug 31, 2011
    7,916
    5,482
    823
    Skaro
    It wasn't me, I swear!
     
    Rxpert83 and Granite1 like this.
  8. AntimonyER

    AntimonyER AF Addict
    Rank:
    None
    Points:
    1,343
    Posts:
    13,646
    Joined:
    Jun 18, 2010

    Jun 18, 2010
    13,646
    8,004
    1,343
    Statesboro, GA
    Thanks to Phases, TVic, and everyone else.
     
  9. dawn1berlitz

    dawn1berlitz Lurker
    Rank:
    None
    Points:
    5
    Posts:
    2
    Joined:
    Dec 4, 2011

    Dec 4, 2011
    2
    0
    5
    Gladstone,mo
    i will let my friends over at android.net know about these attacks they use the same software and tell them to be on the look out for these kinds of attacks this is serious stuff
     
  10. darkcyber

    darkcyber Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    1,608
    Joined:
    Nov 12, 2009

    Nov 12, 2009
    1,608
    151
    163
    Male
    North Alabama
    Thanks for the hard work guys and gals! I know it's a hard job.
     
  11. shinru2004

    shinru2004 Android Expert
    Rank:
    None
    Points:
    323
    Posts:
    1,804
    Joined:
    Nov 22, 2011

    Nov 22, 2011
    1,804
    1,565
    323
    Louisville
    The team on this site is amazing, they jumped right on it in a split second. Had all staff aware of pending password changes. Its because of the incredible team here that makes me feel happy to be a guide!
     
  12. FeedbakBWR

    FeedbakBWR Well-Known Member
    Rank:
    None
    Points:
    56
    Posts:
    117
    Joined:
    May 17, 2012

    May 17, 2012
    117
    7
    56
    Kingston, ON
    Would the username/passwords not be encrypted in the database?
     
  13. Granite1

    Granite1 Zercron Encrusted Tweezer
    Rank:
    None
    Points:
    833
    Posts:
    7,159
    Joined:
    Dec 27, 2010

    Dec 27, 2010
    7,159
    7,180
    833
    Male
    Highway Construction Inspection
    Pittsburgh, PA
    AC13 is on double secret probation LOL!! :p

    All kidding aside, thanks for the quick action, and a special thanks to Steven for helping me out yesterday. :)
     
  14. Unforgiven

    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,595
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,595
    33,747
    4,238
    Male
    Douglas, MA
    Generally username aren't but the passwords are. I think (if they were able to grab the DB) they may be able to gain access using the encrypted password to other site where you used the same one. It is very tricky as they would need to know your username as well as well as gain file access to that site. They shouldn't be able to decrypt the password either as that is damn near impossible assuming the site software uses a reasonable encryption methodology and the key isn't ridiculously simple.
     
  15. sammyz

    sammyz LG Whiz Kid
    Rank:
    None
    Points:
    323
    Posts:
    8,835
    Joined:
    Jun 3, 2011

    Jun 3, 2011
    8,835
    2,489
    323
    Male
    None :(
    Pompano Beach, Fl
    I'm wondering if Favorites are gone because of this or not?
     
  16. dervari

    dervari Member
    Rank:
    None
    Points:
    16
    Posts:
    48
    Joined:
    Jan 16, 2011

    Jan 16, 2011
    48
    1
    16
    A "solution" shouldn't have been needed. This type of thing should not have happened in the first place.
     
  17. isaemm

    isaemm Android Enthusiast
    Rank:
    None
    Points:
    63
    Posts:
    331
    Joined:
    Jun 3, 2010

    Jun 3, 2010
    331
    41
    63
    Male
    NorCal
    I have been getting this same message all day since I changed my password and finally realized its my Phandroid that is trying to login with my old password. I updated my password on the app on my phone and it is all fixed now.
     
    xfuchsiax likes this.
  18. TVictory

    TVictory Well-Known Member
    Rank:
    None
    Points:
    88
    Posts:
    160
    Joined:
    Aug 18, 2010

    Aug 18, 2010
    160
    256
    88

    They are one way hashed. They are not clear text passwords, like the only way i could see what a users password was is if i got there one way hashed password and then tried every combination of characters i could think of run it through the same hasing algorithm and if the two match then i know your password. Its actually quite secure if you can throttle how fast you can try combinations of characters like we do with only allowing 5 attempts and then waiting 15 minutes, but if they have just the hash they can try many combinations very fast with a program. If you password is very random then it probably won't be found.

    For instance lets say you had a password of just lower case letters and it was 8 letters long. that would be 23^8 == 78310985281 different possible passwords, that in the hackers "worse case" have to be tried and hashed, not impossible, but not trivial either. If you had upper case letters as well as lower case then 46^8 == 20047612231936 so even harder. This assumes that your password is just random letters, if you have some word or combination of words you can find in the dictionary, or a birthday, or something else common, then they could try these first and make the attack easier.
     
  19. Unforgiven

    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,595
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,595
    33,747
    4,238
    Male
    Douglas, MA
    As someone who spent 10+ years as a Web Master for a $26 billion a year manufacturing company managing 50+ web domains (with a 40+ person IT team in charge of security), I can say that as admins and staff get smarter so do hackers. The CIA, FBI, credit card companies and processers, etc. get hacked every day.
     
    Trooper, Crashumbc, linuxrich and 2 others like this.
  20. trophynuts

    trophynuts Android Expert
    Rank:
    None
    Points:
    313
    Posts:
    5,630
    Joined:
    Jul 6, 2010

    Jul 6, 2010
    5,630
    1,792
    313
    I work in a Tech related field. Have been in a tec
    SouthEastern US
    i actually agree with this as well. It's 4 tiny words in Red. Most users ignore the bold letters that says sticky

    It would probably be better to have a bigger banner notification at the top of the forum. It too took me an hour or so before i saw it today once i got logged in.
     
  21. 9to5cynic

    9to5cynic Android Expert
    Rank:
    None
    Points:
    633
    Posts:
    4,873
    Joined:
    Feb 20, 2011

    Feb 20, 2011
    4,873
    1,766
    633
    /home/
    I'm not saying other sites would not do this, but I'm glad that AF admins chose to disclose this information. I think it was not only the right thing to do, but also responsible and shows that they have our best interests at heart.

    And anyone who reuses email/password/username might want to change those other ones as well.... never hurts right ;)
     
  22. Prinny

    Prinny Resident Linux Nutcase
    Rank:
     #67
    Points:
    433
    Posts:
    3,680
    Joined:
    Apr 15, 2012

    Apr 15, 2012
    3,680
    1,164
    433
    Male
    Greenville, SC
    I agree with you entirely on this. I changed my password immediately, and I also changed my email password, though they are different. Could not hurt to be safe anyway.
     
  23. colchiro

    colchiro Android Expert
    Rank:
    None
    Points:
    323
    Posts:
    8,886
    Joined:
    Jun 4, 2010

    Jun 4, 2010
    8,886
    1,784
    323
    Male
    Web developer/IT
    I just spent 2 hours changing forum and email passwords for work and home and still have a tablet left.
     
  24. BRIAN5337

    BRIAN5337 Android Enthusiast
    Rank:
    None
    Points:
    38
    Posts:
    264
    Joined:
    Jan 2, 2011

    Jan 2, 2011
    264
    21
    38
    +1
    :thinking:
     
  25. TVictory

    TVictory Well-Known Member
    Rank:
    None
    Points:
    88
    Posts:
    160
    Joined:
    Aug 18, 2010

    Aug 18, 2010
    160
    256
    88

    They should be back now, let me know.
     

Share This Page

Loading...