Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
Hacking again?
Just a few minutes ago I found that I'd been logged out the board. My password no longer worked to log me back in. I was able to reset my
password by directly editing the MySQL database. I looked in the control panel, and didn't see any suspicious activity. It doesn't appear
that anything bad was done with my compromised account, if it was indeed compromised. Still, I find this somewhat disturbing, especially since XMB has
had so many security problems in the past.
Please post if you've experienced any other suspicious glitches lately.
PGP Key and corresponding e-mail address
|
|
|
Eliteforum
National Hazard
Posts: 571
Registered: 18-11-2002
Location: United Kingdom
Member Is Offline
Mood: Enjoying the journey
|
|
Exactly the same problem as above.
All that glitters isn't gold.
|
|
|
The_Davster
A pnictogen
Posts: 2861
Registered: 18-11-2003
Member Is Offline
Mood: .
|
|
I did not have that problem.
|
|
|
Esplosivo
Hazard to Others
Posts: 491
Registered: 7-2-2004
Location: Mediterranean
Member Is Offline
Mood: Quantized
|
|
Either yesterday or the day before I had to relog-in, which is not usual. I don't know if it is related.
Theory guides, experiment decides.
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
The cookies eventually expire and you have to re-login at intervals, so that by itself is not suspicious. Eliteforum, how are you posting if you have
my same problem? I had to manually edit the MySQL entry for my password hash to get back in.
PGP Key and corresponding e-mail address
|
|
|
Eliteforum
National Hazard
Posts: 571
Registered: 18-11-2002
Location: United Kingdom
Member Is Offline
Mood: Enjoying the journey
|
|
I meant, I normally stay logged in. And I had to put in my password again. Which is very unusual as I never have to login.
Sorry for the confusion.
All that glitters isn't gold.
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
More mysterious stuff
I found the following message in my Yahoo mailbox today. It was sent yesterday:
This is an automatic e-mail. Yourself, or someone has requested your
password to be resent to you, your details are below.
Polverone
[some password I'd never used]
The password was a scramble of letters and numbers, like a randomly generated password reset. How could my password have been reset? It explains why I
couldn't log in, though.
Edit: it seems that the "forgotten password" feature can be used to do this. As long as you know someone's username and the email
address they signed up with, you can reset their password. I suppose this could be used as a low-grade denial of service attack, by constantly
resetting passwords, but it can be fixed if people change their email address to something new and not-visible on the board.
[Edited on 3-14-2005 by Polverone]
PGP Key and corresponding e-mail address
|
|
|
Organikum
resurrected
Posts: 2329
Registered: 12-10-2002
Location: Europe
Member Is Offline
Mood: busy and in love
|
|
I had to re-login too. I actually dont mind anybody grabbing my password here, if he posts nonsense it will get deleted, I use an unique password here
matching nowhere else I roam and all my interesting PMs are PGP encrypted.
/ORG
|
|
|
![[*]](images/xpblue/default_icon.gif){kind=icon}
