March 29, 2024, 04:52:21 am

The Gang Garrison 2 Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

NOTICE: Wondering where all the forums have gone?

Join the community Discord server!

Pages: [1] 2 3

Author Topic: Account security  (Read 9966 times)

MedO

  • Owns this place
  • *****
  • Karma: 151
  • Offline Offline
  • Posts: 1752
Account security
« on: December 18, 2011, 05:17:06 pm »

We had a case of account hijacking today. No harm was done (the victims only had their profiles edited), but I think it deserves to be talked about to raise some basic security awareness, because this was not a security problem of the forum software.

So, due to the current events, here is an important rule: Don't use the same password for different services. This rule is so important that it's the first one on Google's password security tips, even above using a long or complex password. If you use the same password for everything, it only takes one insecure or malicious service to compromise all your accounts.

In particular, if you are using the same password that you used for Colton's FLS account system anywhere else, best change it. He says he deleted the passwords now, but as the slogan of Uplink goes, "trust is a weakness."
« Last Edit: December 18, 2011, 05:30:49 pm by MedO »
Logged
Quote from: Alfred North Whitehead
It is the business of the future to be dangerous; and it is among the merits of science that it equips the future for its duties.

Quote from: John Carmack
[...] if you have a large enough codebase, any class of error that is syntactically legal probably exists there.

Teekytots [PC][OG]

  • Retired Big Man
  • Soldier of Fortune
  • ******
  • Karma: 142
  • Offline Offline
  • Posts: 6366
  • Fear is only a State of Mind
Re: Account security
« Reply #1 on: December 18, 2011, 05:27:53 pm »

wow what a day
Logged
I have signatures turned off

trog

  • member of intel's squad of garbagemen against the yakuza
  • Veteran Member
  • ******
  • Karma: 27
  • Offline Offline
  • Posts: 9758
  • i am uberdeath
Re: Account security
« Reply #2 on: December 18, 2011, 08:12:42 pm »

Wait what happened?
Logged

PM me your apps for my clan

92% of people who see this will not
have the guts to repost it. When Goku
died in the explosion Cell tied to destroy Earth with, he did it for you and me. If you're not ashamed to love Goku, post this as your status and show everyone. Thank you, Goku. I lifted up my arms for the spirit bomb every time you asked for my energy.

Saniblues

  • Onion Knight
  • Moderator
  • *****
  • Karma: -1305
  • Offline Offline
  • Posts: 12206
Re: Account security
« Reply #3 on: December 18, 2011, 08:40:14 pm »

He used the fls account system to get into peoples' accounts via entering passwords and seeing if they'd actually work. He didn't mean to scare anyone, though. He was just messing around. Didn't mean to scare y'all or anything.

Moral of the story is that you should alternate online passwords.
Logged
Quote from: mop
Quote from: MR MAGN3TIC
I don't like it.  :nah:
Oh, well, you might as well pack up and stop now, because he doesn't like it
I'm bored out of my skull, Lets play a different game!
Lets take a visit down below And cast the world in flames!

trog

  • member of intel's squad of garbagemen against the yakuza
  • Veteran Member
  • ******
  • Karma: 27
  • Offline Offline
  • Posts: 9758
  • i am uberdeath
Re: Account security
« Reply #4 on: December 18, 2011, 09:21:26 pm »

err what is fls
Logged

PM me your apps for my clan

92% of people who see this will not
have the guts to repost it. When Goku
died in the explosion Cell tied to destroy Earth with, he did it for you and me. If you're not ashamed to love Goku, post this as your status and show everyone. Thank you, Goku. I lifted up my arms for the spirit bomb every time you asked for my energy.

Nukleus

  • Guest
Re: Account security
« Reply #5 on: December 18, 2011, 09:28:51 pm »

Colton's game
Logged

trog

  • member of intel's squad of garbagemen against the yakuza
  • Veteran Member
  • ******
  • Karma: 27
  • Offline Offline
  • Posts: 9758
  • i am uberdeath
Re: Account security
« Reply #6 on: December 18, 2011, 09:31:07 pm »

oh
Logged

PM me your apps for my clan

92% of people who see this will not
have the guts to repost it. When Goku
died in the explosion Cell tied to destroy Earth with, he did it for you and me. If you're not ashamed to love Goku, post this as your status and show everyone. Thank you, Goku. I lifted up my arms for the spirit bomb every time you asked for my energy.

pandaturds

  • Full Member
  • ***
  • Karma: 2
  • Offline Offline
  • Posts: 224
  • gg2oomer
Re: Account security
« Reply #7 on: December 18, 2011, 11:37:49 pm »

 :z9:
Logged
r.i.p [AT] / [THA]
bird goes tweet

billymaze

  • Veteran Member
  • ******
  • Karma: 9
  • Offline Offline
  • Posts: 6730
Re: Account security
« Reply #8 on: December 18, 2011, 11:57:12 pm »

Reminds me of my account named "USB" where someone guessed my password and deleted it.

The other moral of this story is don't have a password called "password1"
Logged

Jowly

  • Veteran Beta Tester
  • *****
  • Karma: 2
  • Offline Offline
  • Posts: 3040
Re: Account security
« Reply #9 on: December 19, 2011, 01:12:16 am »

Guessed? More like bruteforced.
Logged

billymaze

  • Veteran Member
  • ******
  • Karma: 9
  • Offline Offline
  • Posts: 6730
Re: Account security
« Reply #10 on: December 19, 2011, 01:15:39 am »

Yeah, OK, sure. If that was the case, this account would be gone too.
Logged

Jowly

  • Veteran Beta Tester
  • *****
  • Karma: 2
  • Offline Offline
  • Posts: 3040
Re: Account security
« Reply #11 on: December 19, 2011, 01:27:24 am »

I doubt that anybody would go the the trouble of guessing the password for an account possibly hundreds of times just to deal with a certain pasty forum-goer. In that case, it would probably be brute-forced or gotten by some other means. Just go ask the person who did it yourself.
Logged

Lemonade

  • Apprenticecrastinator
  • Seasoned Member
  • *****
  • Karma: 1
  • Offline Offline
  • Posts: 2437
  • BACK FROM THE DEAD (for now)
Re: Account security
« Reply #12 on: December 19, 2011, 08:21:32 am »

I have at least four different passwords for different types of service and sites (not counting the important ones like Steam on which I use combinations of multiple passwords), so I don't really feel concerned. I hope nothing bad happens to those who use a single password.
Logged
i already have a pet that follows me around 24/7
it's called  :z4:
you may have seen it

Z3r05t4r

  • 2013 Haxxy Award Winner
  • *
  • Karma: 10
  • Offline Offline
  • Posts: 2040
  • Old GGC Dev
    • Gang Garrison Classic
Re: Account security
« Reply #13 on: December 19, 2011, 08:42:07 am »

Well, he took care of my account. No harm done, I am not angry. Keeping the avatar for now.
Logged
Honorary Life Insurance of
[SOS] ]LNWC[ [LORD] [VAL] ~{SCSCSC}~

a/d

  • pro donglosaur
  • *****
  • Karma: 371
  • Offline Offline
  • Posts: 4818
Re: Account security
« Reply #14 on: December 19, 2011, 08:48:43 am »

google's password advice is stupid.

taking the time to remember 1337speak jargoned passwords is a waste of valuable brain space: it still takes longer to bruteforce shutyourdickholeandgivemeaccess than it does to bruteforce n1ggl3$n0ggl3, because the assumption is that special characters will be used as long as they are available.

it's much easier to commit a phrase like the first one to memory than a word like the second, the only real issue is if the website has short character limits on passwords, in which case good luck.
Logged
go canada or whatever, maybe your country is cool too
Pages: [1] 2 3
 

Page created in 0.02 seconds with 36 queries.