Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 .. 14 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Esharan
Caldari
|
Posted - 2009.06.14 20:29:00 -
[1]
Edited by: Esharan on 14/06/2009 20:31:02 Whats up w/ DBANKS website?
http://bank.dyco-eve.com/ |
HawkBlade
Minmatar The Higher Standard Virtue of Selfishness
|
Posted - 2009.06.14 21:20:00 -
[2]
Well I just got an interesting call. For whatever reason I've been away from eve and most matters concerning eve for the past several weeks. That being said, a critical failure has happened at the host for Dynasty Bank. I'm sure many of you technical guys will understand more of what went on then I do but simply, the php renderer was disabled somehow.
This created a huge security gap. GIGANTIC one. With the access I was able to gain I proceeded to do a proper and full back of dBank's records and then I had the database killed. This was to remove any opportunities for malicious conduct by anyone.
I do not have any further information that I can provide at this time however I will keep trying to contact the technical guys at dBank. |
HawkBlade
Minmatar The Higher Standard Virtue of Selfishness
|
Posted - 2009.06.14 21:23:00 -
[3]
I think I should also add: It is unwise to ever use your eve password anywhere. If you did so at dBank, please change your password now.
Precautionary, yes, but also very very wise thing to do. |
Packtu'sa
Nabaal Construction and Industrials Corp Nabaal Syndicate
|
Posted - 2009.06.14 21:28:00 -
[4]
It's good to see that the security issue was taken care of in a timely manner. We look forward to DBANK's site going back up soon.
Packtu'sa Founder/CEO, Nabaal Construction and Industrials Corp [NCIC] |
Esharan
Caldari
|
Posted - 2009.06.14 21:32:00 -
[5]
Originally by: HawkBlade
Well I just got an interesting call. For whatever reason I've been away from eve and most matters concerning eve for the past several weeks. That being said, a critical failure has happened at the host for Dynasty Bank. I'm sure many of you technical guys will understand more of what went on then I do but simply, the php renderer was disabled somehow.
This created a huge security gap. GIGANTIC one. With the access I was able to gain I proceeded to do a proper and full back of dBank's records and then I had the database killed. This was to remove any opportunities for malicious conduct by anyone.
I do not have any further information that I can provide at this time however I will keep trying to contact the technical guys at dBank.
Thanks for the update.
2 questions.
Is our ISK secure? Will accounts still be accruing interest while the site is down?
|
HawkBlade
Minmatar The Higher Standard Virtue of Selfishness
|
Posted - 2009.06.14 21:46:00 -
[6]
Originally by: Esharan Is our ISK secure?
Isk management is still a very human activity and thus not subject to hacking/technical failures. Equally, backups are regularly made. I also independently monitor all deposit characters and tellers for dBank, so any "data loss" if a rollback is decided can be easily recovered. Originally by: Esharan Will accounts still be accruing interest while the site is down?
I would believe this to be so however I can't say "yes" from a technical standpoint. This is more a Manalapan answer then myself. I just wanted to update everyone before the "rabble rabble" started. Can't avoid it with recent events (I've been watching and been involved) but I figure it is better to have some info (incomplete though it is) then to have no info whatsoever. (This is not to be used as an eBank accusation of any kind. The delay in eBank's responding (recently) was, in fact, by my design. Personally I've got way to much to do to get on these boards about eBank.) I made this post for dBank because I summarily made the decision to wipe their database without consulting them. I feel it was the right thing to do at the time but the onus, should there be some disaster involved, is going to rest quite a bit on my shoulders me thinks. |
Alatari
Gallente Winterdawn
|
Posted - 2009.06.14 22:09:00 -
[7]
Edited by: Alatari on 14/06/2009 22:09:51 Edited by: Alatari on 14/06/2009 22:09:36
Originally by: HawkBlade I think I should also add: It is unwise to ever use your eve password anywhere. If you did so at dBank, please change your password now.
Is this an admission that passwords were stored in either plain text, or an easily reversible format? |
Kylar Renpurs
Dusk Blade
|
Posted - 2009.06.14 22:31:00 -
[8]
Originally by: Alatari
Originally by: HawkBlade I think I should also add: It is unwise to ever use your eve password anywhere. If you did so at dBank, please change your password now.
Is this an admission that passwords were stored in either plain text, or an easily reversible format?
I'm really not trying to be a smartass here, but it actually sounds like advice to change your password in case it was compromised.
Security generally works until things go ****-up (which it has in this case).
|
Tvaishk Suzuki
Long Night Industries
|
Posted - 2009.06.14 22:32:00 -
[9]
well I hope this gets sorted out soon though hats off to HawkBlade in taking the initiative in securing data from tampering / being looked at. even if it may not of been requested by Dbank itself. |
HawkBlade
Minmatar The Higher Standard Virtue of Selfishness
|
Posted - 2009.06.14 22:54:00 -
[10]
Originally by: Alatari Is this an admission that passwords were stored in either plain text, or an easily reversible format?
The only admission that I can give is that I am not, never have been, nor have any plans on becoming technical competent enough to say "definitively" that anything was compromised. However, I do know enough to say I don't know enough. This is why I'm reinforcing the idea that people should never use their Eve Login details anywhere else but with Eve. Originally by: Tvaishk Suzuki well I hope this gets sorted out soon though hats off to HawkBlade in taking the initiative in securing data from tampering / being looked at. even if it may not of been requested by Dbank itself.
Actually, I can be marginally consider a member of dBank staff. Not a very active one, very limited scope, but I am employed by dBank to provide certain services. Technical support is not it.
|
|
MailDeadDrop
Globaltech Industries
|
Posted - 2009.06.14 23:26:00 -
[11]
Having been in similar shoes regarding having to take immediate command decisions affecting websites(*), for what it is worth I think you made the right call. As for the passwords, given sufficient time and/or CPU horsepower, all stored passwords can be recovered regardless how they have been "secured".
MDD (*) Mine had to do with an attempted murder & (sadly successful) suicide plot. So slightly more weighty matters, but parallel.
|
Tvaishk Suzuki
Long Night Industries
|
Posted - 2009.06.14 23:42:00 -
[12]
Originally by: HawkBlade
Originally by: Alatari Is this an admission that passwords were stored in either plain text, or an easily reversible format?
The only admission that I can give is that I am not, never have been, nor have any plans on becoming technical competent enough to say "definitively" that anything was compromised. However, I do know enough to say I don't know enough. This is why I'm reinforcing the idea that people should never use their Eve Login details anywhere else but with Eve. Originally by: Tvaishk Suzuki well I hope this gets sorted out soon though hats off to HawkBlade in taking the initiative in securing data from tampering / being looked at. even if it may not of been requested by Dbank itself.
Actually, I can be marginally consider a member of dBank staff. Not a very active one, very limited scope, but I am employed by dBank to provide certain services. Technical support is not it.
Well in that case I apologies for getting my facts wrong, and comend you for going outsede your field. ---
Lieutenant, Mixed Metaphor Appliance Man |
M'ria Est'ev
|
Posted - 2009.06.15 03:08:00 -
[13]
...so Hawkblade/Shar
c/d you have your fingers in both of eve's "functional" banks at the same time? |
HawkBlade
Minmatar The Higher Standard Virtue of Selfishness
|
Posted - 2009.06.15 03:35:00 -
[14]
TL:DRI guess the idea of "honest broker" is alien to you. Originally by: M'ria Est'ev c/d you have your fingers in both of eve's "functional" banks at the same time?
You have me at a disadvantage as I don't know the reference "c/d". However I think you are asking if there's some sort of conflict of interest? Mind, I can't see how my involvement is a possible conflict. I'm influential but I'm not a decision maker. I like to think that I am very influential but that might be ego talking. Also any activity I have with eBank is kind of like osmosis. I maintain good relationships with many people in eBank. I respect them for them, not for their eBank affiliation. I like to think that I am as worthy of their respect, in me, as I know they are worthy of the respect I have for them. Mind you, I'm not limited to eBank or dBank but other financial projects as well. Some people I interact with are friends, some are not, but in all aspects if I accept a position to give advice I never play halfsies. I'm tired and I think I'm getting close to rambling here but let me close with this: I can not fully relate the sense of honor and pride that I felt when my eBank friends asked me for some advice. Here I was a person most entitled to "I told you so's" and they included me without hesitation or reservation. The sad thing isn't that Ric did what he did, it is that most of you will never know that sense of esprit de corps. That won't stop me from enjoying it though.
|
Oftherocks
Caldari 22nd Black Rise Defensive Unit
|
Posted - 2009.06.15 05:08:00 -
[15]
While I certainly appreciate HawkBlade stepping in and securing the banks records, I personally would like to hear some more specifics from one of the senior managers.
Originally by: Sheriff Jones
No, i play hello kitty online and just paid for 5 years to come here and make comments about stuff i know nothing about and Wranglers pants.
|
Joss Sparq
Caldari Deep Core Mining Inc.
|
Posted - 2009.06.15 08:09:00 -
[16]
Originally by: HawkBlade You have me at a disadvantage as I don't know the reference "c/d".
I believe it means "confirm or deny".
|
flakeys
Interstellar Brotherhood of Gravediggers Privateer Alliance
|
Posted - 2009.06.15 10:39:00 -
[17]
In that case i'd say well done shar/hawk in taking precoutious measures here.
|
Armoured C
Gallente Federation of Freedom Fighters Aggression.
|
Posted - 2009.06.15 11:23:00 -
[18]
hope they get it sorted soon, i havnt looked at my CD in ages
(this is just a drop in post i know some of you are still un happy with me =( ) |
Esharan
Caldari
|
Posted - 2009.06.15 11:47:00 -
[19]
Why has there not been a more official response from DBANK leadership?
What is going on -
|
Salpad
Caldari Carebears with Attitude
|
Posted - 2009.06.15 11:52:00 -
[20]
Originally by: Esharan Why has there not been a more official response from DBANK leadership?
What is going on -
Manalapan's apporach tends to be to look into the matter thoroughly, before issuing an officil statement, but of course I'll be pushing for him to go public ASAP.
-- Salpad |
|
HawkBlade
Minmatar The Higher Standard Virtue of Selfishness
|
Posted - 2009.06.15 12:33:00 -
[21]
Originally by: Esharan Why has there not been a more official response from DBANK leadership?
Actually, my response to you is an "official" response. A more detailed, and public, "post mortem" statement will subsequently be forthcoming. I'm sure you'll understand the idea of posting solid information instead of just shooting off our mouths without loading some ammo. Originally by: Esharan What is going on -
Well, at this point in the day, I figure you've finished cleaning the lint from your belly button and that you've finished the chores your mom set for you. It might explain why there is so little activity in your own life that you are trying to create false drama in another person's day, yes? However this thread is not the troll you are looking for I fear. Don't let that dissuade you from finding some worthwhile trolling. I'm sure if you make some effort you'll find something.
|
Esharan
Caldari
|
Posted - 2009.06.15 12:50:00 -
[22]
Originally by: HawkBlade
Well, at this point in the day, I figure you've finished cleaning the lint from your belly button and that you've finished the chores your mom set for you. It might explain why there is so little activity in your own life that you are trying to create false drama in another person's day, yes? However this thread is not the troll you are looking for I fear.
Don't let that dissuade you from finding some worthwhile trolling. I'm sure if you make some effort you'll find something. [/justify]
Ahh yes, your right I guess I just shouldn't worry about my investment or anything for that right.
Thank you for your insult, great way to treat a customer!!!
|
HawkBlade
Minmatar The Higher Standard Virtue of Selfishness
|
Posted - 2009.06.15 13:13:00 -
[23]
Originally by: Esharan Ahh yes, your right I guess I just shouldn't worry about my investment or anything for that right. Thank you for your insult, great way to treat a customer!!!
When a customer presents himself, he gets treated like a customer. In your case I have only one question, "If I throw a stick, will you go after it? Please!" |
Estel Arador
Minmatar Estel Arador Corp Services
|
Posted - 2009.06.15 13:28:00 -
[24]
Originally by: Salpad Manalapan's apporach tends to be to look into the matter thoroughly, before issuing an officil statement, but of course I'll be pushing for him to go public ASAP.
Didn't they hire you as their communication advisor or something?
Here's my (free!) advice: try getting a spell checker. Bad spelling detracts from the message and has a negative effect on the reader's attitude towards the sender.
FREE! jumpclone service: Forum thread|Podlog |
Esharan
Caldari
|
Posted - 2009.06.15 13:29:00 -
[25]
Lesson 1. How to treat a customer.
Originally by: Salpad
Originally by: Esharan Why has there not been a more official response from DBANK leadership?
What is going on -
Manalapan's apporach tends to be to look into the matter thoroughly, before issuing an officil statement, but of course I'll be pushing for him to go public ASAP.
Lesson 2 How not to treat a customer.
Originally by: HawkBlade
Originally by: Esharan Ahh yes, your right I guess I just shouldn't worry about my investment or anything for that right. Thank you for your insult, great way to treat a customer!!!
When a customer presents himself, he gets treated like a customer. In your case I have only one question, "If I throw a stick, will you go after it? Please!"
Thank you Sal for your response and for keeping us posted. I appreciate your coming back to help with this issue/hiccup. Hawk - not sure why your so hostile :)
|
Kitchie
Gallente Vikramaditya
|
Posted - 2009.06.15 14:14:00 -
[26]
HawkBlade/Shar Tegral is a terrier. If something bothers him, he will go for it with his all and that is why he is so valuable as auditor/advisor to DBANK. He does not mince his words and although he may not be universally loved, he is well respected.
He is not DBANK's PR officer or, in fact, an official of the bank but his involvement is something that gives many people comfort.
Salpad is DBANK's official PR officer and Manalapan the CEO - they are the ones you should hassle for answers.
|
GPszith
Gallente Pork Chop Express
|
Posted - 2009.06.15 14:23:00 -
[27]
Originally by: HawkBlade
I think I should also add: It is unwise to ever use your eve password anywhere. If you did so at dBank, please change your password now.
Precautionary, yes, but also very very wise thing to do.
Agreed:) I also hope no one uses their character name as their account name.
-------------------------------------------------- -GPszith
wtb a sig |
Thrymren
|
Posted - 2009.06.15 14:44:00 -
[28]
i really don't wanna stress you guys or force anyone to realease information unconfirmed.... but could we get a (really) rough timeline when this will be fixed? are we talking hours, days or weeks? =)
best regards and thanks hawk for the securing of that data :) |
Vaerah Vahrokha
Minmatar Dark-Rising
|
Posted - 2009.06.15 14:48:00 -
[29]
Quote:
Hawk - not sure why your so hostile :)
Shar is an "operative", with a "take in face" approach that gets things done.
This is not hostility, this is pruning pointless fear drivel off an operational thread.
|
Iknota
Dynasty Banking
|
Posted - 2009.06.15 14:55:00 -
[30]
Preface: I am by no means coming back to the EVE sector or reporting in any official manner for Dynasty Bank.
I apologize for the downtime (and major security flaw) as it was my fault. While working on another site hosted on the same server, I ran into a problem with PHP short_open_tag (<? vs <?php) on the other site. I decided to change the master php.ini file to ignore short tags. Little did I know that my sloppy coding of the dBank website was only done with short tags. So PHP, while working just fine, was ignoring all of the dBank code. I have fixed that for the dBank website at Manalapan's request. All passwords will be diversified and random. I hope no one used their EVE account name as the login for dBank (there is a warning about that).
Also to note: While I appreciate Shar stepping in to help, he did so in a manner that will cause a lot of delay in getting the database functional again. Next time you notice someone's site that has exposed passwords, simply change the password, do not delete ****.
|
|
|
|
|
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 .. 14 :: one page |
First page | Previous page | Next page | Last page |