Pages: [1] 2 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 2 post(s) |
|
CCP Sreegs
|
Posted - 2011.04.12 11:39:00 -
[1]
It has come to our attention that the database of a popular EVE online community forum, Scrapheap Challenge, has been compromised. This means that any information that you had stored at Scrapheap may very well be in the hands of less than savory individuals, including any and all private messages, usernames, passwords and email addresses. It is HIGHLY recommended that if you used your username/password combination on Scrapheap anywhere else and ESPECIALLY your EVE Online account, that you change it immediately. Thanks! |
|
Helen
The Tetragrammaton Council
|
Posted - 2011.04.12 11:47:00 -
[2]
Luckily only stupid people will be effected.
TIME TO NUT UP OR SHUT UP |
Mr Cocojambo
Minmatar
|
Posted - 2011.04.12 11:47:00 -
[3]
EEEEEEEEEEEEEEEEEEEeeeeeeeeeeeeeeek
|
whispous
Gallente NibbleTek Pandemic Legion
|
Posted - 2011.04.12 11:51:00 -
[4]
I see CCP only noticed and posted 2 days late, when they supposedly keep tabs on community sites
|
Valator Uel
Caldari Mercenaries of Andosia Northern Coalition.
|
Posted - 2011.04.12 11:56:00 -
[5]
Might be 2 days late, but I applaud CCP (Sreegs) for actually acting on security issues outside of EVE.
------------------ empty sig |
Helen
The Tetragrammaton Council
|
Posted - 2011.04.12 11:56:00 -
[6]
Originally by: whispous I see CCP only noticed and posted 2 days late, when they supposedly keep tabs on community sites
Well to be fair I think CCP had other things to do this weekend than look at other forums. TIME TO NUT UP OR SHUT UP |
Gavjack Bunk
Gallente Genos Occidere HYDRA RELOADED
|
Posted - 2011.04.12 11:58:00 -
[7]
Originally by: Helen Luckily only stupid people will be effected.
Everybody is so smart until they meet somebody smarter. Hold onto that humility, you might need it later.
|
Bumblefck
Kerensky Initiatives
|
Posted - 2011.04.12 12:03:00 -
[8]
Originally by: Helen Luckily only stupid people will be effected.
*Affected
I assume then that you've now just had all of your details stolen, moron?
--------------
? |
Mitchello
Against ALL Authorities
|
Posted - 2011.04.12 12:04:00 -
[9]
Scrapheap-challenge.com is dead.
Failheap-challenge.com is alive. And the new home.
Come visit. We has cookies, ponies and kittens. And spaceships.
|
Helen
The Tetragrammaton Council
|
Posted - 2011.04.12 12:08:00 -
[10]
Originally by: Bumblefck
Originally by: Helen Luckily only stupid people will be effected.
*Affected
I assume then that you've now just had all of your details stolen, moron?
Oh noes my SHC forum account! Jesus christ what will I do? TIME TO NUT UP OR SHUT UP |
|
Miso Hawnee
|
Posted - 2011.04.12 12:17:00 -
[11]
So this means that kugu is now the most vibrant eve online forum right?
|
Helen
The Tetragrammaton Council
|
Posted - 2011.04.12 12:20:00 -
[12]
Failheap is nearly at 1100 members after 3 days up and running. Not sure on Kugu numbers. TIME TO NUT UP OR SHUT UP |
RedSplat
|
Posted - 2011.04.12 12:23:00 -
[13]
Edited by: RedSplat on 12/04/2011 12:23:29 You forgot to mention that www.Scrapheap-Challenge.com was run by a former CCP employee shown the door for questionable activities on company computers.
|
Lubomir Penev
Dark Nexxus S I L E N T.
|
Posted - 2011.04.12 12:44:00 -
[14]
Originally by: RedSplat Edited by: RedSplat on 12/04/2011 12:23:29 You forgot to mention that www.Scrapheap-Challenge.com was run by a former CCP employee shown the door for questionable activities on company computers.
I actually want to know what kind of **** CCP Claw watched on CCP computers
|
RedSplat
|
Posted - 2011.04.12 12:51:00 -
[15]
Edited by: RedSplat on 12/04/2011 12:55:56 Well, I'd link you to the sole remaining third party forums to a thread that explains that, but that URL is censored here.
I could just post here, but the post would be deleted; and its 'alleged'. No libel here M'lud.
EDIT: I tell a lie, EN24 is opening forums soon. I'm sure they will have an article about this soon and Ten Ton Hammer might pick this up as part of a piece on circles of trust and metagaming in MMO's given CCP has been generating quite a lot of 'emergent' content recently in that area.
|
|
CCP Navigator
C C P C C P Alliance
|
Posted - 2011.04.12 13:03:00 -
[16]
Thread cleaned. Please note that rumour threads and posts are not permitted and will get nuked from orbit.
Navigator Lead Community Representative CCP Hf, EVE Online
|
|
Molten Black
Lazy Twats Inc
|
Posted - 2011.04.12 13:13:00 -
[17]
I approve of this message, and credit where credit is due. Respect to CCP Sreegs for taking his duties seriously enough to sticky a thread about a security issue not at relateing to CCP products or services. 07
|
Suitonia
Gallente Genos Occidere HYDRA RELOADED
|
Posted - 2011.04.12 13:16:00 -
[18]
Originally by: Valator Uel Might be 2 days late, but I applaud CCP (Sreegs) for actually acting on security issues outside of EVE.
I think they reacted fairly quickly to be honest. Props to CCP Sreegs for putting this up and notifying the community. ---
|
|
Chribba
Otherworld Enterprises Otherworld Empire
|
Posted - 2011.04.12 13:20:00 -
[19]
Thee shall never get my rusty minmatar parts!
/c
Secure 3rd party service | my in-game channel 'Holy Veldspar' |
|
RedSplat
|
Posted - 2011.04.12 13:23:00 -
[20]
Edited by: RedSplat on 12/04/2011 13:27:29 Edited by: RedSplat on 12/04/2011 13:26:01 I hope this is a more acceptable post
The vulnerability that was exploited on SHC was apparently reported and documented back in December last year and nothing was done about it. Scrapheap Challenge was using unsalted MD5 Hash for passwords, which was less than ideal and let someone break PW's. It seems someone may also have been impersonating Clamdown with his host for SHC.
The individual(?) responsible has said he(?) has the PW's and a DB dump. On the bright side this means SHC users that have migrated to Failheap Challenge might be able to recover some of the longer running better topics of discussion and the wealth of information that was lost when Clamdown threw the baby out with the bathwater and shut everything down at short notice; and ponys and redheads.
The EVE community is fortunate in that it has a large number of established 3rd party fansites. Like www.Scrapheap-Challenge.com EveNews24 (German Giggles and Czech Lions bring you FOX News 24) and www.CCPstillcensorsthisnamebu****inmysignature.com and now the zombiffied failheap challenge (now with less Ponys).
This is good, seeing as our new forums are still borked
Originally by: CCP Navigator Thread cleaned. Please note that rumour threads and posts are not permitted and will get nuked from orbit.
Its not a rumor that SHC was run by a CCP employee.
I miss CCP Mitnal.
EDIT: but it's is censored? Really?
|
|
Grimpak
Gallente The Whitehound Corporation Frontline Assembly Point
|
Posted - 2011.04.12 13:27:00 -
[21]
so they got my email addres, my character's name and the 5-digit pw I used in those forums. ---
Quote: The more I know about humans, the more I love animals.
ain't that right. |
Kengutsi Akira
|
Posted - 2011.04.12 13:58:00 -
[22]
Originally by: RedSplat
EDIT: but it's is censored? Really?
Yeah... 4 years or so later an he's still censored .... bitter much? No grudge holding here, nooooo ------------------------------------ "You know, my foot oughta vandilize your ass" |
Akita T
Caldari Navy Volunteer Task Force
|
Posted - 2011.04.12 14:03:00 -
[23]
And this is why you should ALWAYS register on 3rd party sites with a DIFFERENT username, a DIFFERENT password, and preferably, even using a DIFFERENT registration e-mail. Also, never create an EVE character with the same name as your EVE account username. _
CCP LEADERSHIP MENTALITY NEEDS TO CHANGE FAST ! "New junky features sell, old polished content doesn't" ? KILL IT WITH FIRE. |
Othran
Brutor Tribe
|
Posted - 2011.04.12 14:16:00 -
[24]
If its an Eve-related website I'd recommend the following as a minimum :
1) Register with an email address something like Hushmail;
2) Use Firefox and Noscript all the time when on that website;
3) If you have a static IP address - especially one you're using as an MX and hence has rDNS setup - then use a proxy ALL the time;
4) Don't ever give any indication where you live other than country;
5) Don't give any social media details out that may lead back to you.
I know people who have had to involve the police regarding RL Eve-related threats (like hand delivered threats through your letterbox). Spamming the opposing FC's mobile phone is of course always popular as are various phishing attempts. Most of which is directly attributable to forums.
If that seems over the top then its not. It most certainly would be for other games but not Eve.
|
Calmdown
Minmatar Brutor Tribe
|
Posted - 2011.04.12 14:18:00 -
[25]
The passwords stored on SHC were indeed hashed. However, hashes are breakable and as such you should treat this compromise as with any other - better to be safe than sorry.
|
Jiro Rans
Stimulus Rote Kapelle
|
Posted - 2011.04.12 14:33:00 -
[26]
You can tell Calmdown worked at CCP, he's really ****ty at doing forum related stuff.
|
Bumblefck
Kerensky Initiatives
|
Posted - 2011.04.12 14:35:00 -
[27]
Originally by: CCP Navigator Thread cleaned. Please note that rumour threads and posts are not permitted and will get nuked from orbit.
How is what redsplat said a rumour?
Explain please
--------------
? |
Illwill Bill
Nifelhem
|
Posted - 2011.04.12 14:43:00 -
[28]
Calmdown?! Posting on Eve-o? The end is nigh!
On a more serious note, this is why it is a good idea to use temporary email services for registering on forums; they can try to hack [email protected] as much as they want for all I care.
Additionally, it would be outright foolish to use the same username/password combination on several sites/services.
Originally by: CCP Zymurgist Revenge is a dish best served with auto-cannons.
|
Kuar Z'thain
Amok. Goonswarm Federation
|
Posted - 2011.04.12 15:04:00 -
[29]
Edited by: Kuar Z''thain on 12/04/2011 15:04:52 Everyone to Kugustumen.com!
|
Karbowiak
|
Posted - 2011.04.12 15:39:00 -
[30]
Edited by: Karbowiak on 12/04/2011 15:43:47 From a reliable source i was told that K.com also collects passwords (unhashed format even) everytime you login. So using Kugut-sumen (WHY ARE YOU CENSORING THIS NAME CCP??) is about as secure as it was to use Scrapheap.
Can't imagine Failheap is any different
So, here's to hoping T'Amber actually implement proper 3rd party authentication, so i never have to give any user og password to any EVE related fansite ever again. Mostly cause everyone is a bunch of greedy ****ing pigs that are only out to steal ur ****
Co-Owner and Creator of EVSCO |
|
|
|
|
Pages: [1] 2 :: one page |
First page | Previous page | Next page | Last page |