| ~Bunbunmaru News~ > Front Page Headlines |
| ATTENTION: Attempted security attack discovered! |
| << < (4/24) > >> |
| Janitor Morgan:
I was just logged out, even with my display name being different from my username. Might be a sign that they're stepping it up a bit. |
| Byaaakuren:
Changed. Thanks for the warning |
| Dormio Ergo Sum:
So that's what that was. |
| Kips McKipzerson:
Ah god damn, I gotta change my password, eh? Also, I'm getting a lot of 403, aka "Forbidden" errors. Would that be part of this attack or no? |
| NekoInc Likes Birds:
Thank you very much for the professional, reasonably detailed report as to what was happening, and what the fixing measure are. I would like to suggest, next time you're working on the SMF files, that somehow, a notification that your login and visible names should be different should be provided at registration. Forgetting how the registration works on SMF, I'm betting that there's a line for visible name during registration - simply adding a boldfaced "For security reasons, do not make this the same as your login name" should be a reasonable warning. It won't stop idiots, but this might be a case where, if we can get a majority of accounts to avoid this, then this hack becomes ill-worthwhile - the machine effort put in becoming more useful to put to attack other forums. Essentially, the same principle as herd immunity in disease-research fields. (I also changed my secret question and answer to "WHY ARE YOU ASKING THIS WHEN YOU HAVE YOUR PASSWORD STORAGE PROGRAM?!", and then made sure the secret answer would be ridiculously hard to get by any means ever.) |
| Navigation |
| Message Index |
| Next page |
| Previous page |