|
|
Go to page [Previous] 1~2~3~4 [Next] | ||||||||||
pavelrodzevich Regular user 113 Posts |
Quote:
On Aug 19, 2015, mastermindreader wrote: I think he just enter your email on password recovery page and new password is generated automatically and send to you. So it is possible for Café manager to look into logging file and find IP address of the guy, who did that. And I guess that the new password from the latest email should be ok for logining If something repeats, feel free to ask me via PM, I'll do my best to help you Pavel |
|||||||||
mastermindreader 1949 - 2017 Seattle, WA 12586 Posts |
Thank you Pavel. Much appreciated.
I anticipate the full cooperation of the Café in obtaining the logging and IP information. |
|||||||||
saysold1 Eternal Order Recovering Cafe addict with only 10794 Posts |
I just sent you a link to Malwarebytes Bob - I am not a security expert by any means but it is probably worthwhile to run it.
I have used it many times with good results. If you can't get your email here is the link: https://www.malwarebytes.org/mwb-download/
Creator of The SvenPad Supreme(R) line of aerospace level quality, made in the USA utility props. https://svenpads.com/
|
|||||||||
insight Inner circle 3095 Posts |
This is horrible, Bob! I hope the perpetrator of this act is found and is penalized accordingly.
Regards, Mike |
|||||||||
mastermindreader 1949 - 2017 Seattle, WA 12586 Posts |
Thanks, Brett and to everyone else.
The harrassment continues but I think I have it under control. But Shrubsole mentioned something important- hopefully you will all realize what's going on if you start seeing bizarre posts under my name. |
|||||||||
insight Inner circle 3095 Posts |
Bob, definitely file a police report too. A few months ago, I was the victim of bank account fraud. The perpetrator withdrew a massive amount of funds...but did so over a period of a week taking out just one dollar less than the max allowable...these crooks are very cunning. Try to document as much as possible and again involve the police department.
Above all, your safety is of the utmost of concern...be safe and I hope the crook is found soon! Regards, Mike quote]On Aug 20, 2015, mastermindreader wrote: Thanks, Brett and to everyone else. The harrassment continues but I think I have it under control. But Shrubsole mentioned something important- hopefully you will all realize what's going on if you start seeing bizarre posts under my name. [/quote] |
|||||||||
Sean Giles Inner circle Cambridge/ UK 3517 Posts |
Shameful, just shameful behaviour.
|
|||||||||
insight Inner circle 3095 Posts |
I know, but fortunately the crook was located in my case. I am hopeful it is only a matter of time in Bob's case.
Shameful behavior on the part of the crooks, indeed! Regards, Mike Quote:
On Aug 20, 2015, Sean Giles wrote: |
|||||||||
mastermindreader 1949 - 2017 Seattle, WA 12586 Posts |
I don't need legal advice. I was a trial attorney for ten years and know exactly how to handle this from the legal end,
|
|||||||||
mastermindreader 1949 - 2017 Seattle, WA 12586 Posts |
Quote:
On Aug 19, 2015, Sean Giles wrote: Indeed. And pretty pathetic as well. |
|||||||||
Matt Chalk Regular user New Zealand 166 Posts |
Wait
Did you get emailed a password in plain text (as in your new password was delivered to your email and you simply copied and pasted it over). If so I would be EXTREMELY concerned that the Café is doing this. Sites that store plain text passwords are INCREDIBLE vulnerable to cyber attacks (just read this http://plaintextoffenders.com/about/) |
|||||||||
JoeyCostello New user Paterson, NJ 1 Post |
Quote:
On Aug 20, 2015, mastermindreader wrote: Bobby! Long time no see my friend. Send PM. I will help you with this. You back in Vegas soon? JC |
|||||||||
mastermindreader 1949 - 2017 Seattle, WA 12586 Posts |
Joey-
Wow! That's a blast from the past. I thought you were in Las Vegas. I'll be there in October. Give me a call so we can catch up. I'll PM you with my number. Bob (You're one of the few guys who still calls me Bobby.) |
|||||||||
mastermindreader 1949 - 2017 Seattle, WA 12586 Posts |
Quote:
On Aug 19, 2015, Matt Chalk wrote: Matt- Yes. It was sent in plain text. It's also notable that the Café doesn't use the https protocol. I'm starting to wonder if the real security flaw is on the Café end. Just read the article you cited- The following section is relevant here as it appears that the Café is doing exactly what is described in the third example, which I've put in bold type for clarity: Quote:
the worst plain-text password sins are committed when a website sends a user's chosen password in an email, either after they sign up or when a user registers a forgotten password request. I trust that our tech people will look into this ASAP. I have posed a request in the Café Tech forum that they look into this: http://www.themagiccafe.com/forums/newtopic.php?forum=50 |
|||||||||
Sean Giles Inner circle Cambridge/ UK 3517 Posts |
Quote:
On Aug 20, 2015, insight wrote: Yes, whoever did this must be one pathetic creep. Most likely so desperate for attention from Bob, they would do anything to be close to him, even if it means attacking him in some way. Sad and disgusting at the same time. Bunny boiler springs to mind. On a brighter note, I'm off to read Michael Murray's 'Read Between the lines'? You should try it. Great effect. |
|||||||||
insight Inner circle 3095 Posts |
This thread is of a serious nature and I am honestly concerned for Bob. On my end, there is no "on a brighter end, I am off to read...". Until this gets resolved, I am afraid there is no brighter end.
Regards, Mike Quote:
On Aug 20, 2015, Sean Giles wrote: |
|||||||||
Matt Chalk Regular user New Zealand 166 Posts |
Absolutely Bob
Sending passwords in plain text is NEVER a good thing. I really hope they get this fixed as that's a massive concern |
|||||||||
phillsmiff Inner circle UK 1794 Posts |
Wow, not only that, I just tried it with my own account - if you are logged out, and click on the lost password link, you get a screen that tells you to put in your username and the email address that you registered your account with. If you get the email address wrong (or if you just don't know it or just put a fake one in), on the next screen IT TELLS YOU THE CORRECT EMAIL ADDRESS and invites you to try again. So with just someone's username you can lock a user out of their account by changing their password. This is incredible, plus the open broadcast of a user's email address is a remarkable breach of security.
This should be a priority to fix surely? Phill
The new Elysian Duets, marked cards featuring my unique Optical Marking System:
-+: https://phillsmithcreative.com/products/elysian-duets :+- |
|||||||||
mastermindreader 1949 - 2017 Seattle, WA 12586 Posts |
Phill-
Absolutely. What actually happened in my case is now quite clear. But you can't, I don't think, change the user's password unless you are able to intercept a copy of the plain text message sent to the user's email address. Because that email contains a link that must be visited in order to activate the new password. Hence the attempt to hack my email. The fact that the criminal in this case did succeed once in changing my password indicates that he was either able to intercept the message from the Café, hack the Café's database, or actually hack my email account. My email accounts are now about as secure as they can get, with two tier verification, meaningless answers to security questions and randomly generated lengthy passwords. So if my Café account is compromised again I will be virtually certain that the problem is with Café security, not with mine. It looks like, together, we are actually doing something constructive to resolve a problem that could actually effect any one of us. Good thoughts to all, Bob PHILL- Would you mind reposting your last message on the thread I started in the Café Tech help forum that I linked to a few posts back? I want to be certain that admin and tech knows exactly what the problems appear to be. |
|||||||||
robd Loyal user 251 Posts |
Quote:
On Aug 20, 2015, Matt Chalk wrote: It doesn't. Phpbb doesn't store passwords in plain text. You do get your password emailed in plain text however, which can't be activated unless someone also has access to your email. In which case you have bigger concerns than the Café. This isn't a Café flaw; this is how this particular software works on every site. |
|||||||||
The Magic Cafe Forum Index » » Penny for your thoughts » » An Important Cautionary Notice (19 Likes) | ||||||||||
Go to page [Previous] 1~2~3~4 [Next] |
[ Top of Page ] |
All content & postings Copyright © 2001-2024 Steve Brooks. All Rights Reserved. This page was created in 0.05 seconds requiring 5 database queries. |
The views and comments expressed on The Magic Café are not necessarily those of The Magic Café, Steve Brooks, or Steve Brooks Magic. > Privacy Statement < |