If that is the only comment to be offered then it isn't good enough!
RoF was spot on with her comment about 'valued' community. I fail to see any recognition of value.
What is so difficult about saying "xx was compromised/stolen", "we think xx was compromised/stolen", or even the very honest "we haven't got a XX clue yet, sorry, bear with us!". Any is better than silence.
There may be very good reasons why information is not Available, for example legal and or protecting other sites using vb. I have no more info than anyone else. I suggest "please bear with us" is a good idea.
Think of it like this
VBulletin has to be updated (every site that uses it) as its been compromised (well so I would think). If data has been compromised and your accounts have been taken or emails hacked etc, then it could be coincidence. I have no more information than anyone else but the please bare with us is a good thing, as you could well get a massive essay on what happened, how it happened and why it happened.
For the people who were following the downtime when this happened they will fully understand that so many hours (working through the night) were put in my ZH in order to get the forums up and running again safely. Along the way Shaun also would have had to investigate the cause etc. and also work very close with VB.
None of us know any more than the next person, what i can probably take a very good guess at though is that Shaun is working on a report on what has happened to provide everyone with more information.
We all are aware that the server was breached due to a bug in the VB software, and that as a precaution everyone was urged to change their passwords. I am sure Shaun is analysing log files in order to fill us all in... But as DosBox has had he also has to deal with users whom are still locked out of there account etc.
I am sure we will all here something in due time, for now let’s sit back and enjoy edugeek!
Happy Days! - EduHobNobs Anyone! -
sister_annex (26th November 2011)
I for one am just happy Edugeek is back, to some semblance of normality, I think people forget sometimes that it is a relatively small outfit that runs the site and they have a million and one things to do as well as keep us happy, I do agree an update to what went on would be nice but I also understand that @ZeroHour has spent many hours working to get services restored (and by now should have a very nice ass groove worked into his chair!).
Patience is a virtue, I am sure the details will appear in time
Little-Miss (28th November 2011)
TBH, a breach as serious as this - as WAS communicated, hashed passwords may have been compromised - you can safely assume that nothing is sacrosanct. There is no way for the admins to say for sure anything that could have been accessed was actually copied though.
Presume ANYTHING you ever sent to the site may have been read.
IMO the big password change is a sign that the admins are committed to security - this has obviously cost a lot of work, and has probably cost some members. A less scrupulous bunch might have pushed this under the rug.
On the other hand - lads, get a statemnt out, if you need any help drafting it, I am happy to help in my capacity as professional security gobshite
If there was such a bug in VB dont you think we would of heard about it!! When fasthosts brought down edugeek the news was everywhere (the register etc)
Edugeek gets hacked or whatever no news anywhere.
edit: just read the steam forum hack could of been a VB problem so prob related
Last edited by markcuk; 26th November 2011 at 10:34 PM.
The fact that ZH has gone to as much trouble as he has reimplementing the site bit by bit and making it very clear about the breach is a good thing and does show commitment to security but the complete information vacum was a bit unfomfortable. Hopefully in a while when the dust has settled and VB have patched up their software we will get a better idea of what happened if that information is avalible.
Steam forums taken offline following possible security breach - 09/11/2011
The Steam forums, run by Valve, are down following an apparent security breach perpetrated by a group of hackers, Eurogamer reports. The outlet states that a message board in the forums was "defaced" Monday night; the forums were subsequently taken down and replaced with a message from Steam stating they are "offline for maintenance."
Eurogamer reports that one Steam user contacted them saying that the hackers changed some text on the message board and sent some spam to registered users. The message board was redesigned to show a message from a website called Fkn0wned.com that documents video game hacks.
Because some players have reported receiving spam with similar content to the material illicitly splashed across the forums, it's possible that whoever hacked the site may have obtained the e-mail addresses of users who have registered with the site. No other forum users have come forward saying they received spam since the initial outbreak, and Valve has neither made a public statement nor responded to Ars' requests for comment on the incident.
As of this writing, the forums remain down and display only the maintenance message, telling players their "patience is appreciated." We'll be keeping an eye out for Valve's statement on the matter as well as for the forums to come back up. (Source Via)Resistance Site, Forums are Down; Hacking Alleged - 12/11/2011
Visitors to MyResistance.net, the official site for the Resistance franchise of PS3 games, say the site was serving up malware yesterday. One of them alerted Insomniac Games, and now the entire site has been taken offline for maintenance.
The hacking and malware allegations could not be immediately verified with Insomniac or Sony Computer Entertainment America. The site itself is owned by Sony, with Insomniac providing moderation and content support. The studio thus is referring inquiries directly to SCEA. This morning Kotaku reached out to representatives of both; any statement the studio or Sony makes will be updated here.
This site outage comes a week after an attack and defacement of the Steam Forums that brought them down for nearly five days. Worse, Valve later said that a database containing user information, including encrypted credit card numbers, had been exposed in the attack, and advised users to monitor their credit card activity and change passwords elsewhere if it was the same as their Steam Forum login. (Source)
Anyone gonna own up for this one?Originally Posted by Negative Rep
People suddenly seem to be behaving like this site is some giant commercial operation when it isn't. If everyone had had their credit card details disclosed or something I'd say sure, demand explanations, but as it stands they have done full-site password resets, they have advised people to use services such as LastPass, to ensure people don't use passwords for more than 1 site etc... What else do you want?
As others have said, saying 'they stole X,Y and Z' is going to be basically impossible, so you should simply assume that they got the lot and change your passwords everywhere that uses the same one just in case. The worst you'll get out of this would be more spam I'd guess.
Surely a paragraph of some kind of explanation isnt allot to ask for? Shaun isnt the only one working on the site, there are other admins as well.
I know my date of birth could have been taken, that is a security question banks use. Its only part of a puzzle but can result into something more serious. Personally i dont care about the password as it was unique.
Was a copy of the database taken?
Do we know what was actually seen by the hackers? At the moment its speculation.
Do we know what the hackers actually did?
There are currently 1 users browsing this thread. (0 members and 1 guests)