+ Post New Thread
Page 5 of 7 FirstFirst 1234567 LastLast
Results 61 to 75 of 105
General Chat Thread, Edugeek server security compromise in General; There will be more information, but only as and when we have it. We are not in the speculation game. ...
  1. #61

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,843
    Thank Post
    583
    Thanked 2,162 Times in 987 Posts
    Blog Entries
    23
    Rep Power
    627
    There will be more information, but only as and when we have it. We are not in the speculation game. As has been pointed out, we do not hold information that criminals traditionally go for such as card details.
    There is no one more able and experianced to figure out what happened and why than Shaun, but to ensure we do things correctly it will take time.
    As for details such as someone having your date of birth to access an onlne bank account, you would also have to have many other details as well as your DOB alone is not enough to identify you. Someone would need to know what bank you are in for a start. Then account numbers, passwords (often 2 passwords now) and other details (none of which were held by us) are required, so please stop fretting.

  2. 12 Thanks to Dos_Box:

    GrumbleDook (27th November 2011), irritabletechy (28th November 2011), john (28th November 2011), localzuk (27th November 2011), mac_shinobi (28th November 2011), nephilim (27th November 2011), Sensei (27th November 2011), Soulfish (27th November 2011), speckytecky (27th November 2011), Steve21 (27th November 2011), TheScarfedOne (28th November 2011), vikpaw (30th November 2011)

  3. #62

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,828
    Thank Post
    875
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Working in a bank myself with a team of security guys I have an idea what can happen. The data collected could be sold on. The person who receives it will take what he needs. He might already have a portfolio of someone's data and the date of birth could be the last piece of te puzzle.

    It's happened many times before....

  4. #63

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,639
    Thank Post
    514
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by FN-GM View Post
    Working in a bank myself with a team of security guys I have an idea what can happen. The data collected could be sold on. The person who receives it will take what he needs. He might already have a portfolio of someone's data and the date of birth could be the last piece of te puzzle.

    It's happened many times before....
    In which case, you're basically screwed. Local governments lose data all the time. Your schools did. Your banks do. The NHS does. Australia has far weaker data protection laws than the UK and as such it is illegal to send personal data from the EU to Australia, but you don't seem concerned about it, having moved there.

    So, my suggestion is the same as everyone else - assume that your data has been copied, and act accordingly.

  5. #64

    Join Date
    Apr 2006
    Posts
    388
    Thank Post
    23
    Thanked 95 Times in 61 Posts
    Rep Power
    44
    Quote Originally Posted by sister_annex View Post
    I for one am just happy Edugeek is back, to some semblance of normality, I think people forget sometimes that it is a relatively small outfit that runs the site and they have a million and one things to do as well as keep us happy, I do agree an update to what went on would be nice but I also understand that @ZeroHour has spent many hours working to get services restored (and by now should have a very nice ass groove worked into his chair!).

    Patience is a virtue, I am sure the details will appear in time
    That's a nice post . . . . but a troubling image.

  6. #65

    Join Date
    Jul 2010
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by FN-GM View Post
    Working in a bank myself with a team of security guys I have an idea what can happen. The data collected could be sold on. The person who receives it will take what he needs. He might already have a portfolio of someone's data and the date of birth could be the last piece of te puzzle.

    It's happened many times before....
    While I wait for my main account to get sorted (forgot about this one)

    Are those in the bank winding the noobie up?
    LMAO if the DOB was truly the magic bullet everyone on facebook would be done for. The amount of people who advertise there DOB to the public on that is insane and thats before we get to those that put their address.... and you have never told posted your age (as your month/day is public on edugeek according to your settings) which would allow the complete DOB.
    Also if you bank with a bank that will let you into someones account with their DOB I would change banks
    The next office birthday will be interesting at least....
    Last edited by daustin; 27th November 2011 at 03:22 PM.

  7. #66


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,462
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    And before anyone says "ahar, I never put my YEAR of birth on fb/linkedin/whatever!" remember you have a nice sharp peak among your friends of people born in the same year as you...

  8. Thanks to tom_newton from:

    CAM (28th November 2011)

  9. #67

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Zak has some point about data mining of personal details is rarely about a single breach (unless they are lucky and get a full DB of personal and card details) but a breach of any site could release information which can then be used to target other areas. However, it is often combined (when details are sold on) with attempted access to email account ... and the advice about changing passwords is good advice. The concern about DoB is only a very small one ... and if they have access to your email account as well, and that has your personal details in too then whether they gain your DoB from here or anywhere else is of no matter. I would not place my DoB as a security detail where possible anyway ... and have turned it off as a verification item where I can. My DoB is pretty public anyway ... people wishing me happy birthday and me mentioning my age ... it doesn't take a rocket scientist to work out.

    Because of the uncertainty of what may have been targeted and for what reason, and the details about attack vector needing to be covered, etc there is little more that can be added other than that which was in the original article or from DB's subsequent posts. The ICO advise that sites should not be put straight back up to get to 'business as usual' but should take appropriate security action to deal with the issue. As a member, I am happy and confident that this has been done. I would not expect for DB and ZH to give me a complete public run-down of what they have done on the security side of things to improve things even further, in the same way I wouldn't expect any of the other members to give me a complete breakdown of your security arrangements on a public site. Although it may be considered security by obscurity, it is also a bit of common sense.

  10. Thanks to GrumbleDook from:

    FN-GM (27th November 2011)

  11. #68
    Cache's Avatar
    Join Date
    Apr 2008
    Location
    Cumbria
    Posts
    1,206
    Thank Post
    450
    Thanked 173 Times in 170 Posts
    Blog Entries
    3
    Rep Power
    63
    Quote Originally Posted by Arthur View Post
    We did in a way. Valve's Steam Users' forums and Sony's MyResistance.net forums were hacked around the same time as EduGeek. Both use vBulletin and the latter is still offline!
    Sony's MyResistance.net forums ran on either MyBB or SMF not vBulletin (Can't remember which).

  12. #69

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,828
    Thank Post
    875
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Quote Originally Posted by localzuk View Post
    but you don't seem concerned about it, having moved there.
    And you know me that well do you?

    Quote Originally Posted by localzuk View Post
    So, my suggestion is the same as everyone else - assume that your data has been copied, and act accordingly.
    I wasnt asking for your advice.

  13. #70

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,639
    Thank Post
    514
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by FN-GM View Post
    And you know me that well do you?
    I wasnt asking for your advice.
    PMing you.

  14. #71
    RoF
    RoF is offline
    Unvalidated User
    Join Date
    Nov 2011
    Location
    New York
    Posts
    16
    Thank Post
    7
    Thanked 4 Times in 4 Posts
    Rep Power
    38
    Quote Originally Posted by localzuk View Post
    People suddenly seem to be behaving like this site is some giant commercial operation when it isn't.
    But the thing is we are always being told that edugeek is a global support site with huge member numbers from around the world and how it is recognized by important companies within the IT world. They even come to Philly to promote the site. Now when something like this happens we are told that it is a relatively small outfit and to stop fretting. So which is it?

  15. #72

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,783
    Thank Post
    1,623
    Thanked 1,877 Times in 1,395 Posts
    Blog Entries
    2
    Rep Power
    422
    I believe what Localzuk means is like an outfit like Amazon or MS Technet or something to that effect.

    I can see where you are coming from @RoF however from Edugeeks' POV they are big fish in a small pond (infact the biggest fish in a small pond as Experts Exchange take most answers from here and charge for the privilege).

    In terms of global multifunction tech support sites - Edugeek is the biggest
    In terms of global tech support sites - Edugeek is small fry (Technet - largest, Apples equivalent - next, Redhat (which now covers all linux distro's) - 3rd, and so on and so forth).

    Edugeek markets itself globally to get more hits, more users and more views (and in terms of ad revenue it is a huge boost...the site experiences a massive surge in users and such like during and after BETT for example). So it makes fiscal sense for them to market themselves globally (however I call dibs on the trips to AUS and NZ lol).

    Personally I do not care if someone got my DOB as they could have gotten that from facebook/linkedin if they have me as a contact and the password for here, it is unique to this site only (usually my passwords are around 26 digits letters, numbers, symbols, upper case and lower case which is enjoyable remembering them! lol).

    As for the statement, I wait with interest.

  16. #73


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,763
    Thank Post
    222
    Thanked 2,630 Times in 1,938 Posts
    Rep Power
    779
    Quote Originally Posted by nephilim View Post
    In terms of global multifunction tech support sites - Edugeek is the biggest
    What is a multifunction tech support site?

  17. #74

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,783
    Thank Post
    1,623
    Thanked 1,877 Times in 1,395 Posts
    Blog Entries
    2
    Rep Power
    422
    Supports more than just 1 product.

  18. #75

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,639
    Thank Post
    514
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by nephilim View Post
    As for the statement, I wait with interest.
    I don't. Any statement will be kinda superfluous to me, IMO. The fact that the site had an intrusion, and that passwords should be reset is enough. I don't see what a statement would do really.

SHARE:
+ Post New Thread
Page 5 of 7 FirstFirst 1234567 LastLast

Similar Threads

  1. Print Server - Security Settings
    By reltihmd in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 8th October 2010, 01:45 PM
  2. Server 2008 R2 Terminal Server Security Settings
    By FN-GM in forum Windows Server 2008 R2
    Replies: 1
    Last Post: 4th February 2010, 02:03 PM
  3. Server security issue
    By steve_nfi in forum Windows
    Replies: 5
    Last Post: 1st July 2008, 02:09 PM
  4. Mac OS X Server Security
    By Nij.UK in forum Mac
    Replies: 2
    Last Post: 23rd May 2007, 12:44 PM
  5. security of internally hosted web server
    By Wizzer in forum Web Development
    Replies: 7
    Last Post: 27th June 2006, 08:50 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •