SQL injection vulnerability

Aduiavas Ida · Aug 24, 2016

The site just went down again, just for about a minute :look:

It said DNS could not be reached :look:

Is this the same as before?

Mendo Cath · Aug 24, 2016

Not that I am aware of.

Ashara Koh'inor · Aug 24, 2016

Thanks for taking care of everything so quickly and being patient enough to answer all our questions. Great job!!!

Kelgan al'Moranwin · Aug 24, 2016

Thanks for getting things taken care of so quickly, Mendo!

Cahr Ystian · Aug 24, 2016

Thank you for the good work.

Mendo Cath · Aug 24, 2016

Aduiavas Ida said:
The site just went down again, just for about a minute It said DNS could not be reached Is this the same as before?

Unrelated. Our host reported "DNS Resolution Issues" around the same time.

When it rains?

Aduiavas Ida · Aug 24, 2016

Good to know

I just thought I'd tell you, in case it had happened again :look:

Kassidy Rose ni DaiShan t' al'Kalin · Aug 24, 2016

Password changed. :hug

Polegnyn Nemeara · Aug 24, 2016

Password updated :fistbump

Naomi al'Moranwin · Aug 24, 2016

My password was only 797 days old! Totally secure. :look:

Cassie Dainar · Aug 24, 2016

Mine was clearly secure as I couldn't hack it on my own and had to reset it. :cheeseeni:

I'm going to presume that my groggy text message conversation with Mendo last night about this was successful.

Samarasin Tavaral · Aug 24, 2016

Naomi al'Moranwin said:
My password was only 797 days old! Totally secure.

Mine was somewhere around 1400. :look:

Kyla Sterling · Aug 24, 2016

Samarasin Tavaral said:
Mine was somewhere around 1400.

Same.

Elania al'Manir · Aug 24, 2016

Ditto.

Axis m'Troutilas · Aug 24, 2016

same around 1400, must be the last time we updated the forums

Defen Estrator · Aug 25, 2016

Got the update to fix this (the vulnerable part of the forums was disabled in the meantime), so there's going to be a quick emergency maintenance to apply it and re-enable things. Should be just a quick blip.

[edit]Done![/edit]

Caerwyn Jolan · Aug 25, 2016

Dnae Ila said:
Thank you for letting us know so quickly!
Unfortunately, I've used that password on a lot of non-identification, non-financial stuff, so I've got a lot of password changing to do.

I suspect this sort of thing is common. I know i used to reuse passwords between sites until a couple years ago.

So. The way security folk that i know (computer security) do it, is similar to what I do, which is to use a password manager like Lastpass to create unique, complex passwords (the one i just set my tv.net password to is a random string of 20 digits with mixed character types, I generally use 20 characters or whatever the maximum length of the password field that is accepted is.

This lets you never worry that a compromised password on one site affects others. (it turned out my password here actually predated my doing this, but i had since changed all the other places that password was used).

Lastpass (and several other password managers) have browser plugins so its easy to actually log in with them. you dont have to type those crazy passwords.

Anyway, if you're thinking of upgrading your online security becuase of this incident, i'd recommend using a password manager rather than just picking another password and setting a bunch of sites to use it.

thanks
Caerwyn

Eleyan Al'Landerin · Aug 25, 2016

1500 days..... so I... win? Er...?
Either way, it was time to change my password. :indifferent:

Caerwyn, I've been very interested in using a password manager but was afraid that I'd get confused and just end up without access. I'd love suggestions (and a little education) for current best practices.

Dear IT Team, the Internet is dark and full of terrors. Thank you for noticing the breach and working straight away to notify everyone and correct the problem as best you can.

Vivianna L'antreau · Aug 25, 2016

Damn you beat me! I only had 1484

Thanks Mendo and Defen!

Caerwyn Jolan · Aug 25, 2016

Eleyan Al'Landerin said:
1500 days..... so I... win? Er...?
Either way, it was time to change my password.

Caerwyn, I've been very interested in using a password manager but was afraid that I'd get confused and just end up without access. I'd love suggestions (and a little education) for current best practices.
.

This is a pretty good article on password managers, how they work and it mentions some of the stronger ones at the end.

A number of the screenshots are from using Lastpass but there are several other choices mentioned.

SQL injection vulnerability

More options

Aduiavas Ida

Mendo Cath

Voidbringer

Ashara Koh'inor

Kelgan al'Moranwin

Cahr Ystian

Mendo Cath

Voidbringer

Aduiavas Ida

Kassidy Rose ni DaiShan t' al'Kalin

Polegnyn Nemeara

Naomi al'Moranwin

Cassie Dainar

Darth Dainar

Samarasin Tavaral

Kyla Sterling

Evil Overlord

Elania al'Manir

Axis m'Troutilas

Defen Estrator

Mastering the Watch

Caerwyn Jolan

Eleyan Al'Landerin

Koyn Amyrlin

Vivianna L'antreau

The Vivrylin

Caerwyn Jolan

Share this page