View Full Version : Here we go...
Chris Gibbs
3rd August 2009, 08:53 PM
...again, Roadster forum mark 2!
I'm sorry that this misfourtune has befallen this forum, when, I believe it was intended for me, personally.
This tale should be a warning to everyone who has an online presence, this is what I'd reccomend.
Don't use the same password on different sites, and it's probably best to use different usernames. My account was hacked on three different forums and my ebay account too. There was an attempt to get into my paypal account which failed.
I can't say anything about who might have caused these problems - I don't know. I'm told that Haynes have traced the culprit though.
I think we should put this behind us and move on with a sense of purpose that will shame the person or persons responsible.
I have a couple of quotes that seem apropriate
One's best success comes after their greatest disappointments. - Henry Ward Beecher
The robbed that smiles, steals something from the thief. - William Shakespeare, Othello
Cheers
Chris :)
aaronbassett
3rd August 2009, 09:07 PM
good to see you back m8 lets hope that we dont have any more problems and hope you had a good break
aaronbassett
3rd August 2009, 09:11 PM
just a little question was there a back up of the forum laying around some were ???? if not, not to worrie
Chris Gibbs
3rd August 2009, 09:18 PM
I don't think there was, but I'll ask.
Cheers
Chris :)
HandyAndy
3rd August 2009, 09:25 PM
glad the forum is back up & it really shows how much it means to so many people, it was missed by all, we,ll go from strength to strength & long may it continue.:) :) :cool:
andy
snapper
3rd August 2009, 09:25 PM
Its always a shame that some people think web crime is not a crime and i for one would punish them with the law.
The most important thing on any forum is the people, i know we may have lost some data but i am sure we can regain most of it in time.
The Roadster is here for a long time, there is huge respect amongst the kit car builders for anyone who can start with just some tubes and sheets of metal and produce a car.
Perhaps a thread of what's missing so we can put back any lost info.
davidimurray
3rd August 2009, 09:27 PM
No need to apologise Chris - not your fault that some people decide to take offence. Now be a good boy and don't cause any trouble :p
Chris Gibbs
3rd August 2009, 09:32 PM
:D
I'll do my best, can't promise anything though :p
Cheers
Chris :)
Bonzo
3rd August 2009, 09:40 PM
Welcome back Chris
I hope all of this did not put too much of a damper on your holiday :(
This forum will not take too long before it is better than ever. ;)
Just having the forum back online is good enough for me, I am sure that you will continue to recieve the full support of each & every forum member.
Very timely reminder about user names & passwords ;)
bob
5th August 2009, 09:39 AM
Cant agree more re using different passwords on various forums,i have only had this problem of hacked accounts once in the 10+ years of using the interweb but once was enough to prompt me to alter my settings.
AshG
5th August 2009, 01:31 PM
being an it geek i have allways used different passwords for all things of importance e.g accounts with admin access etc.
what most dont realise is that the poeple who own/run forums can retrieve a users password if they know how to open up the correct table and extract the data.
I suspect the attack was from a person that had full access to another forum database to extract the password that chris used. unfortunatly chris's password was the same on all forums and unfortunatly on this forum it was an admin account.
thewinker
6th August 2009, 10:31 PM
being an it geek i have allways used different passwords for all things of importance e.g accounts with admin access etc.
what most dont realise is that the poeple who own/run forums can retrieve a users password if they know how to open up the correct table and extract the data.
Not actually true. Most systems use a forward encryption system to ensure passwords are not stored in clear text. The only way to recover would be by brute force, trying every combination, but that could take weeks or even months.
mr henderson
7th August 2009, 07:44 AM
Not actually true. Most systems use a forward encryption system to ensure passwords are not stored in clear text. The only way to recover would be by brute force, trying every combination, but that could take weeks or even months.
Would that apply to all systems, though, even if they were quite old?
thewinker
7th August 2009, 10:39 AM
Would that apply to all systems, though, even if they were quite old?
Pretty much every system I've used in the last 10 years does it that way, it's not exactly new technology! In fact, I say 'pretty much', but I can't think of a single exception.
Land Locked
7th August 2009, 10:50 AM
There is at least one forum i'm on that doesn't use the new tech. But yes most of them do encrypt the info.
AshG
7th August 2009, 11:11 AM
i have done a lot of work on sql databases in my time and the encryptions are not hard to get around if you know what you are doing. ;)
i run a phpbb forum and have got users passwords out of the tables and decrypted them when they have forgot thir passwords. takes about 5mins if you have the correct tools.
thewinker
7th August 2009, 11:27 AM
i have done a lot of work on sql databases in my time and the encriptions are not hard to get around if you know what you are doing. ;)
i run a phpbb forum and have got users passwords out of the tables and decrypted them when they have forgot thir passwords. takes about 5mins if you have the correct tools.
Sorry, that's utter bollocks, written by someone that can't even spell 'encryption', let alone be expected to understand how it works. The whole point of a forward encryption system, for example md5, is that the only way around it. Unfortunately for you, you're picking on my specialist subject as I'm a security analyst contractor working mainly for the high street banks.
Pretty much any PHP+MySQL web application will use either md5 or SHA1 to secure the passwords in the database. Whilst md5 has been shown to be insecure, it's not a trivial job to crack it, and only works in a limited number of cases. For the level of security required for sites like this, I would personally consider it perfectly secure enough, but I wouldn't want to send my credit card number in public view using it. It's also easier on the CPU than SHA1, so on a busy site it could improve performance.
SHA1 again has weaknesses in a tiny number of cases. I've yet to see a hack attempt on any system I've worked on that relied on a weakness in it, and if they guys I have to defend against don't know how to do it, nobody does. It is heavier on the CPU though, which is why most sites will stick with md5.
In short, if you can decode someone's password in a few minutes then your implementation is either stupidly out of date or has been written by a complete idiot.
jasongray5
7th August 2009, 11:44 AM
now now, play nice...
Chris Gibbs
7th August 2009, 12:16 PM
I think it's best that we leave this topic and move on, what's done is done and this discussion is just raking it all up.
Cheers
Chris :)
Bonzo
7th August 2009, 12:23 PM
I like the new Avitar Chris :cool: :cool: :)
Any news on the release date for the new book ;)
Chris Gibbs
7th August 2009, 12:35 PM
Thanks mate, it was taken at Capesthorne hall in 2008.
http://i126.photobucket.com/albums/p112/chrisg222/capesthorne023.jpg
There is some news about the new book, it's not good though. I'm afraid because of some missed deadlines and Haynes expansion and consequent heavy work load the books been delayed until May/June next year. :(
Cheers
Chris :)
AshG
7th August 2009, 12:41 PM
cheers for spotting my spelling mistake the I and Y are very close together.
im guessing you made one on your user name thewinker (http://www.haynes.co.uk/forums/member.php?u=1391) :D im guessing you have a foreign keyboard as the I and the A are miles apart on an english one.
Bonzo
7th August 2009, 12:43 PM
At least it will give HandyAndy time to complete the Roadster before he starts work on the single seater :D :D
thewinker
7th August 2009, 12:45 PM
cheers for spotting my spelling mistake the I and Y are very close together.
im guessing you made one on your user name thewinker (http://www.haynes.co.uk/forums/member.php?u=1391) :D im guessing you have a foreign keyboard as the I and the A are miles apart on an english one.
Hmm, havn't heard that one before, lol. :D
fabbyglass
7th August 2009, 01:19 PM
Hurdy gurdy.....:confused:
mr henderson
7th August 2009, 01:29 PM
Sorry, that's utter bollocks, written by someone that can't even spell 'encryption', let alone be expected to understand how it works.
That's a dreadful thing to say, and I think you should withdraw it promptly. It's one thing to disagree with someone, but you have gone well beyond that.
The whole point of a forward encryption system, for example md5, is that the only way around it.
I've quoted that sentence, from your post, in its entirety. There seems to be something missing from it. Let he who is without sin..........
HandyAndy
7th August 2009, 02:46 PM
At least it will give HandyAndy time to complete the Roadster before he starts work on the single seater
:D
phew, a sigh of relief there Ronnie, yes indeed i,ll get the Roadster finished before i start on the single seater ;)
Chris........are we now able to have avatars on our profiles?
yours looks great:cool:
cheers
andy:)
Chris Gibbs
7th August 2009, 02:55 PM
I don't know mate!
You'll have to check, click "user CP" at the top and then "edit avatar". Then click "use custom avatar" and enter a URL or click "browse" to upload a picture from your computer.
HOWEVER
I don't know if avatars have been enabled for everyone, or just me.
Cheers
Chris :)
HandyAndy
7th August 2009, 03:10 PM
ok , Cheers Chris, i,ll have a go at that & if it works i,ll put up my avatar, thats if i can work out how to do it.:eek: :o
cheers
andy
jasongray5
7th August 2009, 03:12 PM
Its only chris thats allowed one... Bummer...
Balidey
7th August 2009, 03:21 PM
Its only chris thats allowed one... Bummer...
:eek: are you allowed to call him that? :D
Land Locked
7th August 2009, 03:56 PM
Its only chris thats allowed one... Bummer...
No fair! elitism, thats what it is!!!!:p
Chris Gibbs
7th August 2009, 05:49 PM
I'll ask again, it fell on deaf ears last time though ;)
Cheers
Chris :)
BTW "bummer" takes me back, it was the no1 insult when I was at school :D
fabbyglass
7th August 2009, 06:04 PM
The saying in Wales was "toooooo baaaaaaad" whilst rubbing yer chin...:D :D How daft is that but at the time it was the "thing" to do and say:rolleyes:
vBulletin® v3.6.4, Copyright ©2000-2024, Jelsoft Enterprises Ltd.