Welcome, Guest. Please login or register.

Login with username, password and session length


Author Topic: Upcoming Password changes  (Read 1991 times)

Offline Abarthisti

  • Administrator
  • Abarth Wannabe
  • *****
  • Posts: 36
  • Carlo Rating: 1
Upcoming Password changes
« on: July 27, 2016, 08:55:37 pm »
Hello,

Please be advised we’re asking members to change their account password  due to a security breach of our sites that we recently been made aware of.  As such you will be prompted to change your forum password when you enter the site next.  This is one of several implementations we’re adding as a way we can help secure the site and prevent information to be compromised in the future. If you would like to read more or ask a question please feel free to read the page linked below or post to this thread.

Read More here: http://www.verticalscope.com/about-us/notice-of-data-breach.html 

Thank you

The Community Support Team

AbarthForum.co.uk

  • Advertisement
  • ***

    Offline cloudburst

    • Assetto Corse Member
    • ****
    • Posts: 289
    • Carlo Rating: 2
      • Northern Ireland
    Re: Upcoming Password changes
    « Reply #1 on: July 28, 2016, 11:41:40 pm »
    Quite frankly I'm disappointed at the number of forums (including this one) who do not implement TLS.

    They cite, with a depressing degree of technical ignorance, that the site isn't facilitating financial transactions or storing sensitive data, so therefore TLS isn't required.

    These sites are forgetting a few things:
    - User credentials are sensitive data. Users are human and many users are pretty ignorant of security; they shouldn't - but they DO - use the same usernames and passwords on forums and other sites which do, for example, facilitate financial transactions.
    - Using TLS, as well as protecting credentials in transit also certifies the validity of the forum to the user and reduces the likelihood of a man in the middle attack by various means.
    - User creds for Administrative users are particularly valuable to a bad actor. Lack of TLS is a birthday present!

    Reading the "what we're doing" paragraph actually annoyed me - particularly the "we're looking at new encryption techniques". My view is that the entire session from start to finish should be done over TLS and the technology to do this has been around for decades.

    That said, I'm pleased to see at least that our passwords are being persisted as salted hashes.

    CB
    « Last Edit: July 28, 2016, 11:43:56 pm by cloudburst »
    Converting fuel to noise since 1982.
    SOUNDCLOUD: https://soundcloud.com/drinking-bird-experiment

    Offline Abarthisti

    • Administrator
    • Abarth Wannabe
    • *****
    • Posts: 36
    • Carlo Rating: 1
    Re: Upcoming Password changes
    « Reply #2 on: July 29, 2016, 02:07:32 pm »
    thank you for the suggestions,

    We are doing our best to maintain security and better measures to make sure account information is safe. :)
    thanks.

    ~Shane

     

    hungry