IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Minor Security Concern - Unahtorized Password Requests - Please Read
Ghidra
post Oct 29 2016, 08:13 PM
Post #1


Straight from the Underground
Group Icon

Group: Root Admin
Posts: 6,032
Joined: 27-January 10
From: Mandy's Room
Member No.: 1
Favorite Character:
Country: us
Favorite Pairing: Sam x Mandy
Favorite Anime: Ikkitousen
Favorite Manga: Hayate X Blade
Favorite Movie: Tenebre
Favorite Musician(s): Goblin



Today, I got an e-mail from the website requesting a reset of my password. I sent no request. Thankfully, the e-mail included the IP that performed the action. Tracked it, and it apparently did the same thing with Trillium's account, a member who has been inactive for several years. It's not Trillium, however, since the IP originated from the UK. It's now blocked both normally an using and IP range if the last few digits change.

I don't know if this was an automated bot that tried to do this, but it was an action performed by a guest. We have been targeted by bots repeatedly however, and I only recently was able to stop them from creating accounts. Overall, I don't think this amounts to a serious concern. It wouldn't have actually been able to view the e-mail regardless. I don't think the guest even knows what e-mails to check. However, just letting you know. Make sure you have good passwords both at TSUG and the e-mail you used to create an account. Include both letters and numbers. Using capital letters is a good idea too. Don't publish the e-mail you used to sign up with an account anywhere including on TSUG.




Go to the top of the page
 
+Quote Post
Black Fatima
post Oct 29 2016, 08:25 PM
Post #2


Am I any less important?
Group Icon

Group: Administrators
Posts: 1,094
Joined: 29-January 10
From: With D
Member No.: 4
Favorite Character:
Country: ua
Favorite Pairing: N/A
Favorite Anime: Sailor Moon
Favorite Manga: Sailor Moon
Favorite Comic: N/A
Favorite Movie: To Kill A Mocking Bird
Favorite Book: To Kill A Mocking Bird
Favorite Musician(s): Too many to name.
Favorite Album: N/A
Favorite Game: Tomb Raider



Boo! What a creep. It/she/he needs to bug off.




MASQUERADE.

Go to the top of the page
 
+Quote Post
TB74
post Oct 30 2016, 07:11 AM
Post #3


Queen Bee
Group Icon

Group: Members
Posts: 2,039
Joined: 7-September 11
From: Levis, Canada
Member No.: 380
Favorite Character:
Country: ca
Favorite Pairing: Me + Kugimiya Rie :)
Favorite Anime: Maria-Sama ga Miteru
Favorite Comic: Philemon
Favorite Movie: The Big Lebowski
Favorite Book: The Complete Works of Howard Philips Lovecraft
Favorite Musician(s): Kalafina
Favorite Game: Sunless Sea



Unfortunately, a lot of people use passwords that are easy to crack. Like TS fans using Mandy1 or Star Wars ones using Red0ne, for instance. Problem is, most people don't want to use passwords like g4*K256/Lb8-3W_5$ because . . . they forget them eventually. No surprise.

But there's a decent alternative if you want a password that's both harder than average to crack and easy to remember:

1) Pick a short sentence you'll remember easily.

Ex.: Mandy is cool. or Mandy is a turd.

2) Convert the characters that look like numbers into . . . numbers! Like the capital letter A looking like the number 4. You can also replace one or more lower case letters with upper case letters in words that don't have replacement numbers in them, for added safety.

Ex.: M4ndy 1s c00l. or M4ndy 1s 4 tuRd.

3) Use symbols to fill in the spaces.

Ex.: M4ndy-1s_c00l. or M4ndy_1s/4-tuRd.


All you need to do to remember your password later on is to remember the original sentence, which letters you replaced with which numbers (or upper case letters) and which symbols you used to fill in the spaces. Not impossible to crack (no password is, really), but still much harder than Mandy101, just M4ndy or worse, your birthday date, your street address or your phone number. Of course, some passwords limit you to a certain number of characters (8, 12, etc.), so your sentences must be shorter. In such case, pick a longer word and use the letter to number replacement approach described above.

Also, use different passwords for different uses (one for each email you have, one for each forum you post on, etc.), and try to change these passwords every 3-4 months or so. All of them, if possible. Helps a lot.

I got all this from a computer security advisor who's working for businesses to help them improve the safety of their network, by the way.


Hopefully those bot issues will come to an end. Until then, better be safe than sorry.




Go to the top of the page
 
+Quote Post
jettmanas
post Oct 30 2016, 02:30 PM
Post #4


Spy Chic II
Group Icon

Group: Members
Posts: 274
Joined: 6-April 16
From: Bay Area, CA USA
Member No.: 901
Favorite Character:
Country: us
Favorite Pairing: Alex & Martin Mystery
Favorite Anime: Persona 4
Favorite Manga: Nausicaa
Favorite Comic: Generation X (early issues)
Favorite Movie: Persona 3 movies (1-4)
Favorite Book: Animator's Survival Kit
Favorite Musician(s): Michiru Yamane (Skullgirls)
Favorite Album: Castle Crashers OST
Favorite Game: Jewelion (did the art/animation)



Hmm, good info on changing passwords once in a while. It sometimes happens when I forget which password I use for each forum I use.
But changing them intentionally sounds like a good idea.

Off-topic: that animated banner is really impressive, TB. Never seen those characters before, but the animation's really good.




TSUG Fanart Trophies:




My video game art/animation: http://www.tangerinepop.com/
However tough life gets, don't give up!
Go to the top of the page
 
+Quote Post
Ghidra
post Oct 30 2016, 08:24 PM
Post #5


Straight from the Underground
Group Icon

Group: Root Admin
Posts: 6,032
Joined: 27-January 10
From: Mandy's Room
Member No.: 1
Favorite Character:
Country: us
Favorite Pairing: Sam x Mandy
Favorite Anime: Ikkitousen
Favorite Manga: Hayate X Blade
Favorite Movie: Tenebre
Favorite Musician(s): Goblin



Upon further investigation, it may not have been a bot. There's a possibility it was a new member, one that hasn't actually posted yet. I would just like to ask that person, if this is true (I'm only about 50/50 on whether it is because there's no smoking gun, but there is some evidence that makes it seem possible) not to try anything like this again.




Go to the top of the page
 
+Quote Post
TB74
post Nov 7 2016, 11:44 PM
Post #6


Queen Bee
Group Icon

Group: Members
Posts: 2,039
Joined: 7-September 11
From: Levis, Canada
Member No.: 380
Favorite Character:
Country: ca
Favorite Pairing: Me + Kugimiya Rie :)
Favorite Anime: Maria-Sama ga Miteru
Favorite Comic: Philemon
Favorite Movie: The Big Lebowski
Favorite Book: The Complete Works of Howard Philips Lovecraft
Favorite Musician(s): Kalafina
Favorite Game: Sunless Sea



QUOTE (jettmanas @ Oct 30 2016, 10:30 AM) *
Off-topic: that animated banner is really impressive, TB. Never seen those characters before, but the animation's really good.


Oops. Forgot to reply to this, for some reason...

They're from Little Witch Academia, which can be watched on Netflix (among the legit streaming sites... I suppose it's also available in many other places). I previously commented on this series in the forums; see this link.

If you like TS, you should like LWA, too.




Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Lo-Fi Version Time is now: 18th November 2017 - 04:21 AM
Skin by Andrea

TSUG.net is a fan made website created in appreciation of Totally Spies. TSUG.net is not affiliated with the owners or creators of Totally Spies or its characters and settings. Totally Spies is owned by Marathon Animation Inc. This website was created just for informational purposes and for fun. This website has not been profited from in any way.