Are we exposed?

Toggle sidebar
Status
Not open for further replies.
Holy crap... here are the new AVS Password requirements.... (Which does NOTHING to fix the vBulletin security issues)

bad.png
Must be at least 10 characters
bad.png
Must contain lower-case characters
bad.png
Must contain upper-case characters
bad.png
Must contain numbers
bad.png
Must contain symbols

10 characters? Come on folks its a forum not a bank.
 
  • Like
Reactions: Tampa8, . Raine, osu1991 and 1 other person
Scott Greczkowski said:
Holy crap... here are the new AVS Password requirements.... (Which does NOTHING to fix the vBulletin security issues)

bad.png
Must be at least 10 characters
bad.png
Must contain lower-case characters
bad.png
Must contain upper-case characters
bad.png
Must contain numbers
bad.png
Must contain symbols

10 characters? Come on folks its a forum not a bank.
Click to expand...

While true, password reuse is such a problem that even low-risk sites should start treating people like banks do to make sure they are using strong passwords. Of course, keeping your passwords in an md5 hash makes it a moot point.
 
  • Like
Reactions: Foxbat
The compromise was limited to verticalscope.com sites (magazine websites) that were suspected of having stored their user data in a single database. Having hashes for multiple sites can make cracking passwords a whole lot easier.

Whether the passwords are un-salted MD5 or bcrypt, they can be cracked -- its just a matter of time (days per password given the latest technology). If the hackers aren't allowed to get their hands on the user data, they can't crack the passwords therein.
 
I had forgotten I had an AVS Forum account. I haven't been there in almost five years. At least I now have a new password! It looked like they are also implementing a one-year maximum password lifetime.

Yeah, password complexity does make it harder to crack, but with modern credential management systems like LastPass or Apple's KeyChain, having unique passwords for each and every site is much easier to live with.
 
  • Like
Reactions: charlesrshell
They still have not acknowledged the breach just sent out new passwords

And they sent out the new passwords along with the username of the user out in email via plain text. Another big security boo boo, that shows me they don't know what they are doing.


Sent from my iPhone using SatelliteGuys mobile app
 
  • Like
Reactions: charlesrshell
Tampa8 said:
I get a warning from WOT (I find to be very reliable) when I go to that site.
Click to expand...

It gets a bad rep because of the nature of what it does, but that doesn't mean it is not a safe site to visit. If it loads in Google Chrome, it is probably safe. From the WOT reviews:

"It is a good site, the purchasable features are legit you DO get what you pay for, the reason this site has a bad review i because of the nature of the site, it is based around stealing passwords"
 
  • Like
Reactions: Tampa8
Scott Greczkowski said:
Holy crap... here are the new AVS Password requirements.... (Which does NOTHING to fix the vBulletin security issues)

bad.png
Must be at least 10 characters
bad.png
Must contain lower-case characters
bad.png
Must contain upper-case characters
bad.png
Must contain numbers
bad.png
Must contain symbols

10 characters? Come on folks its a forum not a bank.
Click to expand...

I do that with all my passwords and 97% of them are different at each site that requires a username and/or password. I try to keep my usernames unique to each site too and I also use a multiple e-mail system that puts up some additional roadblocks.
 
Foxbat said:
Yeah, password complexity does make it harder to crack, but with modern credential management systems like LastPass or Apple's KeyChain, having unique passwords for each and every site is much easier to live with.
Click to expand...

I really should try out something like LastPass. I am one of those people that re-uses passwords more than I should. However, I do use 2 factor authentication whenever available.

I have thought about trying LastPass in the past but I didn't like the idea of putting all of my account passwords in one central location on the internet. It seems like they would be a high priority target for hackers just because of what they are storing. It sounds like LastPass has a very good track record with this and they have their own 2 factor authentication so someone doesn't automatically get all of your passwords even if the get your LastPass master password.

I do have an AVS Forum account so I guess today is as good a day as any to sign up for LastPass and start changing all my passwords.
 
Last year I was using one, I think it was called 1pass or something like that...

Stopped using it when they got hacked themselves. :(
 
It seems likely that the forum passwords are separate and apart from the magazine site passwords (used primarily for commenting on articles). They claim 600+ sites in their ranks. I can't imagine they could have a common database for hundreds of forums given the complexity of the data stored and the frequent accesses (not just a one-and-done cookie deposit).
 
KeePass is a good cross-platform solution (one database across all devices). It also generates large/complex passwords nicely.
 
ncted said:
It gets a bad rep because of the nature of what it does, but that doesn't mean it is not a safe site to visit. If it loads in Google Chrome, it is probably safe. From the WOT reviews:

"It is a good site, the purchasable features are legit you DO get what you pay for, the reason this site has a bad review i because of the nature of the site, it is based around stealing passwords"
Click to expand...
Thank-you good info.
 
Grrr™ The Ford Escape Forum reset everybody's passwords (since they were exposed like most other Car Owner forums). So, I've reset my password there, again, since they didn't check to see when your password was last changed. Thanks, hackers, for making the on-line world just that much annoying for no valid reason.
 
  • Like
Reactions: charlesrshell
Status
Not open for further replies.

Similar threads

comfortably_numb
    • Wow
"Oops! we ran into some problems"
Replies
107
Views
4K
Don in CT
Don in CT
Peter Parker
    • Like
Do We Really Need a Separate Hopper + Forum?
Replies
16
Views
1K
SandFarmer
SandFarmer
charlesrshell
Oops! We ran into some problems
Replies
11
Views
2K
CLASSICDIRECTV
CLASSICDIRECTV
W
Ads are becoming too much to tolerate
Replies
27
Views
3K
patmurphey
patmurphey
HipKat
  • Locked
We Value Your Privacy
Replies
1
Views
633
KE4EST
KE4EST

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

Who Read This Thread (Total Members: 1)

Share this page

Share this page
Top
Back