So.. Has Anandtech Been Hacked?

[Genx87]

Sounds like they were hacked. But on a side note so far this upgrade has been unimpressive. Long maintenance downtimes and sometimes very slow posting.

 

[TallBill]

Sounds like they were hacked. But on a side note so far this upgrade has been unimpressive. Long maintenance downtimes and sometimes very slow posting.

yeah, but the secret porn website password forum is a nice perk.

 

[Fenixgoon]

it's like Bender's Big Score, only with ATOT and vBulletin

 

[PlasmaBomb]

yeah, but the secret porn website password forum is a nice perk.

wat?

 

[minendo]

As I was saying in a previous post the thing they have fucked up the most isn't necessarily the vB upgrade so much as COMUNICATION!!! Tell us WTF is going on! Let us know what each maintenance period is for, what mistakes have been made. If they don't know WTF is going on the TELL US THAT TOO!! Otherwise this is just one big free for all!

Hell, I wish they would tell us what the fuck was going on.

 

[SunnyD]

Yeah, pretty much.

 

[Red Squirrel]

somebody set up us the bomb! We get signal.

 

[OILFIELDTRASH]

Anyone else get an email from AT advertising Viagra with an image of an erect cawk?

 

[FoBoT]

COMUNICATION!!! Tell us WTF is going on!

If they don't know WTF is going on the TELL US THAT TOO!!

all i know is the ForumsAdmin account was taken over by an unauthorized person about 10:30 pm central time last night
Perknose has disabled or otherwise neutered that account as of a couple hours ago

'they' (senior moderators/forum directors) are still figuring it all out and haven't told us lesser moderators much about what is going on

 

[Q]

http://forums.digitalpoint.com/showthread.php?t=1592769

http://www.v7n.com/forums/forum-lobby/157807-watch-movies-tv-shows-online-free.html

Originally Posted by retrospector. I recently was deciding what domain name I should buy and then I found a great one,. Its at: draglift.com ...

http://novatrading.net/content-4/183583-wts-online-tv-script-watch-any-channel.html

 

[her209]

I was wonder what that site was that was being affiliated.

 

[moshquerade]

all i know is the ForumsAdmin account was taken over by an unauthorized person about 10:30 pm central time last night
Perknose has disabled or otherwise neutered that account as of a couple hours ago

'they' (senior moderators/forum directors) are still figuring it all out and haven't told us lesser moderators much about what is going on

Loke's back?

 

[Schadenfroh]

I suggest that any of you that use the same password for the email account listed in your profile change it now. Just to be safe.

Loke's back

This breach was not his style.



We are still investigating.

 

[FoBoT]

Loke's back?

i don't think so, if Quintox is right, the person is known as "retrospector"

 

[moshquerade]

I suggest that any of you that use the same password for the email account listed in your profile change it now. Just to be safe.


This breach was not his style.



We are still investigating.

crap. : /

you should sticky that suggestion.

 

[Gillbot]

crap. : /

you should sticky that suggestion.

http://forums.anandtech.com/showpost.php?p=28997239&postcount=23

 

[zeruty]

Theoretically the passwords should be stored encrypted by vbulletin. If AT chose not to use that standard option, they are doing a great disservice to all users.

Even the administrators and DerekWilson should not be able to get our passwords, only reset them.

 

[moshquerade]

Theoretically the passwords should be stored encrypted by vbulletin. If AT chose not to use that standard option, they are doing a great disservice to all users.

Even the administrators and DerekWilson should not be able to get our passwords, only reset them.

I am quoting this for posterity.

Sometimes I wonder who is running this ship. No offense guys, because you all know tons more than I do about the inner workings of this place, but are there actual experts on board?

 

[Platypus]

I'll once again offer my help if anyone is interested.

I realize that the migration was intense but it shouldn't have been as difficult as it was, it shouldn't have taken as long as it did and it's apparent due to some of the recent events that fresh perspective and eyes are needed. I don't know if it's pride that is affecting this but don't be afraid to reach out, there are some smart people here.

 

[Gillbot]

Theoretically the passwords should be stored encrypted by vbulletin. If AT chose not to use that standard option, they are doing a great disservice to all users.

Even the administrators and DerekWilson should not be able to get our passwords, only reset them.

even encrypted, they can be pulled from the DB with the right knowledge.

 

[Pepsei]

at any rate, people should've know better than to use the same password twice for anything. (remember when 4chan "hacked" facebook by just using a password list from another site?)

if you want something easy to remember, try this. for example, my favorite food is ..let's say corndog, add a number, say... my favorite year... 76

at www.gmail.com my password would be gcorndog76l
at anandtech my password would be acorndog76h
at amazon my passowrd would be acorndog76n
etc easy

 

[zeruty]

Did the attacker have access to pull the entire DB files? Like are the DB files in a location where they can be grabbed via HTTP? Stored in public_html or something? Or did the attacker have access to login to the server? If they were able to grab the DB file, we might be in trouble.

Or did they just have access to one admin account? If so I don't think there is much risk.

Here's a page with discussion on how vB encrypts passwords with an md5 hash + salt hash
http://www.vbulletin.com/forum/archive/index.php/t-166062.html


I don't disagree that it's a good idea to change your password on this site and your email if its the same, but it's a good idea to assess the risk involved for the 256,000 inactive users who probably won't change their password.

 

[SunnyD]

Theoretically the passwords should be stored encrypted by vbulletin. If AT chose not to use that standard option, they are doing a great disservice to all users.

Even the administrators and DerekWilson should not be able to get our passwords, only reset them.

Most websites don't store your password. They store a hash of your password. It's not quite encryption, but your password itself never should be sent in the clear over the web. The javascript on the client-side usually generates a hash based on the text you type in, then the website checks the hash against the database. Ironically, if you get the hashes in the database, it's just about as good as having the password in plain text. It takes a little knowhow on what to do with it at this point, but it's really not rocket science by any means.

Please, don't blame the admins. Don't blame Anand. Don't blame Derek. It's not their fault that vBulletin is an enormously popular forum engine which makes it a prime target for hacking into (think Internet Explorer for example, or Windows as opposed to *nix).

These guys are doing what they can. In the mean time, you have to treat this as any other security breach on any other site you may use. Frankly, it's no different than your bank getting hacked. The only difference here is that Anand doesn't have the payroll employ a security team to safeguard each and every one of your trivial PMs and posts. And to be honest, this is a social technical forum. If you're worried that your password is hacked and going to steal your bank account information or emails, well then you've got bigger problems than the forums being hacked.

 

[narzy]

what I want to know is, whats up with the 'funny' notices? AT used to be rather professional...Not that I mind, just wondering about the 'change'

 

[Q]

what I want to know is, whats up with the 'funny' notices? AT used to be rather professional...Not that I mind, just wondering about the 'change'

It's probably Perk, I never understand anything he says and

Our field hospitals are littered with the wounded and the merely annoyed, their blood curdling complaints chilling us all.
We will fight on the beaches, and in the hills and sub-forums, so that our valor or at least our sheer stubbornness will be cherished and remembered.
For as long as the English language is misused men will say, "This was their finest hour, sort of."

make me go