Author Topic: Stealing password or something else?  (Read 3873 times)

Jewell

  • Hero Member
  • *****
  • Posts: 5919
  • Love,always love and only love
    • View Profile
Stealing password or something else?
« on: September 07, 2012, 08:29:53 PM »
Dear friends, I just wanted to ask something about security. Usually i am coming here from my phone,and recently,from few weeks back i noticed some strange things happening with it when i am on this site. Sometimes i cant post,or my phone just black out. And yestertay,i came through computer,log in,posted something,logged,and then saw that i am still on the site,my name was there. But,actualy i wasnt. So i changed my password,erased history and all. Did anyone had that problem and how to deal with it?

Subramanian.R

  • Hero Member
  • *****
  • Posts: 42870
    • View Profile
Re: Stealing password or something else?
« Reply #1 on: September 07, 2012, 08:34:42 PM »
Dear Jewell,

Better thing is to have the internet connection, with an outside cable operator, without through telephone.

Arunachala Siva.   

Jewell

  • Hero Member
  • *****
  • Posts: 5919
  • Love,always love and only love
    • View Profile
Re: Stealing password or something else?
« Reply #2 on: September 07, 2012, 08:47:49 PM »
Dear Sri Subramanian sir, I am aware of that,but it is easiest for me to go like that,it is a habit. But anyway,i had a problem with computer too,which is secure. Anyway,i just read that it is usual thing. Thank You for answering me.

Child of Arunachala

  • Full Member
  • ***
  • Posts: 106
    • View Profile
Re: Stealing password or something else?
« Reply #3 on: September 10, 2012, 02:33:39 AM »
Yestertay,i came through computer,log in,posted something,logged,and then saw that i am still on the site,my name was there. But,actualy i wasnt.

I think it takes five minutes for it to display who all are using the site and five minutes to remove your name once you have logged out.

Jewell

  • Hero Member
  • *****
  • Posts: 5919
  • Love,always love and only love
    • View Profile
Re: Stealing password or something else?
« Reply #4 on: September 10, 2012, 02:56:39 PM »
Dear Child of Arunachala,

Thank You very much for Your answer. Stupid me,i didnt know that. :)

Graham

  • Administrator
  • *****
  • Posts: 163
    • View Profile
Re: Stealing password or something else?
« Reply #5 on: October 28, 2012, 07:02:02 AM »
Dear Members,

The server/software for this forum is very secure. Passwords are stored in highly encrypted format in a database behind a very secure firewall. I have unrestricted access to the database, but even I cannot retrieve passwords because I do not have the decrypt key.

The default information that is stored in the database about users is restricted to the username, password, email address and IP from which they log in each time. If you update your profile then that information is also kept until such time as 'you' change or delete it.

We do not have any information about users other than that which is absolutely necessary for the forum to function.

Cookies:

When you first log in a 'session cookie' is created, this remains on your computer during your current session and is automatically deleted when you click on 'log out' or you close your browser. This cookie is required to permit you to 'post' and to navigate the forum without having to log in again.

No other cookies are created unless you choose to 'be remembered on this computer' ... meaning your computer ... where the cookie is stored. If you choose this option (as most people do), then every time you visit this forum you are automatically logged in at that time.

We do not employ any form of tracking cookie, other than the temporary session cookie mentioned earlier.

If you do not choose 'log out' or close your browser when leave the site, you will remain logged in as far as your browser is concerned and you will see your name as 'active' if you revisit the site.

In actual fact as soon as you leave the site you are automatically removed from the 'active' list, because the forum server has no link to your computer and cannot see the session cookie without your returning to the site.

I hope this clarifies any doubts you may have.

Graham

Jewell

  • Hero Member
  • *****
  • Posts: 5919
  • Love,always love and only love
    • View Profile
Re: Stealing password or something else?
« Reply #6 on: October 29, 2012, 12:32:14 AM »
Dear Graham,

Thank You Very much for explanation sir,it was really helpfull! More,because i just last night had doubt about something which You nicely explaned in 'Cookies'.

With love and prayers,

Graham

  • Administrator
  • *****
  • Posts: 163
    • View Profile
Re: Stealing password or something else?
« Reply #7 on: July 12, 2013, 08:05:46 AM »
This forum uses a secure hashing algorithm plus 'salting' to convert your passwords into 'hashes' which are stored in the database in the encrypted format.

They are secure and cannot be decrypted, but only if your password was created using 'good practice'.

Read this article - http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

Graham


silentgreen

  • Hero Member
  • *****
  • Posts: 743
    • View Profile
Re: Stealing password or something else?
« Reply #8 on: July 12, 2013, 11:45:53 AM »
d: Password is not a good word

cguru: Why?

d: The name prompts you to pass that word, but actually you should not pass that word.

cguru: Good catch
Homage to the Universal Being...Om Shanti ... Om Shanti ... Om Shanti ...

Graham

  • Administrator
  • *****
  • Posts: 163
    • View Profile
Re: Stealing password or something else?
« Reply #9 on: July 26, 2013, 09:37:03 PM »
Today I was informed by the creators of this forum software (Simple Machines) that their server had been hacked and the username/password database was stolen.

This does not affect this or any other forum using their software, unless I was careless enough to use the same username and password on both sites, which I didn't.

I did however use the same password on many other sites that require login and have just spent the last few hours changing them all to very secure password strings, especially since a lot of sites use your email address as the username instead of permitting you to select your own.

This is how the hackers gained entry to the server in this case - they had stolen login details from another site and after decrypting the passwords on that site gained access to a Simple Machines admin account.

There is a very good lesson here for us all - never use the same username/password combination for more than one site.

Graham

atmavichar100

  • Hero Member
  • *****
  • Posts: 2172
    • View Profile
Re: Stealing password or something else?
« Reply #10 on: August 13, 2013, 09:20:45 PM »
Quote
There is a very good lesson here for us all - never use the same username/password combination for more than one site.

Very true Graham . I concur with the same .
However many holy words you read, however many you speak, what good will they do you if you do not act on upon them? - Buddha