These are some coals that could use a little raking over. The vents are nice and orderly, and this is some info that SHOULD come out.
*Do you know where your password has been today?* :-)
Site Talk
Site announcements, comments, or feedback about the site.
Site announcements, comments, or feedback about the site.
Hosted by Darren Baker, Jim Starkweather
Alert for all Users - Security Breach..
Taylornic
Joined: January 10, 2005
KitMaker: 337 posts
Armorama: 332 posts
Posted: Saturday, January 14, 2006 - 04:06 AM UTC
Teacher
Joined: April 05, 2003
KitMaker: 4,924 posts
Armorama: 3,679 posts
Posted: Saturday, January 14, 2006 - 04:10 AM UTC
Just for information of course, but the thread over at TL about this, the one that he had locked, has now been opened for comment................so..................
Vinnie
Vinnie
Taylornic
Joined: January 10, 2005
KitMaker: 337 posts
Armorama: 332 posts
Posted: Saturday, January 14, 2006 - 04:43 AM UTC
Well, the thread shows locked, BUT, if you click on one of the responses in the thread you can post. At least until it is locked again or your post get deleted....
Murdo
Joined: May 25, 2005
KitMaker: 2,218 posts
Armorama: 1,050 posts
Posted: Saturday, January 14, 2006 - 04:52 AM UTC
Don't give a monkey's!
All my important passwords have now been changed... Again!
All my important passwords have now been changed... Again!
jimbrae
Joined: April 23, 2003
KitMaker: 12,927 posts
Armorama: 9,486 posts
Posted: Saturday, January 14, 2006 - 05:09 AM UTC
Quoted Text
i don't think we are going to resolve this situation, we are simply raking over old coals, might i suggest the thread be locked at this point, further mud slinging by anyone isn't going to benifit anyone.
Well, James, the object of this exercise is not to sling mud, ir resolve the situation or even to 'rake over old coals' (how you do speak in clichés :-) ) the object of the lesson, is to point out to people, that people like Mr. P. Owen are dangerous. This time, the evidence is clear. With you James, I really don't know why i'm wasting my time....Jim
keenan
Joined: October 16, 2002
KitMaker: 5,272 posts
Armorama: 2,844 posts
Posted: Saturday, January 14, 2006 - 05:11 AM UTC
I would head over to TL and post a comment but I would have to register and next thing you know I would be buying stuff for some guy on a credit card that wasn't mine 'cause they wanted to point out a "security flaw."
No thanks.
Yeah, I'm pretty bent. I have been on line and into computers before anyone knew what a PC was. Anyone remember the Apple Lisa? I worked in a store that got the first one in the state. Anyway, I have never seen a site owner do something this, well... nevermind.
Shaun
No thanks.
Yeah, I'm pretty bent. I have been on line and into computers before anyone knew what a PC was. Anyone remember the Apple Lisa? I worked in a store that got the first one in the state. Anyway, I have never seen a site owner do something this, well... nevermind.
Shaun
markm
Joined: September 11, 2005
KitMaker: 1,757 posts
Armorama: 1,148 posts
Posted: Saturday, January 14, 2006 - 06:43 AM UTC
The TL post is showing replies now, just read this one
Hi Steve,
I guess it is common knowledge because it is a common problem that I knew about already. Last week someone edited some messages here and I discovered this was how they gained access. I didn't think that anyone would use the same password on multiple sites so I was a little shocked. During my invetigation and testing I seem to have ruffled a few feathers, but the community is now more secure for this. It's all for the common good, I guess :-)
Just out of curiosity, were you using the same password for multiple sites and have you now changed them?
Paul.
Damn he's good just ask him
Hi Steve,
I guess it is common knowledge because it is a common problem that I knew about already. Last week someone edited some messages here and I discovered this was how they gained access. I didn't think that anyone would use the same password on multiple sites so I was a little shocked. During my invetigation and testing I seem to have ruffled a few feathers, but the community is now more secure for this. It's all for the common good, I guess :-)
Just out of curiosity, were you using the same password for multiple sites and have you now changed them?
Paul.
Damn he's good just ask him
PiperDan
Joined: January 02, 2004
KitMaker: 180 posts
Armorama: 154 posts
Posted: Saturday, January 14, 2006 - 06:58 AM UTC
It sounds like passwords are stored in plain text in the TL database. In my humble opinion, this is ill advised as a compromise of the database will leave all user accounts wide open!! I strongly believe that passwords should always be stored with some strong encryption algorithm (DES for example) already having made them unrecognizable to the unwashed masses.
Mind you, I've done work on a number of enterprise software systems that store plain text passwords in the database. Only rich people can afford poor programmers.
Cheers - Dan
Mind you, I've done work on a number of enterprise software systems that store plain text passwords in the database. Only rich people can afford poor programmers.
Cheers - Dan
DODGE01RT
Joined: February 09, 2004
KitMaker: 545 posts
Armorama: 0 posts
Posted: Saturday, January 14, 2006 - 07:04 AM UTC
Quoted Text
With you James, I really don't know why i'm wasting my time....Jim
This is getting bad,now there are shots at members of this site.
TAKE A DEEP BREATH!and cool down and look at this thread tomorrow THEN post! PLEASE!!
Jim
Logan
Joined: September 30, 2004
KitMaker: 523 posts
Armorama: 400 posts
Posted: Saturday, January 14, 2006 - 07:09 AM UTC
HI
Personally a PM from Paul to Jim would have been a more mature way to go about it.
I have heard about Paul's personality but chose to ignore it. Guess I was wrong.
Tom
Personally a PM from Paul to Jim would have been a more mature way to go about it.
I have heard about Paul's personality but chose to ignore it. Guess I was wrong.
Tom
PiperDan
Joined: January 02, 2004
KitMaker: 180 posts
Armorama: 154 posts
Posted: Saturday, January 14, 2006 - 07:17 AM UTC
Quoted Text
FYI: my passwords are encrypted, however there is a way to get them on my site and every other site too. All you have to do is change the e-mail address of the person's password you want and then request it. Something to consider, eh.
What you are talking about is priveleged access to a user's account information that would not be accessible from a normal login. The fact that you have changed another user's email address to obtain their password is a social engineering attack made all the more reprehensible because it came from a site administrator who should be trusted to ethically manage and safeguard such information.
You as an administrator of TL have abused your privileged access to user account information. In my career as a systems administrator, I have seen people fired and prosecuted for just that kind of stunt. You should be ashamed of your complete lack of professional ethics.
Moezilla
Joined: June 01, 2004
KitMaker: 1,161 posts
Armorama: 542 posts
Posted: Saturday, January 14, 2006 - 07:38 AM UTC
I have to agree with what the other Armorama members have already posted, this was a highly unprofessional way to 'show a security flaw'. When there's a problem, you bring it to your fellow admins, you don't flaunt the exploit (on your site) to show off and start trouble.
Impressions like this are long lasting. Trust was given and was broken and like our "buyer beware" thread shows, once trust is broken it's damned near impossible to recover. Smart mouthing respected people on this site doesn't help the cause any either Mr. Owen. For those of us here and elsewhere who haven't frequented your site, we won't after seeing this debacle which is a shame for the community.
Impressions like this are long lasting. Trust was given and was broken and like our "buyer beware" thread shows, once trust is broken it's damned near impossible to recover. Smart mouthing respected people on this site doesn't help the cause any either Mr. Owen. For those of us here and elsewhere who haven't frequented your site, we won't after seeing this debacle which is a shame for the community.
cdave
Joined: June 08, 2002
KitMaker: 545 posts
Armorama: 0 posts
Posted: Saturday, January 14, 2006 - 07:58 AM UTC
Jim,
Agree with all, this is un-acceptable.
Dave
Agree with all, this is un-acceptable.
Dave
TacFireGuru
Joined: December 25, 2004
KitMaker: 3,770 posts
Armorama: 2,263 posts
Posted: Saturday, January 14, 2006 - 08:34 AM UTC
Post number two:
It is starting to affect ArmoramA. Stabs and jabs are now starting to hit those of ArmoramA by those of ArmoramA. In my original post I would have considered offering the idea of closing this post....but I believe it was Jim in another post that indicated that it's good to let others know what's going on. And, with that, I agree.
However, I do not agree with the "wasting my time with you" comment. It was a VALID comment, not one that was directed at anyone and was designed, I believe, to "calm things down." The entire post's response was, after re-re-reading it, IMHO imflammatory.
Just my tuppence worth too.
Mike
It is starting to affect ArmoramA. Stabs and jabs are now starting to hit those of ArmoramA by those of ArmoramA. In my original post I would have considered offering the idea of closing this post....but I believe it was Jim in another post that indicated that it's good to let others know what's going on. And, with that, I agree.
However, I do not agree with the "wasting my time with you" comment. It was a VALID comment, not one that was directed at anyone and was designed, I believe, to "calm things down." The entire post's response was, after re-re-reading it, IMHO imflammatory.
Just my tuppence worth too.
Mike
Henk
Joined: August 07, 2004
KitMaker: 6,391 posts
Armorama: 4,258 posts
Posted: Saturday, January 14, 2006 - 08:53 AM UTC
As a pragmatic Dutchman, my course of action is to change my passwords, tighten up my security awareness, decide to ignore malciferous figures like Paul, and sit back and watch the fire works. Pity the fire works are going off on our site, which may have been the reason behind this all along... 
PS. I'm not that worried about my bank account either, given the size off my overdraft, and lack of credit card, I very much doubt anybody would be able to get anything from my account...
Lighten up, and ignore the bligther ( well, at least ban him from the site.)
Cheers
Henk
PS. I'm not that worried about my bank account either, given the size off my overdraft, and lack of credit card, I very much doubt anybody would be able to get anything from my account...
Lighten up, and ignore the bligther ( well, at least ban him from the site.)
Cheers
Henk
Fordboy
Joined: July 13, 2004
KitMaker: 2,169 posts
Armorama: 102 posts
Posted: Saturday, January 14, 2006 - 08:57 AM UTC
Hi Evreryone
Never have been and now I will never be part of that site.
A serious breach of honesty, ethics, and breach of privacy laws.
As an IT professional having worked in this area I see it as a breach of clear accepted international security practice by a site administrator.
If I acted like this at work I would be summarily dismissed on the spot. I have seen this happen to coworkers on more than one occassion who could just not resist the temptation to try and show how "clever" they were.
A totally inexcusable and inappropriate method to demonstrate a point in my humble opinion.
Regards
Sean
Never have been and now I will never be part of that site.
A serious breach of honesty, ethics, and breach of privacy laws.
As an IT professional having worked in this area I see it as a breach of clear accepted international security practice by a site administrator.
If I acted like this at work I would be summarily dismissed on the spot. I have seen this happen to coworkers on more than one occassion who could just not resist the temptation to try and show how "clever" they were.
A totally inexcusable and inappropriate method to demonstrate a point in my humble opinion.
Regards
Sean
Kencelot
Joined: December 27, 2001
KitMaker: 4,268 posts
Armorama: 2,804 posts
Posted: Saturday, January 14, 2006 - 09:23 AM UTC
Out of curiosity, how do advertisers feel about paying for ads on a site whose administration abuses their administration?
Sabot
Joined: December 18, 2001
KitMaker: 12,596 posts
Armorama: 9,071 posts
KitMaker: 12,596 posts
Armorama: 9,071 posts
Posted: Saturday, January 14, 2006 - 09:30 AM UTC
Quoted Text
Perhaps they will be the ones with the epiphany.Out of curiosity, how do advertisers feel about paying for ads on a site whose administration abuses their administration?
PvtParts
Joined: June 18, 2003
KitMaker: 1,876 posts
Armorama: 1,120 posts
Posted: Saturday, January 14, 2006 - 10:59 AM UTC
Quoted Text
Perhaps they will be the ones with the epiphany.
If it was my add...perhaps its with "Imleavingthee"
halftrack
Joined: February 20, 2004
KitMaker: 7 posts
Armorama: 0 posts
Posted: Saturday, January 14, 2006 - 11:36 AM UTC
I was going to let this all blow over, keep modelling, and keep using Track-link but when I saw Mr Owens' response posted in this forum, my response is simple good bye Track-link.
Most people I know will assume the best in people and are prepared to trust from the start. However, trust is very easy to loose and very very hard to regain.
Mr Owen - everybody makes mistakes, and even if you feel you didn't - you've greatly offended a number of poeple. If you had posted only the first paragraph above together with an apology to the Track-link and Armorama members who felt outrage, I would be prepared to maintain trust. But after reading the above, you leave me no choice, good-bye Track-Link, good-bye Mr Owen.
Peter Williams
Most people I know will assume the best in people and are prepared to trust from the start. However, trust is very easy to loose and very very hard to regain.
Quoted Text
Hey Jim,
Sorry, just trying to help you by pointing out a poor password practice. Don't use the same passwords for different sites. As I demonstrated, there can potentially be problems
I guess people like you will always look for trouble and where none exists then create your own. Says more about you than me.
In a few days you'll have an epiphany and will feel regret about all the stuff you're typing, so I forgive you now
Mr Owen - everybody makes mistakes, and even if you feel you didn't - you've greatly offended a number of poeple. If you had posted only the first paragraph above together with an apology to the Track-link and Armorama members who felt outrage, I would be prepared to maintain trust. But after reading the above, you leave me no choice, good-bye Track-Link, good-bye Mr Owen.
Peter Williams
jazza
Joined: August 03, 2005
KitMaker: 2,709 posts
Armorama: 1,818 posts
Posted: Saturday, January 14, 2006 - 01:12 PM UTC
IMHO, the most effective way to deal with such situations is to spread the news. Point all contacts in other communities to this thread and allow them to draw their own conclusions.
A web site's strongest ally and its worst enemy is the community itself.
A web site's strongest ally and its worst enemy is the community itself.
jimbrae
Joined: April 23, 2003
KitMaker: 12,927 posts
Armorama: 9,486 posts
Posted: Saturday, January 14, 2006 - 05:02 PM UTC
Just so people understand how serious all this was, as a staff member, I also have full access rights. That means the ability to change/update features, news and reviews. Not 100% 'Super-User' but certainly enough to cause a considerable amount of damage. So it's worth just pausing for a moment and considering just how much mischief COULD have been caused.
It was an intrusion on MY Account , however, it was much, much more, this was an attack or Armorama itself, by someone who should have the common sense and basic decency to know better. I can (kinda) understand this kind of behaviour from a 16 year-old hacker, from a site-owner and operator? Never.
I don't want to see any apology to either myself or the site , rather, I want the respomsible person to crawl back into the hole he came out of. I can deal (and disagree with ) virtually anyone , what I refuse to deal with is pondlife....Jim
It was an intrusion on MY Account , however, it was much, much more, this was an attack or Armorama itself, by someone who should have the common sense and basic decency to know better. I can (kinda) understand this kind of behaviour from a 16 year-old hacker, from a site-owner and operator? Never.
I don't want to see any apology to either myself or the site , rather, I want the respomsible person to crawl back into the hole he came out of. I can deal (and disagree with
) virtually anyone , what I refuse to deal with is pondlife....Jimjimbrae
Joined: April 23, 2003
KitMaker: 12,927 posts
Armorama: 9,486 posts
Posted: Saturday, January 14, 2006 - 05:20 PM UTC
POSTSCRIPT: The person who runs T-L, obviously has rather less than confidence in the users of his site. Since this blew up yesterday, there have been a total of FIVE replies to his thread (two witten by him) . Does that mean that the T-L users are less 'Vocal' than others on the 'Net or could it be that he is spinning the thread to get a favorable press? ...Jim
Grumpyoldman
ConsigliereJoined: October 17, 2003
KitMaker: 15,338 posts
Armorama: 7,297 posts
Posted: Saturday, January 14, 2006 - 05:45 PM UTC
Perhaps they are just quite with discuss for such unethical behavior??? Perhaps they are starting to wonder what other uses of THEIR passwords he has used????
Perhaps they are having an epiphany of a case of -- in plain English--- "Identity Theft" by a site owner. Hacking another site by a site owner.... I just had an epiphany....... and I really don't give a damn if you forgive me..... I just will NEVER forgive you or trust you again. You stole a persons Identity, pretended to be them, and come up with some delusional crap to justify illegal, immoral, and unethical behavior.
Perhaps they are busy changing their passwords and deleting bookmarks.
I'm sure members at other sites are very bust doing the same thing......
Perhaps they are having an epiphany of a case of -- in plain English--- "Identity Theft" by a site owner. Hacking another site by a site owner.... I just had an epiphany....... and I really don't give a damn if you forgive me..... I just will NEVER forgive you or trust you again. You stole a persons Identity, pretended to be them, and come up with some delusional crap to justify illegal, immoral, and unethical behavior.
Perhaps they are busy changing their passwords and deleting bookmarks.
I'm sure members at other sites are very bust doing the same thing......
Hohenstaufen
Joined: December 13, 2004
KitMaker: 2,192 posts
Armorama: 1,615 posts
Posted: Saturday, January 14, 2006 - 05:49 PM UTC
Having read this thread, I don't use Track Link, but I've changed my password anyway just to be on the safe side, because if Paul Owen signed on as Jim, he had administrator rights & if he is a gifted programmer, I don't know what he's accessed.
 |
WEB HOSTING BY
Copyright ©2021 Armorama and Kitmaker Network, a subsidiary of Silver Star Enterprises
All Rights Reserved. Please read our Conditions of Use and Privacy Policy.
All Rights Reserved. Please read our Conditions of Use and Privacy Policy.