All times are UTC - 6 hours




Post new topic Reply to topic   Page 1 of 1
 [ 15 posts ] 
Author Message

 Post subject: In light of recent events at RSNL.eu
PostPosted: February 9th, 2012, 12:45 pm 
Tweaking all the time
Staff Elder
Staff Elder
User avatar

Joined: July 5th, 2003, 7:13 am
Posts: 8,697
Location: Flanders (northern Belgium)
Gender: Male
Status: Offline

Donor: Knight (2012)
Friend of Hiker
RSNL.eu, if you don't know, is one of the Dutch fansites of RuneScape. Today they've been hacked and several accounts have been compromised afterwards on RuneScape. A couple of months ago, something similar happened to RuneVillage, so I'd like to use this event to remind you all that you really need to have different passwords for each site! If you use the same password everywhere, it won't take long until one of those sites gets hacked and your password is available to other people.

It's hard to remember all those passwords you've used on other sites, but in fact there's no need to learn them all by heart! There are several tools available which allow you to store passwords in an encrypted database that can only be opened by you with a master password or through other means (like a certain decrypting file that needs to be present on your computer). Macs have keychains that can be used, but I'm not too familiar with Macs, so I can't provide much information there. What I can talk about is the program that I've been using for quite a while now: KeePass.

Basically, all passwords you enter in KeePass are stored in one file. Though it's not advisable, it is almost harmless should a hacker be able to retrieve such a file, unless he can bypass the protections enabled on the file. There are 3 ways to protect the file (you can choose yourself which ones you want to activate): a master password, a decryption file and an authentication with your computer's Windows User Account. I chose the first two ones only because I want to use that database on several computers (at home, on laptop, at work, ...). I need to supply both the master password and that file to open the database and retrieve the passwords I've stored in there. This makes it possible for me to have different passwords on ALL sites, yet I only have to remember one password.

There are plenty of these applications around, such as LastPass, 1Password, ... I just happened to have been presented that program by a colleague at work and I was satisfied with the functionality it provided. So if you were ever wondering what the best way would be to put strong unique passwords on all sites, you should be aware that there are tools out there that can accomplish this easily. Of course, we're still trying to protect our site as much as possible, but you should never depend on others for your online security...

Greetings,
Glodenox

__________________
XML, SOAP, XSLT, JavaScript, SQL, Java, CSS, PHP, Scheme, JSP, C#, ASP.NET, VB.NET, PL/SQL, Visual Basic 6.0, C/AL and C (sorted well to less known).


Top
 Profile WWW 
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: February 9th, 2012, 7:11 pm 
Chat Moderator
Chat Moderator
User avatar

Joined: March 28th, 2003, 6:38 pm
Posts: 4,598
Status: Offline
Alternatively, just write your passwords down.

Now I'll just sit back and wait for the onslaught of ill-conceived claims that doing so is a huge security risk...

__________________
Image
Imagine a perfect beach
Without a mermaid
Imagine a perfect hideaway
Without a time
Imagine a perfect Eden
Without a friend, without a serpent
"Feeling lonely and content at the same time,
I believe, is a rare kind of happiness"


Top
 Profile
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: February 9th, 2012, 8:44 pm 
Level 0
Village Elder
Village Elder
User avatar

Joined: May 13th, 2004, 6:41 pm
Posts: 18,865
Location: The Tower of Mist
Status: Offline

Donor: Wizard (2013)
Friend of Hiker
correcthorsebatterystaple is the only password I'll ever need. 8)

(But thanks for the heads-up!)

__________________
Image

.
Image

.
Legendary themed months are back! Maybe.
Image
!!!!!!!!!!!!!!!!!!!!!!!!


Top
 Profile WWW 
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: February 9th, 2012, 10:10 pm 
Marketeer
Village Elder
Village Elder
User avatar

Joined: February 26th, 2011, 5:34 pm
Posts: 5,187
Location: RSN: Market_Man6, AresDawn
Status: Offline

Donor: Prince (2013)
hey thanks glode!

EADWULF: thats [youtube]Z3sLhnDJJn0[/youtube]

__________________
Image


Top
 Profile
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: February 10th, 2012, 3:21 am 
Burning my Dread.
Village Staff
Village Staff
User avatar

Joined: July 25th, 2004, 12:46 pm
Posts: 11,450
Status: Offline

Donor: Guardian (2009)
Eadwulf wrote:
Alternatively, just write your passwords down.


That's such a huge risk! Hackers from all over the world are perfectly willing to pinpoint my computer's location, fly or drive to this household, pick out my computer in specific, and tear through my room for the written documentation of what my user names and passwords are! How dare you, of all intelligent people on this website, suggest such an asinine approach to how I manage the accounts of recreational websites online? :anger:

__________________
ImageImage
Goten is dead!


Top
 Profile
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: February 14th, 2012, 5:02 am 
Sorceror of Saradomin
Sorceror of Saradomin
User avatar

Joined: May 24th, 2003, 1:26 pm
Posts: 3,726
Location: Surfing on the cosmic tidal wave
Gender: Male
Status: Offline
A good way to remember passwords is take a sentence that you can remember, such as: "The orange pony bit my face 2 times." take the first letter of each word or the next number in sequence to make the password. Using capitalization is good too. So that phrase would give you the password: Topbmf2t , a very secure passwor and easy to remember because its a funny phrase and not random characters.

thats what i do anyway, and i dont ever have to write passwords down.

alternatively, a way to write down passwords securely is to create a good "master" passphrase first. for example, qr56hg . you memorize that and create a symbol to represent it on paper, like a star (*) or smiley face. then i come up with 3 or 4 additonal letters and numbers that will be unique to each site and append it to my master phrase. so if i chose "35cd" for my runevillage password, i would write it down like this on paper: *35cd but the whole password is actually: qr56hg35cd (a good password). you only need to remember one master phrase (you can use the sentence trick from above) and the unique number can be written down. as long as you never let your master phrase get compromised, its a pretty secure way to write down passwords.

__________________
Image
<3 sammich
Visit the RV Chatroom Today! The Coolest Place in RuneVillage! 8)


Top
 Profile YIM 
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: February 14th, 2012, 6:19 am 
the 'teflon' coated
Clan Chat Moderator
Clan Chat Moderator
User avatar

Joined: October 2nd, 2004, 11:52 pm
Posts: 6,772
Location: Sydney
Gender: Male
Status: Offline

Donor: Guardian (2010)
piggah wrote:
A good way to remember passwords is take a sentence that you can remember, such as: "The orange pony bit my face 2 times." take the first letter of each word or the next number in sequence to make the password. Using capitalization is good too. So that phrase would give you the password: Topbmf2t , a very secure passwor and easy to remember because its a funny phrase and not random characters.

thats what i do anyway, and i dont ever have to write passwords down.

alternatively, a way to write down passwords securely is to create a good "master" passphrase first. for example, qr56hg . you memorize that and create a symbol to represent it on paper, like a star (*) or smiley face. then i come up with 3 or 4 additonal letters and numbers that will be unique to each site and append it to my master phrase. so if i chose "35cd" for my runevillage password, i would write it down like this on paper: *35cd but the whole password is actually: qr56hg35cd (a good password). you only need to remember one master phrase (you can use the sentence trick from above) and the unique number can be written down. as long as you never let your master phrase get compromised, its a pretty secure way to write down passwords.


Or to cut the middleman and just use a password like correct horse battery staple.

__________________
[align=center][img]http://img178.imageshack.us/img178/2707/muse1.jpg[/img]
[img]http://img821.imageshack.us/img821/738/lollolololol.jpg[/img]
[img]http://img835.imageshack.us/img835/1424/rvsig.png[/img][/align]


Top
 Profile
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: February 15th, 2012, 6:18 am 
Chat Moderator
Chat Moderator
User avatar

Joined: March 28th, 2003, 6:38 pm
Posts: 4,598
Status: Offline
Magicana Drofulcus wrote:
Or to cut the middleman and just use a password like correct horse battery staple.


Because most brute force methods don't usually check for word combinations or anything...

__________________
Image
Imagine a perfect beach
Without a mermaid
Imagine a perfect hideaway
Without a time
Imagine a perfect Eden
Without a friend, without a serpent
"Feeling lonely and content at the same time,
I believe, is a rare kind of happiness"


Top
 Profile
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: February 24th, 2012, 4:12 am 
Tweaking all the time
Staff Elder
Staff Elder
User avatar

Joined: July 5th, 2003, 7:13 am
Posts: 8,697
Location: Flanders (northern Belgium)
Gender: Male
Status: Offline

Donor: Knight (2012)
Friend of Hiker
Sadly enough, someone was able to get into my e-mail account today. I had put up a Hotmail account as recovery account, and it seems that Hotmail stupidly added a security question that asked for my birthday (which isn't very hard to find at all). I wasn't aware I even had any recovery settings at Hotmail as I created that account in the early years of Hotmail, while I didn't even have internet at home. Luckily however, the changes that I made after our previous (and first) hack had the effect that the retrieved information could not be downloaded from the server, so that's an improvement.

So everybody: check your account security at your e-mail accounts and make sure that your recovery questions aren't so simple to figure out! We're still running over all settings to make sure that everything is secure again and actions will be taken to prevent this from happening in the future.

EDIT: also, the hacker contacted me and it *appears* he wanted to test our security and wasn't interested in data. He was able to find my address by looking through the hacked records from tip.it, which apparently includes all passwords in plain text. So if you have an account there, the password it used is completely insecure now!

Kind regards,
Glodenox

__________________
XML, SOAP, XSLT, JavaScript, SQL, Java, CSS, PHP, Scheme, JSP, C#, ASP.NET, VB.NET, PL/SQL, Visual Basic 6.0, C/AL and C (sorted well to less known).


Top
 Profile WWW 
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: February 24th, 2012, 6:46 am 
Marketeer
Village Elder
Village Elder
User avatar

Joined: February 26th, 2011, 5:34 pm
Posts: 5,187
Location: RSN: Market_Man6, AresDawn
Status: Offline

Donor: Prince (2013)
*Shudderss*
That would be freaky if some untrustworthy jerk knew my address

__________________
Image


Top
 Profile
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: November 22nd, 2013, 7:24 pm 
I post here sometimes
Champion of Saradomin
Champion of Saradomin
User avatar

Joined: September 20th, 2006, 10:25 am
Posts: 5,090
Location: The pub
Gender: Male
Status: Offline

Donor: Prince (2009)
Market Man6 wrote:
*Shudderss*
That would be freaky if some untrustworthy jerk knew my address

What's he gonna do with your address? Send you pizza?

__________________
There is a village, which is hidden in the shadow of a mountain.
Everybody is suffering from a lack of light.
One day, the eldest of this village leaves for the mountain with a teaspoon in his hands.
The others ask him what he intends to do.
He replies that he is going to move the mountain.
"But you will never succeed!" they cry out.
"No, i will never succeed, but somebody has to start."

~~~The Wising Up Song - Misty's Big Adventure

Hidden: 
Kikori wrote:
Runevillage the forum is pretty well much done. Runevillage the group will eventually die, but as long as we're still friends with each other in the end, it's still a pretty big thought in our heads. Runevillage the family is forever, no matter where we settle down. If absolutely nothing else ever comes of Runevillage in the future, that alone is a pretty damn awesome thought.


Top
 Profile
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: November 22nd, 2013, 9:50 pm 
Most inactive active
Sorceror of Saradomin
Sorceror of Saradomin
User avatar

Joined: October 14th, 2008, 4:46 pm
Posts: 3,316
Gender: Male
Status: Offline
Glodenox wrote:
EDIT: also, the hacker contacted me and it *appears* he wanted to test our security and wasn't interested in data. He was able to find my address by looking through the hacked records from tip.it, which apparently includes all passwords in plain text. So if you have an account there, the password it used is completely insecure now!

Kind regards,
Glodenox

Good guy hackers pointing out security flaws for us to fix?

__________________
Add me on Steam! Click this thingy!
If you're in the Runevillage group, it makes it easier to identify you!
Image
Hidden: 
Kikori wrote:
Topsummoner wrote:
Riptide wrote:
I used to get you and J@n mixed up. Except your funnier. And nicer. Happy 21st bro!

Oh man Jan, you just got zinged by Riptide. How much does THAT suck?


Well, statistically speaking, slightly more than a giant suckusaur. A dire one.


PenguinGuy wrote:
Lets see if I remember how to play...

EX REX IS MAFIA SCUM FOURTHVOTER UNVILLAGE BLAH BLAH BLAH SCUM BLAH WINE IN FRONT OF ME BLAH BLAH META GAME BLAH BLAH BLAH SMELLS OF ELDERBERRIES BLAH

Right?


Top
 Profile
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: November 23rd, 2013, 5:20 pm 
Marketeer
Village Elder
Village Elder
User avatar

Joined: February 26th, 2011, 5:34 pm
Posts: 5,187
Location: RSN: Market_Man6, AresDawn
Status: Offline

Donor: Prince (2013)
The123king wrote:
Market Man6 wrote:
*Shudderss*
That would be freaky if some untrustworthy jerk knew my address

What's he gonna do with your address? Send you pizza?


if you had my address, would you order me some pizza?

__________________
Image


Top
 Profile
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: November 23rd, 2013, 5:36 pm 
Most inactive active
Sorceror of Saradomin
Sorceror of Saradomin
User avatar

Joined: October 14th, 2008, 4:46 pm
Posts: 3,316
Gender: Male
Status: Offline
Market Man6 wrote:
The123king wrote:
Market Man6 wrote:
*Shudderss*
That would be freaky if some untrustworthy jerk knew my address

What's he gonna do with your address? Send you pizza?


if you had my address, would you order me some pizza?

Sure, I'd pay for it with your credit card, too. ;)

__________________
Add me on Steam! Click this thingy!
If you're in the Runevillage group, it makes it easier to identify you!
Image
Hidden: 
Kikori wrote:
Topsummoner wrote:
Riptide wrote:
I used to get you and J@n mixed up. Except your funnier. And nicer. Happy 21st bro!

Oh man Jan, you just got zinged by Riptide. How much does THAT suck?


Well, statistically speaking, slightly more than a giant suckusaur. A dire one.


PenguinGuy wrote:
Lets see if I remember how to play...

EX REX IS MAFIA SCUM FOURTHVOTER UNVILLAGE BLAH BLAH BLAH SCUM BLAH WINE IN FRONT OF ME BLAH BLAH META GAME BLAH BLAH BLAH SMELLS OF ELDERBERRIES BLAH

Right?


Top
 Profile
 

 Post subject: Re: In light of recent events at RSNL.eu
PostPosted: November 23rd, 2013, 6:12 pm 
Marketeer
Village Elder
Village Elder
User avatar

Joined: February 26th, 2011, 5:34 pm
Posts: 5,187
Location: RSN: Market_Man6, AresDawn
Status: Offline

Donor: Prince (2013)
oh sure! you will pay for my RS membership too?

__________________
Image


Top
 Profile
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
 [ 15 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Jump to:  

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
The Village and this web site are © 2002-2012

ThePub 2.0 - Designed by Goten & Jackstick. Coded by Glodenox & Henner.
With many thanks to the Website Team!