Page 1 of 4 123 ... LastLast
Results 1 to 15 of 48
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Windows Secrets newsletter site hacked!




    INTRODUCTION

    Windows Secrets newsletter site hacked!


    By Tracey Capen

    Windows Secrets might be the source for all things Windows — including security. But even we're not immune from hackers.

    In the past couple of days, many of our subscribers reported receiving spam that appeared to come from Windows Secrets. But we can assure you, the e-mails did not come from us. We've always been committed to protecting our subscribers from unwanted junk mail — and we still are.

    The full text of this column is posted at windowssecrets.com/introduction/windows-secrets-newsletter-site-hacked/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by Tracey Capen; 2012-09-19 at 15:50.

  2. #2
    New Lounger
    Join Date
    Dec 2009
    Location
    Sydney
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I wish to congratulate the Windows Secrets team on the way they handled this situation. My impression is a team that checks out a problem, evaluates solutions and takes action promptly. Congratulations and thanks for letting us know. Regards Richard L

  3. #3
    5 Star Lounger
    Join Date
    Nov 2010
    Posts
    664
    Thanks
    1
    Thanked 26 Times in 24 Posts
    I guess you nipped it in the bud quite fast since I didn't receive any spam mail from you that I could recall (or my email put the junk in the Spam folder which I regularly delete). Thanks a heap for the heads up, but I pretty much use multivariations of my password for different sites and it's a complex acronym to begin with so hopefully my other sites won't get compromised. Thanks for the heads up on this situation too.

  4. #4
    New Lounger
    Join Date
    Dec 2009
    Posts
    14
    Thanks
    2
    Thanked 0 Times in 0 Posts
    I hope you salted the passwords before they were hashed????

    When I logged in to the Lounge I used the wrong password and it said I had used 2 attempts! Maybe the Lounge is also being attacked by hackers?

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    UK
    Posts
    19
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Thumbs up Password changed

    It seems that my password was changed/corrupted, as I could not log in. Fortunately the reset password system worked flawlessly.

  6. #6
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    The admins at the Windows Secrets are taking all actions necessary to make out use as secure as is possible. This includes both the Newsletter and the Lounge. As you are aware these require 2 separate Log-Ons. I have taken the added precaution of changing both the Newsletter and Lounge PWs.

    By the way if for some reason the Reset PW System for the Lounge does not work for you simply send a message in the Contact Us link on the Lounge and we can send you a PW Reset notification. Try the Reset PW System first.
    Last edited by Medico; 2012-09-20 at 06:13.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  7. #7
    Star Lounger
    Join Date
    Sep 2002
    Location
    Cleveland, Ohio
    Posts
    92
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Thumbs up Thanks for being so open!

    I'm really happy that you were so forthcoming with this information. I received one SPAM message and now feel really bad that I didn't report it. Sorry about that.

    I'm glad you were able to stop this so quickly!
    finalword

  8. #8
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    finalword, I just sent you an email about your signature. I hope you understand.
    Ted
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  9. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    10546
    Posts
    23
    Thanks
    0
    Thanked 3 Times in 2 Posts
    Your description started with one of your admin userid's being hacked by "brute force password cracking". What do you mean by this? Did they already have the hashed password file? Because no site these days allows multiple failed password attempts, so brute force should not work. Are you sure this wasn't started some other way?

  10. The Following 2 Users Say Thank You to Millwood For This Useful Post:

    BruceR (2012-09-20),DavidPierson (2012-09-27)

  11. #10
    Lounger
    Join Date
    Dec 2009
    Location
    New Jersey USA
    Posts
    29
    Thanks
    0
    Thanked 4 Times in 3 Posts

    WS Administrator account deserves a strong password

    No kudos to the WS folks from me on this. WS must have had a WEAK Administrator password.


    Every Administrator account deserves a strong password. Example: StrongPassword!Impossible2Crack*123. Brute Force hacker attempts would take literally MILLIONS of years to crack that password. Do the math.

  12. The Following 2 Users Say Thank You to JohnReam For This Useful Post:

    BruceR (2012-09-20),DavidPierson (2012-09-27)

  13. #11
    New Lounger
    Join Date
    May 2010
    Location
    Upstate NY
    Posts
    6
    Thanks
    0
    Thanked 1 Time in 1 Post

    Monkey see, monkey ignore

    I am with Millwood and JohnReam on this one. First thing that came to mine is *how* a brute force attack could be successful against a site that promotes strong security practices. No eat own dog food?

  14. The Following User Says Thank You to Davey126 For This Useful Post:

    DavidPierson (2012-09-27)

  15. #12
    Star Lounger Erniek's Avatar
    Join Date
    Dec 2009
    Location
    Scottish Borders
    Posts
    66
    Thanks
    0
    Thanked 11 Times in 6 Posts
    Thanks for the heads up especially doing it through the newsletter. This ensured it was genuine. No spam mails received and password now changed.

    I did have problems signing in to the lounge though. I forgot my password and could no find a way to reset it. I spent over an hour trying to reset password and it was only luck that I found it eventually. Even contacting the lounge could find no evidence of me even though I had received a warning mail stating that someone had tried to access my account (myself trying wrong passwords).

    Please moderators make a RESET password link beside the login link.
    ErnieK

  16. #13
    New Lounger
    Join Date
    Jul 2010
    Location
    nj
    Posts
    4
    Thanks
    0
    Thanked 1 Time in 1 Post

    Several questions about the recent hack of WS

    I am under the impression that a brute force attack can be blunted by limiting the number of incorrect attempts before locking the account. Am I misinformed? Was this type of protection not in place at WS?

    WS regularly asserts that readers can rely on messages containing reader numbers since no third party could possibly know our reader numbers. Since reader numbers may have been compromised, does WS plan to change reader numbers and to use a new format that is easily differentiable from the old?

    Thank you.

    KNS

  17. The Following User Says Thank You to kns For This Useful Post:

    BruceR (2012-09-20)

  18. #14
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Ernie, See this thread. I hope it helps in the future, and for others.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  19. #15
    New Lounger
    Join Date
    Sep 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Here is a great site about passwords for all concerned...
    https://www.grc.com/haystack.htm

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •