Jump to content
Classifieds is broken, please do not submit any new ads ×

Mardi13
 Share

Recommended Posts

  • Replies 34
  • Created
  • Last Reply

Top Posters In This Topic

  • Ghost Plane

    3

  • KBeezie

    9

  • Mardi13

    3

  • Komitadjie

    6

Top Posters In This Topic

Thanks!

"To read without also writing is to sleep." - St. Jerome

 

Link to comment
Share on other sites

Thanks Mardi, I hadn't seen this anywhere else. Passwords changed.

 

Bruce in Ocala, Fl

Link to comment
Share on other sites

Heard about this on the radio this morning. Happened months ago apparently.

''You can't stay in your corner of the forest waiting for others to come to you. You have to go to them sometimes''. A A Milne

Link to comment
Share on other sites

Yeah but they didn't bother to announce it months ago. Harrumph.

Link to comment
Share on other sites

Yeah but they didn't bother to announce it months ago. Harrumph.

 

They didn't catch it until a couple of weeks ago. Better to wait until you know what was compromised, or not, before making an announcement. Hair trigger responses can do more damage than good.

spacer.png
Visit Main Street Pens
A full service pen shop providing professional, thoughtful vintage pen repair...

Please use email, not a PM for repair and pen purchase inquiries.

Link to comment
Share on other sites

adjusted mine when the heartbleed info posted.. then told that was the worst time to change.. who knows these days?

Cnet/downloads.com used to be the safe/tested site... now nix no nadda, you must download malware junk toolbars, Even After reading the eulas, and clearly tickking NO... read on they dismiss your Clear No, and added the junk anyway, unless you tick NO a second time, then sometimes add it anyway.

Same with once solid AVG, gotta add the malware toolbars, even though ticked NO.

Same with Goog, some great ideas, but they don't own me or the private classroom outing shots taken with permission,and aways set to private. they reset to to public, I rest to private then found public elsewhere, and Deleted, and Still OUT there. No hangouts, or other goog services but Goog won't let me leave entirely if I want to access maps for my job. What a ruin and racket, of a once promising idea.

My life, though with a few interesting areas holds zero issues against anyone or any agency, let this person have their privacy, and sweet retirement memory photos.

sleepy person rant leveled.

will rearrange the password, as if it helps, tomorrow.

Link to comment
Share on other sites

They urge new passwords, yet I never got an email notification from ebay, nor a notification when I went to visit my profile. Not very heavy on the urging.

 

I wonder if the leak also includes paypal information?

Edited by KBeezie
Link to comment
Share on other sites

Doubt it, but I changed that too, just to be on the safe side. And bear in mind, all they would have gotten would be the password HASHES. If you have a DECENT quality password, you still have a pretty good chance of being secure. Certainly long enough to go change your PW anyway.

Link to comment
Share on other sites

 

I wonder if the leak also includes paypal information?

 

According to the NYT article, no. Supposedly all the customer financial data was in another location.

 

Bruce in Ocala, Fl

Link to comment
Share on other sites

Doubt it, but I changed that too, just to be on the safe side. And bear in mind, all they would have gotten would be the password HASHES. If you have a DECENT quality password, you still have a pretty good chance of being secure. Certainly long enough to go change your PW anyway.

 

That's what Target said at first, but then the decryption key used to undo those hashes were also compromised including pin numbers. So usually if there's a compromise I assume nothing is safe.

 

Do companies like that ever get fined for such a compromise (especially in Target's case where their setup was not PCI compliant).

 

It's also just like how WHMCS (the billing panel that most websites uses now days) was compromised and they said the exact same thing, except their database was on the exact same server as the cc_decryption key value in a config file on the same website, so all of that info was easily reversed (and I checked the leaked data, indeed all my info was reversed in that dump). Course they're in Britain so I don't think the PCI Compliance applies to them, and they claimed to have separated the forums/support from the billing systems on their own server... by simply moving it to another cpanel account on the exact same server.

 

(long story short, they say a lot to add reassurances, but a lot of times it ends up being BS).

Link to comment
Share on other sites

I've not had any notification from ebay about this. There is not even any mention of it on their log-in page! :gaah:

Whatever is true,whatever is noble,whatever is right,whatever is pure,whatever is lovely,whatever is admirable - if anything is excellent or praiseworthy - think about such things.

Philippians 4.8

Link to comment
Share on other sites

I saw mention of this on another thread earlier this evening. But this was *after* I tried to log on to Ebay and got the message saying to reset the password. Of course, in order to do so, one had to get to customer support... which involved, well, logging on.... :gaah:

Tried again about an hour or so ago and had no problems. But reset the password anyway. Of course it's now going to take weeks for me to remember the new one.... :wallbash:

Yeah, I'm with KBeezie and Lorna Reed on this one. They had no problem sending me updates that said "Hey, X item has been relisted" and I get mail from them and/or Paypal all the time going "wanna sign up for our longterm payment program?" or whatever the heck they call it (uh, no, not really actually, even if I can get $10 off my next purchase -- this is *not* the time I want credit agencies rooting around my finances...).

Ruth Morrisson aka inkstainedruth

"It's very nice, but frankly, when I signed that list for a P-51, what I had in mind was a fountain pen."

Link to comment
Share on other sites

About 10 minutes ago, ebay UK put an "Important - Password Update" notice on the website. Of course, as inkstainedruth says, you have to log on to change your password. :angry:

Whatever is true,whatever is noble,whatever is right,whatever is pure,whatever is lovely,whatever is admirable - if anything is excellent or praiseworthy - think about such things.

Philippians 4.8

Link to comment
Share on other sites

About 10 minutes ago, ebay UK put an "Important - Password Update" notice on the website. Of course, as inkstainedruth says, you have to log on to change your password. :angry:

Of course you have to. I would not have it otherwise, else any nitwit could simply change my passwords. This way they record from which URL the password-change originated, in case of complaints.

 

 

D.ick

~

KEEP SAFE, WEAR A MASK, KEEP A DISTANCE.

Freedom exists by virtue of self limitation.

~

 

 

 

Link to comment
Share on other sites

Got no notice either. But when I did reset, they emailed confirmation that gave the ISP the password change came from.

 

Not happy about no notice

Link to comment
Share on other sites

 

That's what Target said at first, but then the decryption key used to undo those hashes were also compromised including pin numbers. So usually if there's a compromise I assume nothing is safe. ...

 

Good point, and I'm certainly not advocating leaving something alone after a breach, good god no! Fortunately, not ALL that many companies are dumb enough to store the hashkey on the same server as the passwords themselves, and if you choose a good password, it should survive rainbow-bridge crack attempts at least long enough for you to get to your computer and change it. Something worth doing is going and checking the fairly common 'leaked password' lists, and making sure yours isn't on the top-thousand list!

Link to comment
Share on other sites

 

Good point, and I'm certainly not advocating leaving something alone after a breach, good god no! Fortunately, not ALL that many companies are dumb enough to store the hashkey on the same server as the passwords themselves, and if you choose a good password, it should survive rainbow-bridge crack attempts at least long enough for you to get to your computer and change it. Something worth doing is going and checking the fairly common 'leaked password' lists, and making sure yours isn't on the top-thousand list!

 

And I agree, though I have come across some companies that actually make it difficult to come up with a good password. Huntington Bank for example doesn't allow for any special characters, it's strictly alphanumeric (only letters or numbers), when just a simple symbol would increase password strength significantly in terms of possible combinations, especially for passwords above 6 digits.

Edited by KBeezie
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share



  • Most Contributions

    1. amberleadavis
      amberleadavis
      37978
    2. PAKMAN
      PAKMAN
      31107
    3. Ghost Plane
      Ghost Plane
      28220
    4. jar
      jar
      26101
    5. wimg
      wimg
      25602
  • Upcoming Events

  • Blog Comments

    • A Smug Dill
      @Texas42 Thank you. I myself have recently had the experience of cleaning out a Wing Sung 699, in which the iron-gall ink has been sitting for six months. No damage to the metal piston rod (whereas, in a Wing Sung 3013 vacuum-filler, it would have been corroded, turned green, and contaminated the ink in mere weeks), but there was a ring of colour at the far end of the barrel that wouldn't budge, and I found it impossible to unscrew the filling mechanism to clean the interior wall of the ink rese
    • Texas42
      Dang. You are a great friend!   One comment as a relative newcomer would be within the cleaning section: issues/differences in cleaning vacuum filler, piston filler in addition to cartridge/converter. I just cleaned out my Pilot 823 and while it wasn't particularly difficult I was a little paranoid about the drops of water that I could not get out. Perhaps this is something you are already including.   Anyway, great project and very thoughtful of you. I know it's a project fo
    • Splat
      Ah Ruaidhri ya wee heid banger, you do indeed have an Irishman’s way wid dose words now. I’ll be from outer Aberdeenshire up in the blizzard riven braes of the Grampians.  Amateur medicine and surgery is it? Well what noble aspirations you do possess, we need to encourage such noble experimentations.  I pondered on leaving my own battered shell to science, but, until I read your pearls of wisdom and lament, I had comedown on the side of leaving my body to Findus frozen foods.  However, your rema
    • austollie
      Hi Smug Dill,   Nice project.  If it were me, I'd cover stuff like: - nib types available, i.e. styles, materials (SS vs gold), flex vs nails; - filling systems (I love the "thingie" comment) and how once can use them in practice (e.g. fill cartridges with a syringe); - pen body materials and their consequences (pen not balanced of too heavy and big for the hand); - and, whilst you've made it clear that you do not like vintage pens, a discussion of these beyond "I d
    • A Smug Dill
      Thanks for your input! Yes, not putting wood in the list of body materials warranting a mention was an oversight. I love pens with wooden bodies, but my main concern, or chagrin, is that I have not come across a wooden-bodied pen with a wooden cap that seals well. Actually, there is one, but it isn't really wood per se: the Pilot Custom Kaede's maple body is resin impregnated. All other wooden pens I have can dry out while capped and undisturbed; that includes several Platinum #3776 models.
  • Chatbox

    You don't have permission to chat.
    Load More
  • Files

  • Today's Birthdays

    1. Albinoni
      Albinoni
      (55 years old)
    2. Atlanta
      Atlanta
      (39 years old)
    3. Azurelion
      Azurelion
      (45 years old)
    4. birdylo
      birdylo
    5. bobbieacuti
      bobbieacuti
      (52 years old)





×
×
  • Create New...