EVERYONE should do this. Click on Preferences at the top of the page, then click the link that says "delete all cookies stored by totse.com" and then click the radio button that says "No" for "Store passwords and login info for one month?"

That is how people are getting your passwords. If you view your cookies, from totse.com there is an entry called Password with your UNENCRYPTED password. I am going to talk to Jeff ASAP about fixing this problem. Through other webpages people can write code that steals cookies from this site. In other words, someone can link you somewhere and find your password in a matter of seconds.

Everyone should change their password and password preferences NOW.

http://www.totse.com/bin/bbs/ubbmisc.cgi?action=setprefs

Wow, new news! I mentioned something about the unencrypted passwords a while ago in NS&H, you should really look into encrypting the passwords into salted MD5's. Vbulletin uses that method, and its tight!

quote:Originally posted by DriftAway:

Well, I got got.

My angustheotherwhitemeat acc't as well as my first backup angusyetanotherwhitemeat (utilizing, I know I know, the same password) have both been compromized and the email changed.

Zok, or any other admin, if there is any way you can help, please drop me a line at amoshaas@yahoo.com or PM me in IRC, I'm in #bltc and #totse now.

Oh, and second post http://www.totse.com/bbs/wink.gif (http://www.totse.com/bbs/wink.gif)

-Angus

NVM I still got this one.

And to any curious parties, I changed the p/w, Zok my inquisition still stands if there's any way you can get at me about it.

Thanks man, and still

Second post http://www.totse.com/bbs/wink.gif (http://www.totse.com/bbs/wink.gif)

-Angus

I didn't even know there was a password stealing problem.

Edit: Never mind.

[This message has been edited by Source (edited 03-02-2007).]

http://www.totse.com/bbs/frown.gif (http://www.totse.com/bbs/frown.gif)

Edit: http://www.totse.com/bbs/smile.gif (http://www.totse.com/bbs/smile.gif)

[This message has been edited by Satanz Handicapped Helper (edited 03-02-2007).]

Damn kids. They're all alike!

Anyways, thanks for the advice. And yeah, I remember that thread from a while back saying how exactly this would happen.

con (http://caught22.com/)juror

dis acct h4x0red by teh l337 totse army

quote:Originally posted by angusyetanotherwhitemeat:

NVM I still got this one.

And to any curious parties, I changed the p/w, Zok my inquisition still stands if there's any way you can get at me about it.

Thanks man, and still

Second post http://www.totse.com/bbs/wink.gif (http://www.totse.com/bbs/wink.gif)

-Angus

Success!!!

It seems wargsm, the beautiful fuck, was saving p/ws too! And mine was one of them!

+∞ for the TOTSE brotherhood!

-Angus

*space reserved for future post*

Ok turned it off.

I can't believe it's taken this long for someone to exploit the glaring XSS vulns here...

quote:Originally posted by I_am_god:

*space reserved for future post*

You're the lamest faggot on totse.

[This message has been edited by The Great One (edited 03-02-2007).]

*Reserved Post Space*

quote:Originally posted by Senzuri:

Wow, new news! I mentioned something about the unencrypted passwords a while ago in NS&H, you should really look into encrypting the passwords into salted MD5's. Vbulletin uses that method, and its tight!

So... what you're saying is, is to fix the problem, Jeff should hurry the fuck up and bring vB up?

quote:Originally posted by The Death Monkey:

So... what you're saying is, is to fix the problem, Jeff should hurry the fuck up and bring vB up?

Cool, I'm not the only one who read it that way.

I suppose this explains why my password was changed to orbitgum, nice.

Sooo...vB coming anytime soon?

I don't have cookies but I changed my pass anyway, is that k?

quote:Originally posted by I_am_god:

Ok turned it off.

For the love of totse start calling the admins and tell them to be extremely careful.

*Blames Notse*

*Rem

I think it's time for VB.

Link us to the perpetrator!

Thanks.

quote:Originally posted by robinhoody:

I can't believe it's taken this long for someone to exploit the glaring XSS vulns here...

I know.

quote:Originally posted by Spike Spiegel:

I know.I know you know.

BUT, and this is a big but, do you know that I know that you know?

HAHA, DISREGARD THAT, I SUCK COCKS!

[This message has been edited by Sentinel (edited 03-03-2007).]

quote:Originally posted by The Death Monkey:

So... what you're saying is, is to fix the problem, Jeff should hurry the fuck up and bring vB up?

Well not exactly. Vbulletin would be awesome, no doubt. But I was suggesting to use the same encryption process as what vbulletin forums have.

posts on first page of 3rd topic on n.o.t.t

k.

Thanks for the heads up Zok

Will you be posting a list of the accounts that were affected by the security issue?

I would like to know if i need to change everything.

quote:Originally posted by robinhoody:

Originally posted by Spike Spiegel:

I know.I know you know.

BUT, and this is a big but, do you know that I know that you know?

that i know that you know.

Jeff I just sneezed out a lumpy piece of black snot, do you want it?

quote:Originally posted by Enter:

Jeff I just sneezed out a lumpy piece of black snot, do you want it?

You forgot "It's yours!"

quote:Originally posted by Enter:

Sir Jeffery Huntarr, I just sneezed out a lumpy piece of black snot, would U lIEK it, its uRS?

Fixed.

Jeff I just shaved off my pubes and put 'em in a bag, along with some dog crap I found on the side of the road. Do you want it? It's yours!

Hmm, thats not good

Thanks for the heads-up Zok.

Oh BTW: "Jeff, I got aids from fucking my pet dog. Do you want it? It's yours!"

*Offers bloody syringe to Jeff*

http://www.totse.com/bbs/smile.gif (http://www.totse.com/bbs/smile.gif)

quote:Originally posted by Senzuri:

Well not exactly. Vbulletin would be awesome, no doubt. But I was suggesting to use the same encryption process as what vbulletin forums have.

That seems to be a pretty inefficient fix to the problem though. Why not upgrade AND bring all the cool awesomeness that vB will bring while fixing the problem at the same time... all the while, not having to really do anything to fix the problem. The problem is fixed just in the change.

Jeff should put a super strict swear sensor on totse that makes it so that if you swear at all, you get banned for a week.

If I owned Totse, I'd do it for a while just for teh lulz.

These kid's wouldn't be doing things like this if they had access to Where's Wally (Waldo to the North Americans)

As a sidenote, I wouldn't doubt this is part of a series of hack attacks against various forums on the web, such as sciencemadness.org

Something's up, and I don't know what it is. Be paranoid, people--be very paranoid.

ZOK

You may want to check if anyone has been trying to crack backdoors or any part of TOTSE. I have a feeling a lot of these things are related.

[This message has been edited by Genecks (edited 03-05-2007).]

quote:Originally posted by Genecks:

You may want to check if anyone has been trying to crack backdoors or any part of TOTSE.That's a good point.

You should also check the ground-floor windows to make sure they're not broken, and make sure they're locked. You can put a piece of wood between the window and frame to add extra strength, too (and it works on sliding doors, too).

I've been around since 2004. I know ZOK doesn't have the ability to check that stuff. Zok is a mediocre person with only linguistic skills. I doubt he could find a way to protect TotSE.

However, my comment was serious.

quote:Originally posted by Genecks:

I've been around since 2004. I know ZOK doesn't have the ability to check that stuff. Zok is a mediocre person with only linguistic skills. I doubt he could find a way to protect TotSE.

However, my comment was serious.



You are such a raging douche I think you're on the nominee list for biggest douche in the universe. Congrats.

That insult was mainly directed at Zok. Zok, along with a lot of other moderators/admins, know I'm a jackass. (I'm Kamisama)

I've studied these people and I know what they know. Zok studies German, took various CLEP tests, has an interest in linguistics, and etc. etc.

But he isn't that talented in the end. Sure, he's college educated; but he's not much from my opinion.

Why the fuck would someone hack &T?

Douchebag

I want a damn cookie.

quote:Originally posted by Genecks:

That insult was mainly directed at Zok. Zok, along with a lot of other moderators/admins, know I'm a jackass. (I'm Kamisama)

I've studied these people and I know what they know. Zok studies German, took various CLEP tests, has an interest in linguistics, and etc. etc.

But he isn't that talented in the end. Sure, he's college educated; but he's not much from my opinion.

At least he isn't a butthole like you.

zok, my original account, has been deleted over the weekend, how would I go about getting it back?

quote:Originally posted by Genecks:

That insult was mainly directed at Zok. Zok, along with a lot of other moderators/admins, know I'm a jackass. (I'm Kamisama)

I've studied these people and I know what they know. Zok studies German, took various CLEP tests, has an interest in linguistics, and etc. etc.

But he isn't that talented in the end. Sure, he's college educated; but he's not much from my opinion.

wait a second you actually spent time studying him?? WTF dont have more importantt hings to do. just liket hat thread you made about spending all that time trying to manipulate that girl. WTF

quote:Originally posted by The Great One:

You're the lamest faggot on totse.



FUCKER RESPECT YOUR ELDERS!!!

quote:Originally posted by shun siney:

zok, my original account, has been deleted over the weekend, how would I go about getting it back?

It was never deleted, you were just banned.

quote:Originally posted by Vega:

This is fucked up, when I logged in and clicked on NOTT, I could only see the replacement for UBB thread, but when I logged out, I saw the other threads.



http://www.totse.com/bbs/eek.gif (http://www.totse.com/bbs/eek.gif)Because it was set to only show threads from the last day.

At the top of the forum, there is a selection box that says "SHow posts from the last day". You can change that to any one of the options, and you'll see the other threads.

ok, when will VB be arriving?

Jeff I just farted in an empty coke bottle. Do you want it? It's yours!

deleted all my cookies. i do it on a regular basis anyway.

What the hell is wrong with SG and IFIOTW? Or is it just me?



Edit: Ok, now IFIOTW is fine, but SG says it has -1 posts. When I click on the forum, it never loads. It's been like this since yesterday. Is it like this for anyone else? Or did my shit get hacked? I'm confused http://www.totse.com/bbs/frown.gif (http://www.totse.com/bbs/frown.gif)

[This message has been edited by Shizno (edited 03-19-2007).]

quote:Originally posted by Shizno:

What the hell is wrong with SG and IFIOTW? Or is it just me?



Edit: Ok, now IFIOTW is fine, but SG says it has -1 posts. When I click on the forum, it never loads. It's been like this since yesterday. Is it like this for anyone else? Or did my shit get hacked? I'm confused http://www.totse.com/bbs/frown.gif (http://www.totse.com/bbs/frown.gif)



haha i don't envy the SG kiddies, I don't know how anyone can read more than one thread in that shit hole.

how do i change my password?

quote:Originally posted by ak-kapocsi:

how do i change my password?

Your fucking kidding me.

no i'm not

what is a password?

i dont get it what is the point of this "password" thing

[This message has been edited by ak-kapocsi (edited 03-26-2007).]

I didn't even know there was a password stealing problem.

Edit: Never mind.

[This message has been edited by Source (edited 03-02-2007).]

lol niether did i, and i have been here on and off for 8 years.
thanks for bringing that to our attention.