It may have taken some drastic measures, but UKChatterbox have now made an announcement on the website and are enforcing password changes, as well as offering password/security advice that is very similar to what I gave previously in http://lethality.me.uk/2011/09/online-security/
The announcement which can be found at http://www.ukchatterbox.co.uk/article/170 reads as follows:
The UKChatterbox website has recently been the target of several attacks intended to disrupt services, and as part of an ongoing security update, all UKChatterbox users are being asked to change their passwords as a precautionary measure.
Some general tips for passwords and security:
- If you have the password to other sites and services set the same as your UKChatterbox password (or have done in the past), we would recommend changing those passwords too. It is never really a good idea to use the same password for multiple sites. In particular, passwords to your e-mail and bank accounts should always be unique and not used elsewhere.
- Choose a password that is sufficiently complex. Make sure that it is at the very least 8 characters long, a mixture of letters and numbers and preferably mix in some capital letters too.
- Check your security questions for your e-mail and other sites. If a site you are signed up to operates a security question system to retrieve lost passwords, make sure that the answer to the question is not something anyone could answer but you. There have been a lot of issues recently with peoples’ e-mail accounts being accessed because
UKCB’s arrogance, a post that shouldn’t be necessary.
September 21st, 2011 | Posted by in Shenanigans - (2 Comments)As the title says, this is a post that shouldn’t be needed.
The subject: UKChatterbox’s outages, this isn’t just the outage within the last 2 weeks, this goes back to July 1st.
The post on the UKChatterbox “Service Status Page”:
There was a disruption to both the web and chat services from 18:00hrs Friday 1st July 2011 to 21:00hrs Sunday 3rd July 2011 due to a machine failure. This has now been resolved.
What happened was, (and this will no doubt be denied by them) was that the website was attacked using a popular form of exploit (SQL Injection aka sqli), this is when a user inserts extra characters and commands for example, when using a login form, to carry out tasks such as logging a user in as an admin, returning information that shouldn’t be available publicly. UKChatterbox has had problems with sql injections in the past, and apparently never bothered to fix them properly or learn anything, the website (whilst most users are blindly happy with it’s presentation) is full of old, out-dated code. Updating the code to use newer methods of accessing databases can stop this. Incidentally the recent bold red maintenance message on the homepage was fluentcode fixing these issues now they’ve been made fully aware of them.
Anyway, back to UKChatterbox’s delayed downtime notices. Their next step was a server migration:
July 6th 2011: A major migration of the UKChatterbox website has been performed in order to remedy earlier problems. Access to the website may
I see more and more people online handing out new addresses and profile names because their msn/facebook’s been hacked, or some other website or social network’s been “hacked” into. Why does it happen to these people? Are the people doing it really that malicious and greedy or is it more likely that the users own stupidity and lack of concern for security has left a seemingly irresistable open door?
The largest problem is identity theft and getting someones so-called “personal details”, it’s had plenty of coverage in the news, with people finding out their bank statements and other important documents had been pinched from their bins yet people happily put personal information on websites, allowing the public to view it.
The problem with this? I’ll give a real-life example: A user creates a Windows Live or Google account, they then select a password they think is secure, even though in reality it’s probably something quite simple, and here’s where they come unstuck, the security question they will use in the event they forget their password. Examples are “mothers maiden name”, “mothers birthplace”, “first school”, “the name of a pet”. At the time (bearing in mind this has already been done years ago before you made your facebook), it seemed like a good secure question and answer, but is it?
The answer is, most probably not. You’ve probably put half of those details on Facebook, Myspace or some other social network / blog service without even thinking about it, details to … Read the rest
Follow Me!
Copyright © 2010 All rights reserved.
Designed by 