Attention - Upcoming Password Changes - TCCoA Forums

 
LinkBack Thread Tools
post #1 of 4 (permalink) Old 06-15-2016, 04:37 PM Thread Starter
Administrator

Administrator
 
AGadmin's Avatar
 
Join Date: Apr 2014
Posts: 104
Lightbulb Attention - Upcoming Password Changes

Hello Everyone,

Per the latest announcements we will be resetting everyone’s passwords. Shortly you should be receiving an email directing you how to change your password. It will look like this:

Quote:
Subject: Your new password for *site name*
Dear *username*,
Your password has been reset by an administrator. Your new details are as follows:
Username: *username*
Password: *Randomly generated temp password*
To change your password, please visit this page: *link to password reset edit page from USERCP*
If you suspect this email is a scam, you can confirm the legitimacy of this email by manually navigate to the forum URL yourself and use your new password to log in.
All the best,
Site Name
As you can see it will give you a randomly generated temporary password, as well as telling you where you need to go to updated it accordingly.
If you do not receive this email please go to the contact us page and select Other, and type in Security Password Update Issues
We’re sorry for the inconvenience.
AGadmin is offline  
post #2 of 4 (permalink) Old 06-21-2016, 11:24 AM
Newbie
 
Join Date: Jul 2005
Location: hanahan, sc
Posts: 0
your new password rules are bs. why do you need to become Fort Knox?
beckum is offline  
post #3 of 4 (permalink) Old 06-21-2016, 06:26 PM Thread Starter
Administrator

Administrator
 
AGadmin's Avatar
 
Join Date: Apr 2014
Posts: 104
Security is important to us.
-Philip
AGadmin is offline  
post #4 of 4 (permalink) Old 06-22-2016, 07:43 AM
Road warrior extrodinaire

Super Moderator
 
Trunk Monkey's Avatar
 
Join Date: Feb 2006
Location: Home Sweet Home: Charlotte, NC
Posts: 10,905
Garage
Better late than never. This password change is a reactive measure - not a proactive one.

I do appreciate the prompt corrective reaction to the breach and don't mind the required password change with the updated complexity requirements.

I would hope that a stronger hash than MD5 was selected and that the other issues outlined below are also being addressed.

Poor OPSEC led to this in the first place. I'm sure they'll do better going forward. Unfortunately data breaches of all sorts are a fact of life today.

After researching the nature of the breach that initiated this password change I discovered that:
Quote:
  • VerticalScope [The parent company of AutoGuide] ... may have stored too much data in one or several connected servers. The volume of data cracking one server may have given hackers access to several others, as they say, “there is no other way to explain a theft on such a large scale.”
  • Furthermore, a database sample given to ZDNet shows passwords that were hashed and salted with MD5, an obsolete method that is now too easy to decipher. In addition to passwords, email addresses, the site visited and a user’s IP information (which can be sometimes be used to determine location) are all listed in conjunction with the usernames that were compromised.
  • Lack of HTTPS encryption and the use of vulnerable older versions of the vBulletin forum software were other weaknesses in VerticalScope sites noted by ZDNet.
...
If you’d rather search for your particular username or other identifying data, LeakedSource now includes all of the hacked information from the VerticalScope network.
Source and full article here: 45 Million Accounts Hacked At Some Of The Biggest Car Forums

Mods? Yea, I got mods ...
Air silencer delete, warp drive, dilithium crystals, flux capacitor, Slingshot Rubber band power adder, Moonshine & Gas, Leaf Blower Supercharger, Hamster Wheel & Hamster, Energizer Bunny generating 1.21 gigawatts, Mr. Fusion® Home Energy Reactor, hover conversion and a sextant celestial navigation system (The original GPS)
Best 1/4: 1,320 nanoseconds @ 670,616,629.2 miles per hour

"There isn't that much difference anymore between spacecraft, aircraft and modern automobiles..." - Keith Henry, NASA's Langley Research Center
See a list of my real mods and pictures of my car HERE. The true performance of my car was made possible by the Carolinas Crew Chief, RobertP at Rob's Tire & Auto.

Last edited by Trunk Monkey; 06-22-2016 at 08:12 AM.
Trunk Monkey is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the TCCoA Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome