EPTOn August 14 2011 04:17 PoopLord wrote:
Thanks for the tip on keepass r1ch!
Thanks for the tip on keepass r1ch!
Yeah no kidding. Sick program.
GOMTV.net compromised - Page 34
| Forum Index > SC2 General |
|
mprs
Canada2933 Posts
Yeah no kidding. Sick program. | ||
|
obesechicken13
United States10467 Posts
![[image loading]](http://imgs.xkcd.com/comics/password_reuse.png) Also, Rich, I'm disappointed in you. Why would you recommend keepass instead of lastpass? Is it because keepass is open source? You can't use it from multiple computers. I think it's better to use lastpass. lastpass Use this instead of keepass. | ||
|
sinii
England989 Posts
| ||
|
Soleron
United Kingdom1324 Posts
On August 14 2011 05:58 obesechicken13 wrote: Also, Rich, I'm disappointed in you. Why would you recommend keypass instead of lastpass? Is it because keypass is open source? You can't use it from multiple computers. I think it's better to use lastpass. lastpass Use this instead of keypass. Lastpass could be sending your passwords to the developer. In fact the same mechanism as your comic: cool free application that gets a lot of downloads and then they have your information. Open source is required for anything like this. | ||
|
MattyClutch
United States711 Posts
On August 14 2011 06:00 Soleron wrote: Lastpass could be sending your passwords to the developer. In fact the same mechanism as your comic: cool free application that gets a lot of downloads and then they have your information. Open source is required for anything like this. Agreed. Can't believe GOM had such lax security though :/ | ||
|
Zyxds
United States91 Posts
| ||
|
obesechicken13
United States10467 Posts
On August 14 2011 06:00 Soleron wrote: Lastpass could be sending your passwords to the developer. In fact the same mechanism as your comic: cool free application that gets a lot of downloads and then they have your information. Open source is required for anything like this. So you trust a single person (the developer) to your passwords. Isn't that better than having to navigate through folders and transferring your passwords on usb every time you want to log into facebook? It seems like you're overcomplicating things for no reason. | ||
|
TVUmK
United States91 Posts
| ||
|
sinistrorsey2
42 Posts
On August 14 2011 06:17 TVUmK wrote: It says i cant modify my profile, and i cant change my password. What is wrong? I assume that gom would lock it so the hackers couldnt mess with ur information maybe? | ||
|
Alethios
New Zealand2765 Posts
What a pain in the ass. EDIT: I don't even remember half the sites I made accounts like that for. From this point on, i'm going to be much more careful with my passwords. | ||
|
xBillehx
United States1289 Posts
On August 14 2011 06:08 Zyxds wrote: Well, GOM doesn't allow you to change profile info all of a sudden. Seems kinda shady to me. Seems like its a smart idea until they get it fixed, otherwise you'd be sending all your new passwords to the same people who exploited this the first time. But hey, shady sounds evil, so we'll go with that. | ||
|
yoshi245
United States2974 Posts
On August 14 2011 06:00 Soleron wrote: Lastpass could be sending your passwords to the developer. In fact the same mechanism as your comic: cool free application that gets a lot of downloads and then they have your information. Open source is required for anything like this. I still use lastpass despite it being sort of compromised some weeks ago, but even then the passwords that may or may not have been taken were still encrypted and people with lengthy passes would take forever to decrypt nonetheless. And since then I changed my own lastpass master pass to be something convoluted and over 20 alphanumeric. As to the issue of it being sent to the dev, don't know anything about that, though it's a possibility with just about any of these password services that can remain as a risk. Makes me glad I log in to GOM via facebook. | ||
|
LetoAtreides82
United States1188 Posts
On August 14 2011 06:08 Zyxds wrote: Well, GOM doesn't allow you to change profile info all of a sudden. Seems kinda shady to me. I just tried watching the second game from a match and it asked me to login, when I did it asked me to create a new password. The new password requires a length of at least 8 characters, a capital letter, and an alpha-numeric character. | ||
|
obesechicken13
United States10467 Posts
On August 14 2011 07:17 yoshi245 wrote: I still use lastpass despite it being sort of compromised some weeks ago, but even then the passwords that may or may not have been taken were still encrypted and people with lengthy passes would take forever to decrypt nonetheless. And since then I changed my own lastpass master pass to be something convoluted and over 20 alphanumeric. As to the issue of it being sent to the dev, don't know anything about that, though it's a possibility with just about any of these password services that can remain as a risk. Makes me glad I log in to GOM via facebook. The people who hacked into lastpass (potentially, not certain if they even did) were only in long enough to get like 20 passwords from their database. Lastpass is pretty secure. | ||
|
rebuffering
Canada2436 Posts
"You have not verified your account. To complete sign up process, please check your verification email" which i have not received, it then says "Sorry, Wrong access". I dunno whats going on, last night i could log in just fine even though i couldnt change my pass, but now i cant even log in. | ||
|
slicknav
1409 Posts
| ||
|
Zyxds
United States91 Posts
On August 14 2011 07:00 xBillehx wrote: Seems like its a smart idea until they get it fixed, otherwise you'd be sending all your new passwords to the same people who exploited this the first time. But hey, shady sounds evil, so we'll go with that. Yeah, I'll put my trust in the company that made my info publicly available in the first place, sounds like a legit plan to me... | ||
|
CursedFeanor
Canada539 Posts
open source + offline > closed source + online KeePass > Lastpass Simply setup a dropbox (or external SVN, which I personally prefer) and keepass becomes just as portable as lastpass. In any case, I think such password management is really a must nowadays, just as this whole story demonstrates. | ||
|
RaiKageRyu
Canada4773 Posts
| ||
|
Finrod1
Germany3997 Posts
On August 14 2011 07:28 slicknav wrote: I just tried to watch some VOD's since my account seems to fine, I was asked to change my password, so it seems like they fixed it? The real question is if they changes something in their system... | ||
| ||
