shmups.system11.org

Shmups Forum
 
* FAQ    * Search
 * Register  * Login 
It is currently Mon Aug 10, 2020 8:19 am View unanswered posts
View active topics



Post new topic Reply to topic  [ 40 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Was the forum ever hacked or compromised?
PostPosted: Thu Jan 09, 2020 9:18 pm 


User avatar

Joined: 08 Jun 2008
Posts: 23
I logged in to the forums after many many years of not coming here, and I find that my profile had a spam signature, email and website added to it. I deleted all that now and changed my password, but it seems someone accessed my account and changed that information sometime in the past.

So, was the forum ever compromised or is there a chance my account can get rehacked even though I changed my email and password already?


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Thu Jan 09, 2020 9:31 pm 


User avatar

Joined: 19 Feb 2013
Posts: 3910
Location: Villa Straylight
It's probably like swiss cheese.
_________________
ImageImage
1cc List - Youtube - You emptylock my heart


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Thu Jan 09, 2020 11:11 pm 


User avatar

Joined: 08 Jun 2008
Posts: 23
Huh??


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Thu Jan 09, 2020 11:51 pm 


User avatar

Joined: 19 Jun 2007
Posts: 2502
Location: A star occupied by the Bydo Empire
I never even realized you had an account here. You do great work at vgmuseum.

As far as being compromised, I can't recall any public incidents. BF / system11 would know the forum-side stuff.
_________________
RegalSin wrote:
You can't even drive across the country Naked anymore


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Fri Jan 10, 2020 1:55 am 


User avatar

Joined: 08 Jun 2008
Posts: 23
Mortificator wrote:
I never even realized you had an account here. You do great work at vgmuseum.

As far as being compromised, I can't recall any public incidents. BF / system11 would know the forum-side stuff.


Thanks, glad you're one of the few that still likes it :P


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Fri Jan 10, 2020 1:59 am 


User avatar

Joined: 16 Feb 2006
Posts: 5540
Location: Canada
Do you recall using the same password on multiple sites? Is your password easy to guess?

This site may help, too https://haveibeenpwned.com/

Also, I used to look up endings on VGMuseum all the time. Great resource.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Fri Jan 10, 2020 4:08 am 


User avatar

Joined: 18 Jun 2012
Posts: 3928
Location: Chicago, IL
ReyVGM wrote:
Thanks, glad you're one of the few that still likes it :P

Nah, I browse there all the time to get screen-grabs and meme images for my favorite arcade games.
Image
_________________
Image
DEMON'S TILT [bullet hell pinball] - Music Composer || EC2151 ~ My FM/YM2612 music & more! || 1CC List || PCE-CD: The Search for Quality


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Fri Jan 10, 2020 5:04 am 


User avatar

Joined: 31 Jul 2013
Posts: 557
ReyVGM wrote:
Thanks, glad you're one of the few that still likes it :P


I like to browse through there every now and again too. Thanks for all the uploads.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Fri Jan 10, 2020 6:22 am 


User avatar

Joined: 08 Jun 2008
Posts: 23
Udderdude wrote:
Do you recall using the same password on multiple sites? Is your password easy to guess?

This site may help, too https://haveibeenpwned.com/


I did yeah. Since then I've been using a more robust password.


EmperorIng wrote:
Nah, I browse there all the time to get screen-grabs and meme images for my favorite arcade games.

Vanguard wrote:

I like to browse through there every now and again too. Thanks for all the uploads.

Udderdude wrote:

Also, I used to look up endings on VGMuseum all the time. Great resource.


Well, thanks for the boost guys. That motivates me into continuing doing screens.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Fri Jan 10, 2020 6:49 am 


User avatar

Joined: 10 May 2007
Posts: 12969
Location: SODOM
Yet another piling in with thanks. :mrgreen: VGMuseum is one of my longtime favourites, was looking up some early Neo Geo endings for my ATTRACT MODE thread just recently.
_________________
Image
STOMP 'EM IN THE NUTS
[THE MIRAGE OF MIND] Metal Black ST [THE MASSACRE] Gun.Smoke ST [TRAGEDY FLAME]


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Fri Jan 10, 2020 8:26 am 


User avatar

Joined: 18 Feb 2011
Posts: 5658
Location: Denmarku
Yeah, I recall some years ago a mail went out to all forum members requesting changing their passwords here and on every website using the same password.

Since then I've used my "shitty" password that I employ anywhere I know someone will probably be able to see it in plain text. Places where getting hacked would mostly be inconsequential :)


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Fri Jan 10, 2020 11:47 pm 


User avatar

Joined: 31 Jul 2017
Posts: 232
ReyVGM wrote:
Well, thanks for the boost guys. That motivates me into continuing doing screens.


Personal opinion: VGMuseum is a cornerstone of video game archaeology on the internet. It's wonderful that you're still updating the site.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 7:43 am 


User avatar

Joined: 03 Nov 2008
Posts: 1441
Location: Canada
Wasn't there one time where shmups did get hacked a few years back?

I swear it happened at least once :roll:


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 10:25 am 



Joined: 09 Apr 2012
Posts: 2366
I have no idea why people re-use passwords. There are much more convenient ways to deal with passwords, that won't hurt you, or others.
ReyVGM wrote:
I did yeah. Since then I've been using a more robust password.

The quality of your password doesn't really matter (to an extent), whether or not you re-use it does.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 3:59 pm 


User avatar

Joined: 16 Feb 2016
Posts: 655
Location: Portugal
ZellSF wrote:
The quality of your password doesn't really matter (to an extent), whether or not you re-use it does.


It does matter if you care about the account it protects. Using different passwords for every account is only useful to prevent the damage from spreading.
As for passwords themselves, it matters little what they are, provided they are long; 14+ characters does the trick.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 5:35 pm 



Joined: 09 Apr 2012
Posts: 2366
I've seen people who re-use passwords get their accounts compromised often, I have actually never seen anyone, even people with the most simplistic passwords, get their passwords brute forced.

That's not saying it doesn't happen, but the notion that telling people that they should choose complicated passwords as the most important security measure needs to die.

I think telling people to use long passwords is dangerous too; it promotes patterns.

Seriously, password managers aren't complicated, people need to stop with these stupid half-measures.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 6:04 pm 


User avatar

Joined: 28 Feb 2012
Posts: 648
Location: Sweden
ZellSF wrote:
I've seen people who re-use passwords get their accounts compromised often, I have actually never seen anyone, even people with the most simplistic passwords, get their passwords brute forced.

That's not saying it doesn't happen, but the notion that telling people that they should choose complicated passwords as the most important security measure needs to die.

I think telling people to use long passwords is dangerous too; it promotes patterns.

Seriously, password managers aren't complicated, people need to stop with these stupid half-measures.


Getting a password manager was probably one of the better things I did last year. There so many out there and it seems almost hard to pick a "bad" one.
Things like apps and browser extensions are pretty much guaranteed which means that I finally removed all my personal saved passwords from my computer at work.

Speaking of passwords, I've learned that when you're able to (and not forced into creating a weird mish-mash of letters, numbers and special characters) it can be a good idea to use a short sentence sentence or a group of words, including spaces if allowed. Disregarding how this can actually create long and "strong" passwords, I find it much easier to remember than more normal passwords.

But again, with a password manager the only password you really need to remember is the master password for that service :mrgreen: Although, if nothing else, it feels good to at least remember a few passwords so that they don't end up like all the phone numbers I used to know but now have forgotten, despite calling them often...

Edit:
Things like reusing passwords becomes especially scary these days when your Microsoft/Outlook account can be used to log into your computer and not just your email.
_________________
CHECKPOINT!


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 6:43 pm 


User avatar

Joined: 16 Feb 2016
Posts: 655
Location: Portugal
ZellSF wrote:
I've seen people who re-use passwords get their accounts compromised often, I have actually never seen anyone, even people with the most simplistic passwords, get their passwords brute forced.

That's not saying it doesn't happen, but the notion that telling people that they should choose complicated passwords as the most important security measure needs to die.

I think telling people to use long passwords is dangerous too; it promotes patterns.


I said nothing about complicated passwords. Just string a few (uncommon) words together, possibly from different languages, and you'll get a fairly long password that won't fall to brute force or dictionary attacks. As for patterns, just generate the passwords according to some rule that only you know.

ZellSF wrote:
Seriously, password managers aren't complicated, people need to stop with these stupid half-measures.


Password managers are fine, and if you use one then the long randomly generated passwords are what you want (for those being managed, not for the password manager itself), but I disagree that anything else is an half-measure.

Ji-L87 wrote:
Speaking of passwords, I've learned that when you're able to (and not forced into creating a weird mish-mash of letters, numbers and special characters) it can be a good idea to use a short sentence sentence or a group of words, including spaces if allowed. Disregarding how this can actually create long and "strong" passwords, I find it much easier to remember than more normal passwords.


Right, the most important factor is length (again, avoiding common words helps against dictionary attacks). If the password is not long enough then it doesn't matter what it is made of, as it can easily be brute forced. If you make a long and complicated password, then you won't be able to remember it and will have to jot it down somewhere; this is where password managers are very handy.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 7:15 pm 



Joined: 09 Apr 2012
Posts: 2366
__SKYe wrote:
As for patterns, just generate the passwords according to some rule that only you know.

When you have some of those passwords, reverse engineering the rule that "only you know" can be simple. Most people doing this will end up with a password pattern that's harder to remember, easier to brute force or both.

That's not saying it can't be an improvement, but the current trend of giving that as a "solution" for passwords is bad.
__SKYe wrote:
but I disagree that anything else is an half-measure.

You haven't mentioned anything else that could be a full measure.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 7:46 pm 


User avatar

Joined: 16 Feb 2016
Posts: 655
Location: Portugal
ZellSF wrote:
When you have some of those passwords, reverse engineering the rule that "only you know" can be simple. Most people doing this will end up with a password pattern that's harder to remember, easier to brute force or both.

That's not saying it can't be an improvement, but the current trend of giving that as a "solution" for passwords is bad.


And for that to happen several websites that you have an account on would have to have been hacked, and they had to store the passwords in plain text. And someone would have to care enough to target you specifically. :)

I'm not claiming it is bullet proof, nor that it is the best solution, but I don't think that using a password manager is the only way to have, quite honestly, very good security. Not everyone wants to use a password manager.

You could even write your passwords on a piece of paper and take it with you on your wallet, tape it on your computer, etc. Unless you're actually worried that someone will mug you or break into your house to steal them, those are also some very good measures.

In my opinion, as long as you don't use short passwords, use common words and/or personal information (eg. important dates, names, etc) and don't reuse them, you're golden.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 8:15 pm 



Joined: 09 Apr 2012
Posts: 2366
__SKYe wrote:
ZellSF wrote:
When you have some of those passwords, reverse engineering the rule that "only you know" can be simple. Most people doing this will end up with a password pattern that's harder to remember, easier to brute force or both.

That's not saying it can't be an improvement, but the current trend of giving that as a "solution" for passwords is bad.


And for that to happen several websites that you have an account on would have to have been hacked, and they had to store the passwords in plain text. And someone would have to care enough to target you specifically. :)

The first criteria is basically always met. Most people have been part of several database breaches.

The second criteria is often met, and even when they're not stored as plain text usually brute force-able. For someone implying you need 14+ characters to avoid online brute forcing (where several mitigation factors step in), your confidence in how hard it will be to brute force an offline database is weird.

You'll have to be targeted specifically (-ish, anyway), sure, but that also applies to the logic of needing a long password in the first place. No one is brute forcing even an 8 character complicated password against an online service, unless it's against a person of interest.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 8:32 pm 


User avatar

Joined: 14 Aug 2019
Posts: 418
Location: BW, Germany
For sites that require a password, use a password manager, with long and randomly-generated passwords and different for each site. They're easy to use. There's really no excuse.

People might have their reasons to not use one, but then don't complain :P

They're not the be-all-end-all solution; nothing is ever 100% secure. You can only asymptotically draw near, with the low hanging fruit bringing sizable improvements with them already. It's all about increasing costs for an attacker.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 8:46 pm 


User avatar

Joined: 16 Feb 2016
Posts: 655
Location: Portugal
ZellSF wrote:
]The first criteria is basically always met. Most people have been part of several database breaches.

The second criteria is often met, and even when they're not stored as plain text usually brute force-able. For someone implying you need 14+ characters to avoid online brute forcing (where several mitigation factors step in), your confidence in how hard it will be to brute force an offline database is weird.


Good point, I admit I wasn't thinking of that.

ZellSF wrote:
You'll have to be targeted specifically (-ish, anyway), sure, but that also applies to the logic of needing a long password in the first place. No one is brute forcing even an 8 character complicated password against an online service, unless it's against a person of interest.


There is such a thing as low-hanging fruit. :)

6t8k wrote:
People might have their reasons to not use one, but then don't complain :P


Did I complain? :)
I'm just saying that, if you're fine with memorizing all the passwords, then a password manager isn't much better aside from the potential pattern problem Zell posted before, provided someone's that worried about an attacker targeting them specifically.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 10:27 pm 


User avatar

Joined: 14 Aug 2019
Posts: 418
Location: BW, Germany
__SKYe: I was just generally speaking :)

Using passwords with at least 8 characters length would be old advice by the way. Here (archive), researchers recommended using at least 12 characters. And that was in 2010. Computing power grows all the time, so with time, longer and longer passwords are economically crackable (likewise, shorter ones will be crackable with less and less effort). And that is assuming an attacker can't crack it faster because it's not random, and/or because he can sensibly use rainbow tables because the passwords weren't stored in the database in a secure fashion. @ZellSF: passwords very rarely get attacked in a targeted way; by far most account compromises happen as a consequence of attackers just shoving whole leaked databases into a GPU array in the cloud and passwords just begin falling out, the weakest ones first.

"OK, if I remember/write down 12 characters now, then my password will simply be compromised tomorrow because computers became faster. There's no threshold anyway"
Keep in mind security increases exponentially, not linearly, when making your password longer.

When using a password manager, since you don't have to remember it, always use the longest password possible on any given site (I do).
For example, when using a randomly generated password of 32 characters in length, no digital computer will ever be able to crack it due to fundamental physics limitations, provided the hash function used to store it in the database was not complete rubbish. (there is still no 100% security because there are other ways of compromising an account besides cracking the password)


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sat Jan 11, 2020 11:57 pm 


User avatar

Joined: 16 Feb 2016
Posts: 655
Location: Portugal
6t8k wrote:
__SKYe: I was just generally speaking :)

Using passwords with at least 8 characters length is old advice by the way. Here (archive), researchers recommended using at least 12 characters. And that was in 2010. Computing power grows all the time, so with time, longer and longer passwords are economically crackable (likewise, shorter ones will be crackable with less and less effort).


Yeah, that's old indeed. But the advice to use randomized passwords is somewhat misleading, though. Above a certain length it doesn't really matter what the password contains, and if you string together, say, 3~4 four words of 5 characters each, separated by any punctuation of your choice, you'll easily get into the 17~20s characters without much effort and it still remains easy to remember.
I understand the aversion to doing this for, and having to remember, many passwords, though. :)

6t8k wrote:
And that is assuming an attacker can't crack it faster because it's not random, and/or because he can sensibly use rainbow tables because the passwords weren't stored in the database in a secure fashion.


Yup, nothing can be done about this other than hoping that you get notified about the breach before any nefarious individual actually accesses your account, so you can change your password.

6t8k wrote:
"OK, if I remember/write down 12 characters now, then my password will simply be compromised tomorrow because computers became faster. There's no threshold anyway"
Keep in mind security increases exponentially, not linearly, when making your password longer.


That's another thing that isn't common knowledge; the difference that a few characters can make in making passwords secure.

6t8k wrote:
When using a password manager, since you don't have to remember it, always use the longest password possible on any given site (I do).
For example, when using a randomly generated password of 32 characters in length, no digital computer will ever be able to crack it due to fundamental physics limitations, provided the hash function used to store it in the database was not complete rubbish. (there is still no 100% security because there are other ways of compromising an account besides cracking the password)


I'm aware and agree with what you wrote. Just to reiterate, I'm not against password managers at all. I simply think that, realistically speaking, their best asset (and I suppose, selling point) is that you only have to remember a single password, greatly simplifying the task of having different passwords for every website (which is quite important, mind you). Since you can use the maximum length allowed for any given website, they are technically more secure, but beyond a certain length, you get exceedingly diminishing returns.

Anyway, I've been rambling for quite a bit. Don't let me deter anyone into using a password manager; they are useful. :)


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sun Jan 12, 2020 10:07 am 



Joined: 12 Mar 2019
Posts: 242
And what's a good password manager these days, while you're at it?


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sun Jan 12, 2020 3:58 pm 



Joined: 11 Feb 2012
Posts: 436
Location: US
Length doesn't equal entropy. 4-5 words is perfectly fine against dictionary attacks regardless of word length. Also, I have 4 character passwords in non-ascii spaces that are as good as 16 ascii chars.

Bassa-Bassa wrote:
And what's a good password manager these days, while you're at it?


If you want it to work with all major OSes out of the box it's hard to beat 1Password. If you like like free software, there are other solutions (that are better for different needs.)
_________________
Sex, powerups, and rock 'n' roll.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Sun Jan 12, 2020 4:00 pm 


User avatar

Joined: 16 Feb 2016
Posts: 655
Location: Portugal
I like KeePassXC, which is open source and runs on win/linux/mac. I primarily chose it because it is OSS and runs on Linux. :)
There are no official mobile versions, though there is a similar app for Android (KeePass2Android) based on KeePass. It doesn't support automatic cloud syncing, though you can simply store the encrypted passwords file in your cloud service of choice. There are alternatives, such as LastPass (free+paid upgrade) , BitWarden (free+paid upgrade) and 1password, but I've no experience with them so I'll leave it to others to chime in.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Mon Jan 13, 2020 8:26 am 



Joined: 09 Apr 2012
Posts: 2366
6t8k wrote:
Using passwords with at least 8 characters length would be old advice by the way. Here (archive), researchers recommended using at least 12 characters. And that was in 2010. Computing power grows all the time, so with time, longer and longer passwords are economically crackable

That applies to offline cracking only. Computing power doesn't really help you against server side rate limiting, it might help you with captchas in some way though.

Sure, picking a longer password might help you, but only if you're the sort of person who re-uses passwords and then only if the server that's compromised have properly stored the passwords.

But you shouldn't be re-using passwords and you shouldn't be relying on the server to store them properly in case of a compromise.

So I still see telling people to use long passwords for online services as a stupid half-measure that will only give them a false sense of security.
__SKYe wrote:
Yup, nothing can be done about this other than hoping that you get notified about the breach before any nefarious individual actually accesses your account, so you can change your password.

The standard is invalidating your password if it has been compromised.
Bassa-Bassa wrote:
And what's a good password manager these days, while you're at it?

I can't recommend what I do for most people (a combination of Firefox's built in password manager and KeePass).

I think any of the most popular ones are fine. Lastpass is the first that comes to mind.


Top
 Offline Profile  
 
 Post subject: Re: Was the forum ever hacked or compromised?
PostPosted: Mon Jan 13, 2020 5:39 pm 


User avatar

Joined: 08 Jun 2008
Posts: 23
BIL wrote:
Yet another piling in with thanks. :mrgreen: VGMuseum is one of my longtime favourites, was looking up some early Neo Geo endings for my ATTRACT MODE thread just recently.


Thanks, glad it was helpful to you. I love screenshots, specially of 2D games.

Bratwurst wrote:
ReyVGM wrote:
Well, thanks for the boost guys. That motivates me into continuing doing screens.


Personal opinion: VGMuseum is a cornerstone of video game archaeology on the internet. It's wonderful that you're still updating the site.


For 20 years :O

ZellSF wrote:
I have no idea why people re-use passwords. There are much more convenient ways to deal with passwords, that won't hurt you, or others.
.


It's difficult to remember a bunch of different passwords.

6t8k wrote:
For sites that require a password, use a password manager, with long and randomly-generated passwords and different for each site. They're easy to use. There's really no excuse.

.


I've never heard of that, what does it do exactly? What's the name of a good (free) one?


Top
 Offline Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 40 posts ]  Go to page 1, 2  Next

All times are UTC


Who is online

Users browsing this forum: PerishedFraud ឵឵ and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Space Pilot 3K template by Jakob Persson
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group