Was the forum ever hacked or compromised?
Was the forum ever hacked or compromised?
I logged in to the forums after many many years of not coming here, and I find that my profile had a spam signature, email and website added to it. I deleted all that now and changed my password, but it seems someone accessed my account and changed that information sometime in the past.
So, was the forum ever compromised or is there a chance my account can get rehacked even though I changed my email and password already?
So, was the forum ever compromised or is there a chance my account can get rehacked even though I changed my email and password already?
-
Mortificator
- Posts: 2809
- Joined: Tue Jun 19, 2007 1:13 am
- Location: A star occupied by the Bydo Empire
Re: Was the forum ever hacked or compromised?
I never even realized you had an account here. You do great work at vgmuseum.
As far as being compromised, I can't recall any public incidents. BF / system11 would know the forum-side stuff.
As far as being compromised, I can't recall any public incidents. BF / system11 would know the forum-side stuff.
RegalSin wrote:You can't even drive across the country Naked anymore
Re: Was the forum ever hacked or compromised?
Thanks, glad you're one of the few that still likes itMortificator wrote:I never even realized you had an account here. You do great work at vgmuseum.
As far as being compromised, I can't recall any public incidents. BF / system11 would know the forum-side stuff.
Re: Was the forum ever hacked or compromised?
Do you recall using the same password on multiple sites? Is your password easy to guess?
This site may help, too https://haveibeenpwned.com/
Also, I used to look up endings on VGMuseum all the time. Great resource.
This site may help, too https://haveibeenpwned.com/
Also, I used to look up endings on VGMuseum all the time. Great resource.
-
EmperorIng
- Posts: 5067
- Joined: Mon Jun 18, 2012 3:22 am
- Location: Chicago, IL
Re: Was the forum ever hacked or compromised?
Nah, I browse there all the time to get screen-grabs and meme images for my favorite arcade games.ReyVGM wrote: Thanks, glad you're one of the few that still likes it
DEMON'S TILT [bullet hell pinball] - Music Composer || EC2151 ~ My FM/YM2612 music & more! || 1CC List || PCE-CD: The Search for Quality
Re: Was the forum ever hacked or compromised?
I like to browse through there every now and again too. Thanks for all the uploads.ReyVGM wrote:Thanks, glad you're one of the few that still likes it
Re: Was the forum ever hacked or compromised?
I did yeah. Since then I've been using a more robust password.Udderdude wrote:Do you recall using the same password on multiple sites? Is your password easy to guess?
This site may help, too https://haveibeenpwned.com/
EmperorIng wrote: Nah, I browse there all the time to get screen-grabs and meme images for my favorite arcade games.
Vanguard wrote:
I like to browse through there every now and again too. Thanks for all the uploads.
Well, thanks for the boost guys. That motivates me into continuing doing screens.Udderdude wrote:
Also, I used to look up endings on VGMuseum all the time. Great resource.
Re: Was the forum ever hacked or compromised?
Yet another piling in with thanks. VGMuseum is one of my longtime favourites, was looking up some early Neo Geo endings for my ATTRACT MODE thread just recently.
光あふれる 未来もとめて, whoa~oh ♫
[THE MIRAGE OF MIND] Metal Black ST [THE JUSTICE MASSACRE] Gun.Smoke ST [STAB & STOMP]
Re: Was the forum ever hacked or compromised?
Yeah, I recall some years ago a mail went out to all forum members requesting changing their passwords here and on every website using the same password.
Since then I've used my "shitty" password that I employ anywhere I know someone will probably be able to see it in plain text. Places where getting hacked would mostly be inconsequential
Since then I've used my "shitty" password that I employ anywhere I know someone will probably be able to see it in plain text. Places where getting hacked would mostly be inconsequential
Re: Was the forum ever hacked or compromised?
Personal opinion: VGMuseum is a cornerstone of video game archaeology on the internet. It's wonderful that you're still updating the site.ReyVGM wrote:Well, thanks for the boost guys. That motivates me into continuing doing screens.
Re: Was the forum ever hacked or compromised?
Wasn't there one time where shmups did get hacked a few years back?
I swear it happened at least once
I swear it happened at least once
Re: Was the forum ever hacked or compromised?
I have no idea why people re-use passwords. There are much more convenient ways to deal with passwords, that won't hurt you, or others.
The quality of your password doesn't really matter (to an extent), whether or not you re-use it does.ReyVGM wrote:I did yeah. Since then I've been using a more robust password.
Re: Was the forum ever hacked or compromised?
It does matter if you care about the account it protects. Using different passwords for every account is only useful to prevent the damage from spreading.ZellSF wrote:The quality of your password doesn't really matter (to an extent), whether or not you re-use it does.
As for passwords themselves, it matters little what they are, provided they are long; 14+ characters does the trick.
Re: Was the forum ever hacked or compromised?
I've seen people who re-use passwords get their accounts compromised often, I have actually never seen anyone, even people with the most simplistic passwords, get their passwords brute forced.
That's not saying it doesn't happen, but the notion that telling people that they should choose complicated passwords as the most important security measure needs to die.
I think telling people to use long passwords is dangerous too; it promotes patterns.
Seriously, password managers aren't complicated, people need to stop with these stupid half-measures.
That's not saying it doesn't happen, but the notion that telling people that they should choose complicated passwords as the most important security measure needs to die.
I think telling people to use long passwords is dangerous too; it promotes patterns.
Seriously, password managers aren't complicated, people need to stop with these stupid half-measures.
Re: Was the forum ever hacked or compromised?
Getting a password manager was probably one of the better things I did last year. There so many out there and it seems almost hard to pick a "bad" one.ZellSF wrote:I've seen people who re-use passwords get their accounts compromised often, I have actually never seen anyone, even people with the most simplistic passwords, get their passwords brute forced.
That's not saying it doesn't happen, but the notion that telling people that they should choose complicated passwords as the most important security measure needs to die.
I think telling people to use long passwords is dangerous too; it promotes patterns.
Seriously, password managers aren't complicated, people need to stop with these stupid half-measures.
Things like apps and browser extensions are pretty much guaranteed which means that I finally removed all my personal saved passwords from my computer at work.
Speaking of passwords, I've learned that when you're able to (and not forced into creating a weird mish-mash of letters, numbers and special characters) it can be a good idea to use a short sentence sentence or a group of words, including spaces if allowed. Disregarding how this can actually create long and "strong" passwords, I find it much easier to remember than more normal passwords.
But again, with a password manager the only password you really need to remember is the master password for that service Although, if nothing else, it feels good to at least remember a few passwords so that they don't end up like all the phone numbers I used to know but now have forgotten, despite calling them often...
Edit:
Things like reusing passwords becomes especially scary these days when your Microsoft/Outlook account can be used to log into your computer and not just your email.
CHECKPOINT!
Re: Was the forum ever hacked or compromised?
I said nothing about complicated passwords. Just string a few (uncommon) words together, possibly from different languages, and you'll get a fairly long password that won't fall to brute force or dictionary attacks. As for patterns, just generate the passwords according to some rule that only you know.ZellSF wrote:I've seen people who re-use passwords get their accounts compromised often, I have actually never seen anyone, even people with the most simplistic passwords, get their passwords brute forced.
That's not saying it doesn't happen, but the notion that telling people that they should choose complicated passwords as the most important security measure needs to die.
I think telling people to use long passwords is dangerous too; it promotes patterns.
Password managers are fine, and if you use one then the long randomly generated passwords are what you want (for those being managed, not for the password manager itself), but I disagree that anything else is an half-measure.ZellSF wrote:Seriously, password managers aren't complicated, people need to stop with these stupid half-measures.
Right, the most important factor is length (again, avoiding common words helps against dictionary attacks). If the password is not long enough then it doesn't matter what it is made of, as it can easily be brute forced. If you make a long and complicated password, then you won't be able to remember it and will have to jot it down somewhere; this is where password managers are very handy.Ji-L87 wrote:Speaking of passwords, I've learned that when you're able to (and not forced into creating a weird mish-mash of letters, numbers and special characters) it can be a good idea to use a short sentence sentence or a group of words, including spaces if allowed. Disregarding how this can actually create long and "strong" passwords, I find it much easier to remember than more normal passwords.
Re: Was the forum ever hacked or compromised?
When you have some of those passwords, reverse engineering the rule that "only you know" can be simple. Most people doing this will end up with a password pattern that's harder to remember, easier to brute force or both.__SKYe wrote: As for patterns, just generate the passwords according to some rule that only you know.
That's not saying it can't be an improvement, but the current trend of giving that as a "solution" for passwords is bad.
You haven't mentioned anything else that could be a full measure.__SKYe wrote: but I disagree that anything else is an half-measure.
Re: Was the forum ever hacked or compromised?
And for that to happen several websites that you have an account on would have to have been hacked, and they had to store the passwords in plain text. And someone would have to care enough to target you specifically.ZellSF wrote:When you have some of those passwords, reverse engineering the rule that "only you know" can be simple. Most people doing this will end up with a password pattern that's harder to remember, easier to brute force or both.
That's not saying it can't be an improvement, but the current trend of giving that as a "solution" for passwords is bad.
I'm not claiming it is bullet proof, nor that it is the best solution, but I don't think that using a password manager is the only way to have, quite honestly, very good security. Not everyone wants to use a password manager.
You could even write your passwords on a piece of paper and take it with you on your wallet, tape it on your computer, etc. Unless you're actually worried that someone will mug you or break into your house to steal them, those are also some very good measures.
In my opinion, as long as you don't use short passwords, use common words and/or personal information (eg. important dates, names, etc) and don't reuse them, you're golden.
Re: Was the forum ever hacked or compromised?
The first criteria is basically always met. Most people have been part of several database breaches.__SKYe wrote:And for that to happen several websites that you have an account on would have to have been hacked, and they had to store the passwords in plain text. And someone would have to care enough to target you specifically.ZellSF wrote:When you have some of those passwords, reverse engineering the rule that "only you know" can be simple. Most people doing this will end up with a password pattern that's harder to remember, easier to brute force or both.
That's not saying it can't be an improvement, but the current trend of giving that as a "solution" for passwords is bad.
The second criteria is often met, and even when they're not stored as plain text usually brute force-able. For someone implying you need 14+ characters to avoid online brute forcing (where several mitigation factors step in), your confidence in how hard it will be to brute force an offline database is weird.
You'll have to be targeted specifically (-ish, anyway), sure, but that also applies to the logic of needing a long password in the first place. No one is brute forcing even an 8 character complicated password against an online service, unless it's against a person of interest.
Re: Was the forum ever hacked or compromised?
For sites that require a password, use a password manager, with long and randomly-generated passwords and different for each site. They're easy to use. There's really no excuse.
People might have their reasons to not use one, but then don't complain
They're not the be-all-end-all solution; nothing is ever 100% secure. You can only asymptotically draw near, with the low hanging fruit bringing sizable improvements with them already. It's all about increasing costs for an attacker.
People might have their reasons to not use one, but then don't complain
They're not the be-all-end-all solution; nothing is ever 100% secure. You can only asymptotically draw near, with the low hanging fruit bringing sizable improvements with them already. It's all about increasing costs for an attacker.
Re: Was the forum ever hacked or compromised?
Good point, I admit I wasn't thinking of that.ZellSF wrote:]The first criteria is basically always met. Most people have been part of several database breaches.
The second criteria is often met, and even when they're not stored as plain text usually brute force-able. For someone implying you need 14+ characters to avoid online brute forcing (where several mitigation factors step in), your confidence in how hard it will be to brute force an offline database is weird.
There is such a thing as low-hanging fruit.ZellSF wrote:You'll have to be targeted specifically (-ish, anyway), sure, but that also applies to the logic of needing a long password in the first place. No one is brute forcing even an 8 character complicated password against an online service, unless it's against a person of interest.
Did I complain?6t8k wrote:People might have their reasons to not use one, but then don't complain
I'm just saying that, if you're fine with memorizing all the passwords, then a password manager isn't much better aside from the potential pattern problem Zell posted before, provided someone's that worried about an attacker targeting them specifically.
Re: Was the forum ever hacked or compromised?
__SKYe: I was just generally speaking
Using passwords with at least 8 characters length would be old advice by the way. Here (archive), researchers recommended using at least 12 characters. And that was in 2010. Computing power grows all the time, so with time, longer and longer passwords are economically crackable (likewise, shorter ones will be crackable with less and less effort). And that is assuming an attacker can't crack it faster because it's not random, and/or because he can sensibly use rainbow tables because the passwords weren't stored in the database in a secure fashion. @ZellSF: passwords very rarely get attacked in a targeted way; by far most account compromises happen as a consequence of attackers just shoving whole leaked databases into a GPU array in the cloud and passwords just begin falling out, the weakest ones first.
"OK, if I remember/write down 12 characters now, then my password will simply be compromised tomorrow because computers became faster. There's no threshold anyway"
Keep in mind security increases exponentially, not linearly, when making your password longer.
When using a password manager, since you don't have to remember it, always use the longest password possible on any given site (I do).
For example, when using a randomly generated password of 32 characters in length, no digital computer will ever be able to crack it due to fundamental physics limitations, provided the hash function used to store it in the database was not complete rubbish. (there is still no 100% security because there are other ways of compromising an account besides cracking the password)
Using passwords with at least 8 characters length would be old advice by the way. Here (archive), researchers recommended using at least 12 characters. And that was in 2010. Computing power grows all the time, so with time, longer and longer passwords are economically crackable (likewise, shorter ones will be crackable with less and less effort). And that is assuming an attacker can't crack it faster because it's not random, and/or because he can sensibly use rainbow tables because the passwords weren't stored in the database in a secure fashion. @ZellSF: passwords very rarely get attacked in a targeted way; by far most account compromises happen as a consequence of attackers just shoving whole leaked databases into a GPU array in the cloud and passwords just begin falling out, the weakest ones first.
"OK, if I remember/write down 12 characters now, then my password will simply be compromised tomorrow because computers became faster. There's no threshold anyway"
Keep in mind security increases exponentially, not linearly, when making your password longer.
When using a password manager, since you don't have to remember it, always use the longest password possible on any given site (I do).
For example, when using a randomly generated password of 32 characters in length, no digital computer will ever be able to crack it due to fundamental physics limitations, provided the hash function used to store it in the database was not complete rubbish. (there is still no 100% security because there are other ways of compromising an account besides cracking the password)
Re: Was the forum ever hacked or compromised?
Yeah, that's old indeed. But the advice to use randomized passwords is somewhat misleading, though. Above a certain length it doesn't really matter what the password contains, and if you string together, say, 3~4 four words of 5 characters each, separated by any punctuation of your choice, you'll easily get into the 17~20s characters without much effort and it still remains easy to remember.6t8k wrote:__SKYe: I was just generally speaking
Using passwords with at least 8 characters length is old advice by the way. Here (archive), researchers recommended using at least 12 characters. And that was in 2010. Computing power grows all the time, so with time, longer and longer passwords are economically crackable (likewise, shorter ones will be crackable with less and less effort).
I understand the aversion to doing this for, and having to remember, many passwords, though.
Yup, nothing can be done about this other than hoping that you get notified about the breach before any nefarious individual actually accesses your account, so you can change your password.6t8k wrote:And that is assuming an attacker can't crack it faster because it's not random, and/or because he can sensibly use rainbow tables because the passwords weren't stored in the database in a secure fashion.
That's another thing that isn't common knowledge; the difference that a few characters can make in making passwords secure.6t8k wrote:"OK, if I remember/write down 12 characters now, then my password will simply be compromised tomorrow because computers became faster. There's no threshold anyway"
Keep in mind security increases exponentially, not linearly, when making your password longer.
I'm aware and agree with what you wrote. Just to reiterate, I'm not against password managers at all. I simply think that, realistically speaking, their best asset (and I suppose, selling point) is that you only have to remember a single password, greatly simplifying the task of having different passwords for every website (which is quite important, mind you). Since you can use the maximum length allowed for any given website, they are technically more secure, but beyond a certain length, you get exceedingly diminishing returns.6t8k wrote:When using a password manager, since you don't have to remember it, always use the longest password possible on any given site (I do).
For example, when using a randomly generated password of 32 characters in length, no digital computer will ever be able to crack it due to fundamental physics limitations, provided the hash function used to store it in the database was not complete rubbish. (there is still no 100% security because there are other ways of compromising an account besides cracking the password)
Anyway, I've been rambling for quite a bit. Don't let me deter anyone into using a password manager; they are useful.
-
- Posts: 1188
- Joined: Tue Mar 12, 2019 5:18 pm
Re: Was the forum ever hacked or compromised?
And what's a good password manager these days, while you're at it?
Re: Was the forum ever hacked or compromised?
I like KeePassXC, which is open source and runs on win/linux/mac. I primarily chose it because it is OSS and runs on Linux.
There are no official mobile versions, though there is a similar app for Android (KeePass2Android) based on KeePass. It doesn't support automatic cloud syncing, though you can simply store the encrypted passwords file in your cloud service of choice. There are alternatives, such as LastPass (free+paid upgrade) , BitWarden (free+paid upgrade) and 1password, but I've no experience with them so I'll leave it to others to chime in.
There are no official mobile versions, though there is a similar app for Android (KeePass2Android) based on KeePass. It doesn't support automatic cloud syncing, though you can simply store the encrypted passwords file in your cloud service of choice. There are alternatives, such as LastPass (free+paid upgrade) , BitWarden (free+paid upgrade) and 1password, but I've no experience with them so I'll leave it to others to chime in.
Re: Was the forum ever hacked or compromised?
That applies to offline cracking only. Computing power doesn't really help you against server side rate limiting, it might help you with captchas in some way though.
Sure, picking a longer password might help you, but only if you're the sort of person who re-uses passwords and then only if the server that's compromised have properly stored the passwords.
But you shouldn't be re-using passwords and you shouldn't be relying on the server to store them properly in case of a compromise.
So I still see telling people to use long passwords for online services as a stupid half-measure that will only give them a false sense of security.
The standard is invalidating your password if it has been compromised.__SKYe wrote:Yup, nothing can be done about this other than hoping that you get notified about the breach before any nefarious individual actually accesses your account, so you can change your password.
I can't recommend what I do for most people (a combination of Firefox's built in password manager and KeePass).Bassa-Bassa wrote:And what's a good password manager these days, while you're at it?
I think any of the most popular ones are fine. Lastpass is the first that comes to mind.
Re: Was the forum ever hacked or compromised?
Thanks, glad it was helpful to you. I love screenshots, specially of 2D games.BIL wrote:Yet another piling in with thanks. VGMuseum is one of my longtime favourites, was looking up some early Neo Geo endings for my ATTRACT MODE thread just recently.
For 20 years :OBratwurst wrote:Personal opinion: VGMuseum is a cornerstone of video game archaeology on the internet. It's wonderful that you're still updating the site.ReyVGM wrote:Well, thanks for the boost guys. That motivates me into continuing doing screens.
It's difficult to remember a bunch of different passwords.ZellSF wrote:I have no idea why people re-use passwords. There are much more convenient ways to deal with passwords, that won't hurt you, or others.
.
I've never heard of that, what does it do exactly? What's the name of a good (free) one?6t8k wrote:For sites that require a password, use a password manager, with long and randomly-generated passwords and different for each site. They're easy to use. There's really no excuse.
.
Re: Was the forum ever hacked or compromised?
A password manager is a program that remembers passwords for you. All you ever type is your master password, and you let the password manager generate passwords for all other sites that it will automatically use if the password manager is unlocked with the master password.ReyVGM wrote:I've never heard of that, what does it do exactly? What's the name of a good (free) one?6t8k wrote:For sites that require a password, use a password manager, with long and randomly-generated passwords and different for each site. They're easy to use. There's really no excuse.
I think Googling "Password manager" will serve you better, here's the first article I found:
https://www.howtogeek.com/141500/why-yo ... t-started/
(there's a small inaccuracy there: Firefox can generate passwords now).