DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > General Publishing Topics

Reply
 
Thread Tools Display Modes
Old 05-31-2012, 02:06 PM   #1
Andrew B.
Staff
 
Andrew B.'s Avatar
 
Join Date: Jan 2005
Location: Los Angeles, California
Posts: 3,501
Default Domain Registration Hacked

mybb.com (the website for mybb free forum software) was a target of hackers who managed to hack into namescheap where the domain is registered, and point their URL to a different site. I guess I'll stay away from namescheap as a registrar. Right now they are doing a review to see if the hackers managed to affect site itself. So it's still off line

   
__________________
fallberry.com

Last edited by Andrew B.; 06-02-2012 at 08:29 AM.
Andrew B. is offline   Reply With Quote
Old 05-31-2012, 02:36 PM   #2
annc
Sysop
 
annc's Avatar
 
Join Date: Oct 2004
Location: Subtropical Queensland, Australia, between the mountains and the Coral Sea
Posts: 4,434
Default

Quote:
Originally Posted by Andrew B. View Post
mybb.com (the website for mybb free forum software) was a target of hackers who managed to hack into namescheap where the domain is registered, and point their URL to a different site. I guess I'll stay away from namescheap as a registrar. Right now they are doing a review to see if the hackers managed to affect site itself. So it's still off line.
Hmm, I had a look at their site and you have to wonder how they can offer registration and hosting at less than half the cost of other registrars and hosting companies. I'd be worrying about the integrity of the data center for a start, and all the other background support services that are too important to be subjected to shortcuts or cost cutting by use of cheap hardware/software, lack of upgrades etc. I'm not saying namecheap do this, but you have to wonder how they provide the services they offer for the prices they advertise.

   
__________________
annc is offline   Reply With Quote
Old 06-02-2012, 08:31 AM   #3
Andrew B.
Staff
 
Andrew B.'s Avatar
 
Join Date: Jan 2005
Location: Los Angeles, California
Posts: 3,501
Default

Here is a link to a description of what they know about how the hack took place. http://blog.mybb.com/

They are going to update this if they learn more. But as of now it appears as though the initial exploit was personal information of the project manager, which in turn gave them passwords to other places, his telephone, and personal information. I think this is worth reading as a lesson on how things can go bad.

BTW, can someone here tell me what Apple ID accounts are. Does Apple provide an integrated service based on a common ID?

   
__________________
fallberry.com
Andrew B. is offline   Reply With Quote
Old 06-02-2012, 11:23 AM   #4
ktinkel
Founding Sysop
 
ktinkel's Avatar
 
Join Date: Oct 2004
Location: In Connecticut, on the Housatonic River near its mouth at Long Island Sound.
Posts: 11,189
Default

Apple ID: a username, basically. If you have Mac Mail, an iTunes account, or ever bought anything from Apple directly, they use this ID.

   
__________________
[SIZE=2][COLOR=LemonChiffon]::[/COLOR][/SIZE]
[SIGPIC][/SIGPIC]
ktinkel is offline   Reply With Quote
Old 06-02-2012, 12:33 PM   #5
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,918
Default

Quote:
andrew: http://blog.mybb.com/
Very interesting reading! Very scary that they were able to access so much based on the Apple ID info.

What is "two factor authentication"?

Terrie
terrie is offline   Reply With Quote
Old 06-02-2012, 01:14 PM   #6
annc
Sysop
 
annc's Avatar
 
Join Date: Oct 2004
Location: Subtropical Queensland, Australia, between the mountains and the Coral Sea
Posts: 4,434
Default

Quote:
Originally Posted by terrie View Post
What is "two factor authentication"?]
It's a secure method of authentication requiring two of three possible methods of authentication: something you have, something you know and something you are. The Wikipedia article on it is quite good. We had the tokens at work for remote access and it was a pain to carry them around. Loved it when they put out a software token via an iPhone app.

   
__________________
annc is offline   Reply With Quote
Old 06-02-2012, 02:36 PM   #7
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,918
Default

Thanks for that link...I hate having to select answers to the security questions...some of the places that use it go on and on and on and on with so many damned questions it's ridiculous because who remembers the answers...'-}}

Terrie
terrie is offline   Reply With Quote
Old 06-02-2012, 03:00 PM   #8
annc
Sysop
 
annc's Avatar
 
Join Date: Oct 2004
Location: Subtropical Queensland, Australia, between the mountains and the Coral Sea
Posts: 4,434
Default

Quote:
Originally Posted by terrie View Post
Thanks for that link...I hate having to select answers to the security questions...some of the places that use it go on and on and on and on with so many damned questions it's ridiculous because who remembers the answers...'-}}
And they're still using only one authentication source, i.e. what you know. Centrelink (social security) here requires the provision of 5 questions for later authentication, but it's still a single authentication method.

   
__________________
annc is offline   Reply With Quote
Old 06-02-2012, 04:36 PM   #9
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,918
Default

Quote:
ann: And they're still using only one authentication source, i.e. what you know.
Exactly and, after reading that article, it tells me that my gut reaction that the process is pretty stupid was confirmed...'-}}

Terrie
terrie is offline   Reply With Quote
Old 06-02-2012, 08:19 PM   #10
Andrew B.
Staff
 
Andrew B.'s Avatar
 
Join Date: Jan 2005
Location: Los Angeles, California
Posts: 3,501
Default

I'm reading about this in more than one place. Here's a tip:

Quote:
Make sure your passwords are safe, especially to your email account where password resetting emails will get sent to. That's basically how all of this started

   
__________________
fallberry.com
Andrew B. is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
1and1 for domain registration? terrie Web Site Building & Maintenance 11 10-26-2008 11:16 PM
.nu domain registration - suggestions? iamback Web Site Building & Maintenance 12 05-11-2008 07:04 AM
Domain registration hijinks ktinkel Web Site Building & Maintenance 8 09-30-2005 05:21 AM


All times are GMT -8. The time now is 07:16 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.