Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Complaint from MacRumors users about the recent security issue.

annk

annk

Administrator
Staff member
Apr 18, 2004
15,140
9,357
Somewhere over the rainbow
Orange Furball said:
...however I do have another complaint. The way warnings and timeouts are given is a little annoying, While I have not been in a timeout, I have been warned many times for an issue that is not needed at all. Thread bumping. What is the big deal with it if its not excessive? I don't see why I should be warned for responding to my own thread. The same goes for calling people "Fanboys" and such, these words are not offensive and if users find them to be offensive, they need to wake up and realize where they are. The Internet. You see, on the internet people tend to have and voice very strong opinions. These opinions can be said in mean or nice ways, but I wouldn't categorize "fanboy" as mean, and I don't believe 90% of this forum would either. I will readily admit I am an Android/Google fanboy, I know "I'm on MacRumors not Android Forums" but I am just stating a fact. Do I or would I get upset, mad, or offended if someone called me a fanboy while praising Google? No. Because there is no reason to get upset over such stupid things.

T be frank, a lot of these issues need to be dealt with and the rules/punishment system needs to be refreshed. We must remember this is a forum. Forums are for open discussion. What is being done lately is basically internet censorship, and we all know what happens to sites that like to censor junk. They go away.

-Matt
Click to expand...

You're welcomed to start a new thread about things you don't like in the rules, but I suggest we keep things on-topic here.
 
F

flyperson

macrumors newbie
Dec 8, 2009
7
0
Plain English

Hi there,

It appears that Macrumors has rather dropped us in it, so I think the least they can do is explain what happened in plain English - not everyone here is an übergeek. So… what is a 'hashed password', which has apparently been purloined by the miscreants - is this the password or not? Please explain.

Regards and TIA.
 
arn

arn

macrumors god
Staff member
Apr 9, 2001
16,363
5,795
flyperson said:
Hi there,

It appears that Macrumors has rather dropped us in it, so I think the least they can do is explain what happened in plain English - not everyone here is an übergeek. So… what is a 'hashed password', which has apparently been purloined by the miscreants - is this the password or not? Please explain.

Regards and TIA.
Click to expand...

Sorry about the confusion.

Hashed password means the password was converted one-way into an unrecognizable form and stored that way.

The hackers stole the hashed password, so not the actual password. However, given computing power these days, if your password isn't very complex, they could brute force figure it out by trying lots of combinations. That's why we recommend you still change it and don't use it anywhere else.

arn
 
F

flyperson

macrumors newbie
Dec 8, 2009
7
0
Many thanks for that fulsome explanation. Much clearer now, and much appreciated.


arn said:
Sorry about the confusion.

Hashed password means the password was converted one-way into an unrecognizable form and stored that way.

The hackers stole the hashed password, so not the actual password. However, given computing power these days, if your password isn't very complex, they could brute force figure it out by trying lots of combinations. That's why we recommend you still change it and don't use it anywhere else.

arn
Click to expand...
 
FloatingBones

FloatingBones

macrumors 65816
Jul 19, 2006
1,486
745
Orange Furball said:
Everyone, It seems that my original fear when opening this discussion has come true. You guys are fighting over nothing. There is no reason to be arguing about anything here. This was a discussion on what MR, in my opinion and the opinion of the others involved with me, did incorrectly. While basically anything on the internet sparks arguments there is no reason to argue this much.
Click to expand...

From the beginning, I think it was pretty obvious to the MR staff what was and was done incorrectly. It's equally obvious they are highly motivated to not have breaches like this happen again. I trust them to deal with the problem. Unless people just wanted to vent, I didn't see value in talking publicly about the frustration.

Based on today's exchange with Arn here, it's clear many don't consider the nuances of password management until a crisis like this happens. Sadly, it's like many disasters: a small number of preventative measures could mitigate the damage.

I am truly excited by mechanisms like SQRL which will be coming online in the next few months. I think they hold great promise to categorically prevent much of the risks of identity verification for many server systems. I am somewhat surprised it took this long for someone to figure out how to create a cryptographically-strong mechanism of this kind.
 
Last edited:
SlCKB0Y

SlCKB0Y

macrumors 68040
Feb 25, 2012
3,426
555
Sydney, Australia
r0k said:
Since I work on multiple platforms I don't really have a password safe that is truly "cross platform" so certain "quicky" passwords might get used on another site.
Click to expand...

I use Keepass (in one form or another) on Windows, Linux, Mac, FreeBSD, Android and iOS.
 
A

Aspasia

macrumors 65816
Jun 9, 2011
1,345
101
Halfway between the Equator and North Pole
FloatingBones said:
From the beginning, I think it was pretty obvious to the MR staff what was and was not done incorrectly. It's equally obvious they are highly motivated to not have breaches like this happen again. I trust them to deal with the problem. Unless people just wanted to vent, I didn't see value in talking publicly about the frustration.

Based on today's exchange with Arn here, it's clear many don't consider the nuances of password management until a crisis like this happens. Sadly, it's like many disasters: a small number of preventative measures could mitigate the damage.
Click to expand...

And in the spirit of that excellent preventative measures warning, don't forget to backup your data on a regular basis. :)
 
rhett7660

rhett7660

macrumors G5
Jan 9, 2008
14,224
4,304
Sunny, Southern California
thejadedmonkey said:
I got an email from Adobe about a week ago, informing me of a database breach. That took them about a month. The Ubuntu forums were down for weeks. In this instance, the forums were repaired quickly, a notice was placed on the front page, and I'm certain that Arn will issue a mass email soon.

You need to guard passwords with the assumption that they will be hacked, not if, but when, and take steps to make sure that the password you use doesn't compromise any other accounts.
Click to expand...

Easy, you mean not using the same email and password combination at multiple sites isn't smart?????!!!!!!

I for one like the way this was handled. The site was shut down, notification was made via the front page. Password was changed. Let's move on and let's hope Arn and company learn from this and try to make this a safer place.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom