Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors Forums: Security Leak

Ledgem said:
The worst they can do? Learn your email address, your user name, and your password. If your password wasn't created with a random generator, then they'd have an idea of how you choose your passwords. If you use the same username on any other sites, they'd likely be able to gain access to them. If any of those sites have security questions, they might be able to gain access to your answers. All of this information can be compiled and then used against juicier targets than web forums, where they can gain even more details about you. At absolute worst, this could lead to identity theft, leaving you to clean up a credit mess after a criminal went on a spending or activity spree, posing as you.

Is it likely that this would actually happen? It doesn't seem like it, but these types of things are unfortunately very common and their incidence only seems to be increasing. As the saying goes, "it isn't paranoia if they really are out to get you." Your information and identity has monetary value to a lot of people, so consider that they are indeed out to get you, and operate accordingly.
Click to expand...

Not scared not worried. Too many variables with other sites to login. Don't use exact same credentials elsewhere. So they would need to manually target me. Seems unlikely.
 
There are many other tools or apps out there. I use 'Da Note' for iPhone which can found from the App Store.

Quu said:
Times like this make me happy I use 1Password with a different password generated for every site.
Click to expand...
 
So how do I get 1Password to sync with iCloud? As of now I just paid $77 for some garbage. My mac won't sync with my iPhone. I followed all the directions and nothing.
 
Meh, this is why I never use my real email address to join a forum. I have a gmail account specially for forums for reasons like this.
 
Definitely iCloud keychain doesn't work on Mavericks. Tried several times creating a random password and it didn't get stored into my iCloud keychain. Also I tried adding manually a password for MR forum and Safari didn't match the username/password when I try logging in.
 
I hate it exposed my password !!!. I think nowadays sharing password is inevitable. I hoped that site administrator can do a better (reasonable) job next time.
 
Where is SSL/HTTPS forum login?

I'll bet some admin was logging into this forum on open WiFi, and someone grabbed his credentials.

MR, you guys need to enable HTTPS logins. WE don't want our logins being available in clear text to sniffers.
 
Mattsasa said:
Why would someone hack macrumors forums ?? What would they have to gain?
Click to expand...

Email addresses and passwords. No one has just one account for anything on the internet, and the chances that a number of people here might have used the same email and password for a number of different sites, up to and including bank and/or credit card accounts, is too much of a temptation to resist. For a hacker, there's potential paydirt on every forum they tear apart.

And for the record, I don't blame the Macrumors staff for being sloppy or stupid or whatever. It doesn't matter how vigilant anyone is these days. If you've got enough members, your site will eventually get hacked sooner or later. The most anyone can do is delay the inevitable, and mitigate the damage done.
 
brdeveloper said:
Definitely iCloud keychain doesn't work on Mavericks. Tried several times creating a random password and it didn't get stored into my iCloud keychain. Also I tried adding manually a password for MR forum and Safari didn't match the username/password when I try logging in.
Click to expand...

ICloud Keychain worked for me here. After I changed my password I had to log out and then in again for it to work. At that point I was asked if I wanted to update the password in keychain.
 
Doctor Q said:
What Internet event occurred on Unix date 594496800?
Click to expand...

Did you mean to say "UNIX time"?

And did you mean "November 2 1988 – The Morris worm, the first computer worm distributed via the Internet, written by Robert Tappan Morris, is launched from Massachusetts Institute of Technology in the U.S."?
 
Last edited:
MacVidCards said:
This.

I'll bet there are folks who only come here to ask questions when they can't load "Angry Birds 2" on their iPod.

And some of them might use same email and password on their bank/Paypal sites.

So if they don't happen to come by here, that gives the hackers a few weeks to empty their accounts out.

When other sites I belong to have been hacked they sent an immediate email with details and instructions to start changing passwords.

Seems like that should be standard protocol.
Click to expand...

Probably the hackers are more interested on collecting e-mail addresses since the passwords are hashed. MD5 is not a perfect password protection, but they'll have to apply a brute-force algorithm to get a match between guesses and hashes. Also, even if they discover strings that correspond to some MD5 hashes, they'll not be useful since most serious sites doesn't hash passwords with MD5 (e.g. Gmail).

In short, these hackers will only be able to log into sites that store passwords in MD5 hashes, that is, basically discussion forums. Not a big issue in my opinion.
 
Last edited:
CKA said:
I hate it exposed my password !!!. I think nowadays sharing password is inevitable. I hoped that site administrator can do a better (reasonable) job next time.
Click to expand...

Stuff happens and I don't blame anyone who runs this site. This is why you, me, and every member on here should be responsible for your pass codes. Use different ones, and better ones for every site you go on.

No matter how strong a site is, it's man made, so it can be man broken.
 
Jimbo47 said:
So how do I get 1Password to sync with iCloud? As of now I just paid $77 for some garbage. My mac won't sync with my iPhone. I followed all the directions and nothing.
Click to expand...
I'd suggest asking over at the AgileBits 1Password Discussion Forums. They're a friendly and helpful bunch. Syncing works beautifully for me; once you populate it with information (it can handle more than just website logins), 1Password is incredibly useful.
 
Ledgem said:
I'd suggest asking over at the AgileBits 1Password Discussion Forums. They're a friendly and helpful bunch. Syncing works beautifully for me; once you populate it with information (it can handle more than just website logins), 1Password is incredibly useful.
Click to expand...

I think I figured it out. Well no.. I didn't really figure anything out. I did a Wi-Fi sync to initially transfer everything to my iPhone. Now when I add passwords on my Mac it syncs them through iCloud to my iPhone. I'm not sure why it wasn't working initially. It might have been a problem with iCloud itself.
 
I luld at the hack, I guess it was MR's turn this time around. No biggie unless you're one of those use one password and same user name all over type...
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back