A public apology for calling MMO-champion out on security issues

[Annoying]

We aren't so much arguing against as much as it's a pointless upgrade.


In the 7-10 years this site has been open. How many accounts have you heard about being hacked? I know in the 3-4 years I've been here I haven't heard of one. Considering that, I don't think there is really that much of a risk of being hacked.

Well, being that I was a moderator for quite a long time, plenty of accounts.

Even a moderator's account was once compromised, resulting in freaking *porn* on the front page.
Every moderator was actually required to change their password as a result of an attempt at malicious SQL injection. It failed, but additional security layers really don't hurt anything. It's not pointless.

Edit: Think about it this way. If someone manages to do this to someone with the power to publish content, a single malicious ad embedded on the front page for a couple of hours could result in several hundred thousand people being exposed to keyloggers or other malicious content.

[haxartus]

Edit: Think about it this way. If someone manages to do this to someone with the power to publish content, a single malicious ad embedded on the front page for a couple of hours could result in several hundred thousand people being exposed to keyloggers

No they won't, unless they are using a browser form 2003.

[Arainie]

Who uses their real name in a personal email address? Hell any smart person wouldn't put anything sensitive on their junk email address. My Facebook profile is not public and again any smart person knows how and when to change privacy information.

You just assumed that said person in your example is a dim-wit and went on your hypothetical situation train. I'd wager that most people here are somewhat tech-savvy and aren't complete idiots.

Millions of people use names in their e-mail adresses, both first names and surnames. I dare to assume that the most common e-mail address is comprised of first name, last name and year of birth (like 1985 or 85). Far more people than you think have their Facebook profile public, I'd bet my nuts on that they're a majority.

I'm assuming the reasonable about your average MMOC user. Most people who play WoW, and a large majority of the fansite members, are not tech-savvy and have no idea what the difference between a worm and a backdoor is or how to protect themselves beyond antivirus software. I went on my hypothetical train because it's the more likely of the two (your "dim-wit" versus your tech-savvy), and I base my assumption on 4 years of computer science studies including several courses on computer security covering everything from law and ethics to practical white-hat/ethical hacking.

That said, again, I don't think it's a likely scenario for a MMOC account. It is however completely possible and a pretty common way for hackers to find passwords to gaming accounts (gaining access to someone's account by finding the answer to their secret question for example).

[Annoying]

No they won't, unless they are using a browser form 2003.

Nah, just outdated java or any other plugin, really.

[haxartus]

Nah, just outdated java or any other plugin, really.

Plugins are auto-updated, along with everything else.

[Belize]

Even more stupid logic. Let's apply it to toys. Should the small parts warnings be removed since parents are at fault for not being savvy enough? Should slippery floor signs be removed from bathrooms because people are too stupid to look where they're walking?

If a security feature is virtually free and protects its users, it should be used. Saying that it shouldn't because you believe stupid people deserve consequences is idiotic.

Small part warnings apply to 3 year olds. If a 12+ (What I assume the MMO-C community age range is) chokes on small toy parts because they shoved it in their mouths, yes, they should choke to death and it IS their fault.

[Deleted]

My pron links are not safely hidden anymore. Please PM with how to protect myself...oh wait!

[Deleted]

Well I hope someone has fun reading through my 55 PMs from the always friendly Scrapbot.

[apepi]

Yeah, the threat is being overstated.

I'm sure SSL is on the list of future improvements, but considering that Blizzard themselves don't use it for their forums and neither do any of our competitors... it isn't something that is like "OMG DROP EVERYTHING AND ADD SSL SUPPORT RITE NAO".

Could you even do it without vbulletin?

Well I hope someone has fun reading through my 55 PMs from the always friendly Scrapbot.

You guys make me look tame.

[Deleted]

It's 2017 and this site is still on MD5...

The password is in clear-text-hash on a packet outgoing.

Shady man.

PGP folk and a lot of others are reccomending not to even use the algorithm. Likely because breaking it nowadays is probably childs play. And looking at the size of my own PW, not surprised.

[Jimson]

It's 2017 and this site is still on MD5...

The password is in clear-text-hash on a packet outgoing.

Shady man.

PGP folk and a lot of others are reccomending not to even use the algorithm. Likely because breaking it nowadays is probably childs play. And looking at the size of my own PW, not surprised.

Seems like something you could bring up in the Feedback forum, rather than necroing a 3-year old post for no reason.

[Crissi]

Yes, please bring up the issues on the Suggestion and Feedback forum instead of nercroing old threads

closing