Questions:

[jab1]

1) Why is the address now boards.straightdope.com/ ? Will the old addresses work?

2) When the Board was up on Wednesday, I changed my password. Should I change it yet again?

3) Has the FBI been notified? This WAS an interstate crime, you know.

------------------
>< DARWIN >
____L___L__

[Drain Bead]

1. My old bookmark has to be reloaded when I get to the page, and then it works. Don't ask me.

2. In another thread, Melin said that some mod said it was best to be safe and change your PW again if you changed it at some point on the 23rd.

3. Where's Konrad been?

[Arnold Winkelried]

Quote:

Originally posted by Drain Bead:
2. In another thread, Melin said that some mod said it was best to be safe and change your PW again if you changed it at some point on the 23rd.

Say it ain't so!!

[Ed Zotti]

We got hacked. The hacker had access to everything on the whole damn server, including the password list. So unless you want somebody using your screen name to start posting obscene limericks in Gaelic, we advise changing your password. There's an announcement in each forum that talks about this - click on it for detailed instructions if you're not clear on the procedure.

"There once was a woman from Kilkenny . . . "

-Melin

[Arnold Winkelried]

Any word on whether or not we should change our password again if we changed it on the 23rd?

[manhattan]

Arnold, it is unclear to any of us whether the password file was re-accessed after the first outage, but changing your password is a 10-second operation that costs nothing. Not changing it is a zero-second operation that potentially could be bad for you. I re-changed mine.

------------------
Change Your Password, Please and don't use HTML, as it has been disabled

[SterlingNorth]

You're saying they saw everything.

Should I change my email address also, to just be on the safe side.

-------
Provided that, by the time somebody responds to this, I would have already changed the address. But I'd like to know if I'm being too paranoid.

------------------
I will not be pushed, filed, stamped, briefed, debriefed, or numbered. My life is my own. You won't hold me!"
--Matrix

[jab1]

Okay, I changed my password again. But I don't think I need to change my email adress because I use a different password there. I use different passwords EVERYWHERE.

If you think you need to change your password every time you post, I'm pretty sure you're over-reacting.

On the other hand, paranoia is justified if they really are out to get you.

------------------
>< DARWIN >
____L___L__

[Arnold Winkelried]

Quote:

Originally posted by manhattan:
Arnold, it is unclear to any of us whether the password file was re-accessed after the first outage, but changing your password is a 10-second operation that costs nothing

Except that I'm the kind of idiot that uses the same password everywhere, so I went ahead and spent an hour changing all my passwords. Now I have to go do it again!?!

[manhattan]

Nah. Just ours. Before you do it, kill the cookies (in the preferences screen). When you’ve changed it, go back to preferences and choose the option to store the username and password. When you post, the password should fill itself in. Then you don’t have to remember it at all. You just have to write it down somewhere so you can re-enter it if you or the board has a cookie problem in the future.

Sterling, I don’t think you have to go change your email addy, but if you used the same password for the email and the board, you will want to change the password. Also, if you start getting any weird emails, let us know.


------------------
Change Your Password, Please and don't use HTML, as it has been disabled

[Arnold Winkelried]

manhattan, what I mean is that on the 23rd I changed my password for SDMB, but I also changed the password that I use (for example) to order books from a large on-line merchant, so if someone could guess my username with the large on-line merchant, they would know my password, since the password I use for SDMB is the same password that I use for any web-based account. Though the chances of someone going to all that trouble are pretty slim.
Again,

[manhattan]

Ooh. That’s more serious indeed. Lemme ask.

------------------
Change Your Password, Please and don't use HTML, as it has been disabled

[tanstaafl]

I know how you feel Arnold. I just finished changing my password on 17 sites. I guess I should be using different passwords everywhere but... How the heck am I supposed to remember a different password for every site I access. (23, if I found all of them, plus my two ISPs and two personal domains)

------------------
"Drink your coffee! Remember, there are people sleeping in China."

dennis@mountaindiver.com
www.mountaindiver.com

[TubaDiva]

It's never a good idea to have the same password on everything you use.

Think of it this way: a potential hacker has a piece of information about you. If that information is good in more than one place, then your security is STILL compromised.

I'd be changing those passwords if I were you.

your humble TubaDiva

[Arnold Winkelried]

Quote:

Originally posted by tanstaafl:
I know how you feel Arnold. I just finished changing my password on 17 sites. I guess I should be using different passwords everywhere but... How the heck am I supposed to remember a different password for every site I access. (23, if I found all of them, plus my two ISPs and two personal domains)

That's exactly the way I feel! I also have "accounts" at a lot of web sites! Plus I go to some websites and sign up to see what it's like, and then I might decide it's not that interesting and not go there for a couple of months. But I used to like the fact that when I returned I would know my password.

I guess what I will do is divide my web accounts into two groups:

a) Those often used and those having financial information;
b) Those that I join for a "lark."

The ones in group a) will be maintained in a list and the password frequently changed.

[TubaDiva]

The Reader is in discussion with UBB over the software, let me put it like that.

your humble TubaDiva
Administrator
The Straight Dope

[smw]

How was this cracker able to grab passwords? They're not stored in cleartext, are they? Don't you use a one-way encryption algorithm?

[smw]

(answering my own question) I see passwords *are* still stored in cleartext. I'd recommend an immediate change to this policy; store passwords encrypted; allow users to request a password change, but not to request their password.