Got something to say or just want fewer pesky ads? Join us... 😊

[Misc] Mumsnet hacked (and a reminder about NSC)



Bozza

You can change this
Helpful Moderator
Jul 4, 2003
55,575
Back in Sussex
Mumsnet, the popular, parenting website has been hacked: http://www.mumsnet.com/Talk/site_st...think-you-should-do-PLEASE-READ-PART-TWO?pg=1

If you know anyone who uses the site, or you do yourself, you will have to set a new password for your account. However, if you use the same username/email address and password combo on any other sites, you should change those ASAP too.

The hacker has done lots of bits and pieces including, now, posting 3000 user passwords online: http://pastebin.com/TABvdBen

Which brings me to NSC...

From humble beginnings, Mumsnet is a bit of a monster now, full-time staff and a lot of resources, yet they have still come unstuck if a quite horrible way. NSC doesn't have full-time staff nor much in the way of resources.

I use what I've always considered to be the best messageboard software for NSC, vBulletin, which is why it costs money and is not free. It has a full-time team working on it. When updates or patches are released, I apply them as soon as is practical. Your passwords are stored in encrypted fashion. I can't see them, even if I wanted to, nor can anyone else.

I use a host, Rackspace, which has significant resources and investment in security. This costs more than a lot of other hosts.

Despite this, it would be foolish for me, or anyone, to think NSC could not be hacked at some point in the future. As such, my one word of advice for you, when using NSC, is do not use the same password that you use for any other site where you have registered the same username and/or email address. We are told we should do this anyway, but few people do because having a different password for every site, unless you use a password safe, is a pain in the arse.
 




Iggle Piggle

Well-known member
Sep 3, 2010
5,281
Some of those passwords are ace

Children1
teaandcustardcreams
Jesusllives and my personal favourite
*bollocks*
 


gazingdown

Well-known member
Feb 26, 2011
1,055
What sort of security system stores password such that they can be decrypted.... Poor showing.

Passwords should be one-way encryption/hash, not two way. I hope NSC is one way?
 








deletebeepbeepbeep

Well-known member
May 12, 2009
20,889
One thing I would advise everyone to do is try and use Keypass a program which uses an algorithm to create nonsense passwords for you. I use this to make a password for each site I use, then I just need to login to keypass to copy and paste the password into each site and ask the browser to remember that password.

It's a bit anal retentive, but if you use the same password for every site then you're opening yourself up to someone getting access to all of your information.

Clearly this is only a good idea if you are sensible with your computer usage and don't click on every link you get sent by some anonymous email address.
 










Grombleton

Surrounded by <div>s
Dec 31, 2011
7,356
I use 1Password to store all my web logins, costs a few quid but well worth it.
 




Bozza

You can change this
Helpful Moderator
Jul 4, 2003
55,575
Back in Sussex
What sort of security system stores password such that they can be decrypted.... Poor showing.

Passwords should be one-way encryption/hash, not two way. I hope NSC is one way?

Yes. How strong it is, I don't know. vBulletin is software for messageboards, not financial transactions. Even encrypted stuff can be cracked or brute forced if enough processing power can be harnessed.

One thing I would advise everyone to do is try and use Keypass a program which uses an algorithm to create nonsense passwords for you. I use this to make a password for each site I use, then I just need to login to keypass to copy and paste the password into each site and ask the browser to remember that password.

It's a bit anal retentive, but if you use the same password for every site then you're opening yourself up to someone getting access to all of your information.

Clearly this is only a good idea if you are sensible with your computer usage and don't click on every link you get sent by some anonymous email address.

How good are Password Safes? It seems counterintuitive to secure your passwords by telling someone what they all are.

Particularly if your safe gets compromised: http://www.pcworld.com/article/2936272/online-password-locker-lastpass-hacked.html
 


Pevenseagull

Anti-greed coalition
Jul 20, 2003
19,513
Surely the only sensible thing to do is use the name of your first pet/ mothers maiden name
 






Pevenseagull

Anti-greed coalition
Jul 20, 2003
19,513
I wonder how many NSC users have 'seagulls' as their password?
 


Puppet Master

non sequitur
Aug 14, 2012
4,055
I wonder how many NSC users have 'seagulls' as their password?

Not me, I've always used Goldstone1983 as it's not very easily guessed and contains a good mix of upper case and numerical digits. Other than that, I tend to go for my bank account number 001297450, add the sort code with the hypens 01-09-25 and I'm pretty much untouchable.
 




Phat Baz 68

Get a ****ing life mate !
Apr 16, 2011
5,023
Some of those passwords are ace

Children1
teaandcustardcreams
Jesusllives and my personal favourite
*bollocks*

Eggandchips76 made me laugh for some reason :lolol:
 









Paying the bills

Latest Discussions

Paying the bills

Paying the bills

Paying the bills

Albion and Premier League latest from Sky Sports


Top
Link Here