PST Time 00:00:00GMT-8
Local Server Time 00:00:00GMT+8
ID
Password
FlashGuide
FlashGuide
HA Infomation

General Discussion
Forum Quick Menu

  Index

  • Security Hole

    06. 22. 2011 06:12


Gtdawg
In case anyone was wondering, they should change their passwords immediately.

There is a massive security hole in how accounts and emails are verified that I've been talking about for a week.

I have submitted a support ticket already, but it is a change that can't happen right away.

If you have given your account password out to anyone at all, change the password as soon as you read this.

Do not assume that having the trade password provides additional security!!!!!!!!!!!

The announcement stated that this website included increased security when, in fact, they've undone a few things and have completely opened up everyone to losing their account.  

 

  • Re : Security Hole

    06. 22. 2011 12:48


vick11
Please read again GT - I said I have engaged on it previously and I have done so again now. I do not know whether something additional will be introduced that is website specific or a change to which email address is used to make the change, but I am not ignoring it.

In the meantime though it is worth reiterating the do not share line because far too many people ignore the warning no matter how many times we repeat it.

  • Re : Security Hole

    06. 22. 2011 12:49


Elliot2lazy
Originally Posted by vick11
Please read again GT - I said I have engaged on it previously and I have done so again now. I do not know whether something additional will be introduced that is website specific or a change to which email address is used to make the change, but I am not ignoring it.

In the meantime though it is worth reiterating the do not share line because far too many people ignore the warning no matter how many times we repeat it.



Well at least it is good to hear that you are not ignoring it.

  • Re : Security Hole

    06. 22. 2011 12:53


Gtdawg
I was not really referring to you. I appreciate that you are working hard and that you recognize the issue that I'm trying to point out.

I was referring to the other mod who felt the need to go with the "do not share passwords, how do I make this easy, don't share" nonsense.

It adds nothing to the discussion. Everybody already knows that.

And, like I said before, simply repeating that line over and over again doesn't change the issues I have raised. That it is seemingly done sarcastically is just pointless.

  • Re : Security Hole

    06. 22. 2011 13:08


Piombo
Originally Posted by BBR_InsUW
Originally Posted by Piombo
for some reason im getting an Error page and Tracert stack packet when atemting to edit personal info


What browser are you using?


Foxfire

  • Re : Security Hole

    06. 22. 2011 14:56


mfischer
and GT when you do fill, out the verification page the security or lack thereof is exposed.

The verification of account details uses SSL but the site is not secured and no certificate verification is displayed.
The site data with a path to the secure server is exposed in the HTML code in the scouce code.

Are the SID's rotated or static?

document.forms[0].action='https://secure.navyfield.com/UserAuth/Login.aspx?sid=*******************'

Note SID data removed.

  • Re : Security Hole

    06. 22. 2011 15:11


RADB
I'm not sharing my account, but if someone is able to guess my password, I lose my account... nice, really nice...

To anything you want to do with your account, you need to check your e-mail, except for changing the e-mail!
This makes no sense...

  • Re : Security Hole

    06. 22. 2011 15:15


Hoplita
No need to panic now, SDE will fix this soon "Our Later" rolling eyes!,

Even with those holes, it isen't easy to grab a account and steal it just like that, but i just suggest do not fill in any private information jet, like fhone numers etc.. until it's safe. I wan't to forget what happend to my PSN account

RADB guesing your password? let me begin:

Your PW = donotguesmypassword

  • Re : Security Hole

    06. 22. 2011 16:26


RADB
I think my password is safe, but maybe someone thinks exactly like me... who knows...

  • Re : Security Hole

    06. 22. 2011 17:02


mav2kfk
Originally Posted by Gtdawg

There needs to be an additional password and/or you MUST send a verification email to the original verified email. Not to the new one.


everything else is Game-Boy Security level !!!!!!!!!! SDE

  • Re : Security Hole

    06. 22. 2011 17:09


wagmaister
I will stop playing until SDE fix the change email confirmation form, and SDE fix Windows Mode, working until yesterday.

1 2 3 4 5 6 7 8