[READ] Recent server breach

[RufioCas]

That's basically saying I should give my bank account number with pin to a company like Sony, isn't it?
Because everyone knows no fucktards & money wolves ever worked there.

That made absolutely no sense.

" "

This isn't a massive corporation hence why they won't be taking security DAMN SERIOUS. You can't blame a handful of guys trying their best to keep a server running. It's your own fault, you are responsible for your password's security. Only thing a company can do is hashing your password, which was probably(?) the case already.

I'm pretty sure you didn't really understand what I just said. Or what you just said, for that matter.

What I was saying is that if you keep using the same password for every 'serious' and 'important' website there's still that chance of some company being hacked and getting the passwords out there.
Thus using a different password for every website would be best, but equals the 20 pages of different passwords.
Didn't that stuff happen to Adobe, or some company like that, once?

Lighten up a bit, man. You seem frustrated as hell.


EDIT: As I just saw your reply on my reply to Austin.
What the fuck does the fact that you're a computer engineer have to do with this? I was talking about a completely different aspect.
Please lighten the fuck up.

That was simple solutions I gave to you, numerous others were already given such as using a password generator and forcing Google Chrome to remember the password all of which you decided to skip and bash me for my comment with a retarded "thumbs up guy". Sure, massive corporations get hacked every now and then, it's not as common as unprofessional servers such as this one. Why am I "frustrated as hell"? Because someone who knows nothing about my professionality is trying to teach me my job.

Use your brain and think every now and then, maybe you'll understand what my professionality has to do with this situation. You are talking about data storage/security which is indeed a part of computer engineering.

Edit: CruxJ, re-read my original post before posting, thanks.

Please, kid. Read the words I just marked for you. Then you'll see what I meant with that.
I wasn't trying to bash any comment you had. I made a remark on the thing you said to open up a discussion about it, which quite frankly, turned out funny as hell.

Thanks for the info on how to get a save password for places like this. I hope players who read through this piece of art actually learned something from this.

Have a pleasant day.

Alright, let this be my last response to this stupid discussion, frankly I don't care about whose passwords got leaked.

First of all, the fact that you are using "kid" to somewhat offend me is rather pathetic and rather old, I suggest you to try and come with a stronger offensive word. You tried to imply that I was being contradicting, let me put this right here for you;

profession
noun uk ​ /prəˈfeʃ.ən/ us ​ /prəˈfeʃ.ən/



profession noun (WORK)
​
B1 [ C, + sing/pl verb ] any type of work that needs special training or a particular skill, often one that is respected because it involves a high level of education.

Using your "brain" isn't enough to have a knowledge on what's actually going on. Try to make remarks without mocking people with stupid over-used emojis.

The fact that you expect me to write paragraphs about how to get a safe password and how to secure your OWN password is INCREDIBLY stupid because frankly the last thing I care about is your password's security. I gave you 3 simple solutions, let me say this again, SIMPLE solutions. They are by no means solutions that are throughly thought by an expert.

And @CruxJ, feel free to bring it to PMs.

 

[toni]

pls be friends

 

[Manu]

Oh my god.. can you all please lighten up and take this pathetic argument to pm's?

I'm also pretty sure there was a post made regarding changing your passwords a month back but people decided to ignore that. Could this have been prevented? Absolutely, but it's too late now and all we can do is to make sure this doesn't happen again.

I wasn't available when shit went down, but from what I heard, the response by Tommy & Fr0st was very swift and effective.

This whole situation can serve as a lesson for us all regarding password safety. If everybody put a little effort into their pw, nothing would have happened, afaik.

Verstuurd vanaf mijn HUAWEI SCL-L21 met Tapatalk

 

[Karner]

The passwords weren't hashed or if they were it was some weak ass hash, because my password was just sent to me by a friend.

Why the fuck wouldn't y'all use a proper hash like MD5 or SHA256 lol

MD5 is outdated lol.

go back in your cave ashley

MD5 is pure shit. Hashing at the moment is fine but people use easy passwords.

this is the best encrypt.
http://forum.sa-mp.com/showthread.php?t=453544[/quote]

I approve your signature

 

[Kek]

Just wow. I gotta change my password to a lot of things, because I'm paranoid as fuck and I'm a nobody in the RC comminty. (Like fuck am I giving the chance for some fat loser to breach my Steam, nooooo way.). It's partly my fault that I use a similar password to a lot of things, but what the fuck?

 

[Radi]

The passwords weren't hashed or if they were it was some weak ass hash, because my password was just sent to me by a friend.

Why the fuck wouldn't y'all use a proper hash like MD5 or SHA256 lol

MD5 is outdated lol.

go back in your cave ashley

MD5 is pure shit. Hashing at the moment is fine but people use easy passwords.

this is the best encrypt.
http://forum.sa-mp.com/showthread.php?t=453544

I approve your signature

I know right

 

[Aceee]

Seems like Mr.Evans has been promoted to Captain Cunt

Evans like please... alright the first time it was already bad why making it even worse?

 

[Jboi]

Re: RE: Re: [READ] Recent server breach

I hold server management accountable and responsible for lacking serious security or pro-active protective measures for breaches like this.
Unacceptable.
Because if whoever did this can pull this off without too much effort apparently, anyone with some technical knowledge could have.

You should only blame people with weak passwords.

all they need to do is search your e-mail/IP on the database and there you have the password. Your password being weak/strong/LONG AF doesn't change anything.

Also SAMP encrypt is shit, doesn't matter how many times you change it, it's just shit. PAWN isn't the greatest language.

Stop spreading lies and fear mongering. You sound like a first year comp engineering student, take it from a 4 year comp sci major who's in a cryptography and computer security class, longer passwords with special characters are more secure than all lowercase + numbers which my forum acc ironically was from way long ago.

Everyone's password is stored hashed, nothing is in plaintext, the database being leaked only allows for the hacker to attempt a guess by hashing all possible combinations of passwords then looking up the hashed outcome in their database and finding the username attached to it.

Pawn bring an old language doesnt mean a damn thing either. Languages dont have encrypt functions built in for what RCRP was doing either, you can implement any hash algorithm in any programming language.

Read my previous reply about how this could potentially happen, I feel like I need to make a post teaching everyone the basics of how this works but everyone will just start arguing over which hashing algorithm is the best when that's completely beside the point.

Sent from my SAMSUNG-SM-G920A using Tapatalk

 

[Karner]

No password or encryption is impenetrable. The only way to make it semi impossible to bruteforce is to write your own encryption algorithm. What Jboi said is true, SAMP has nothing to do with it. In this case nor does the strength of the passwords being leaked. The problem is simply because people haven't changed their passwords in months. You should change your password once a month, at a minimum

 

[RufioCas]

Re: RE: Re: [READ] Recent server breach

I hold server management accountable and responsible for lacking serious security or pro-active protective measures for breaches like this.
Unacceptable.
Because if whoever did this can pull this off without too much effort apparently, anyone with some technical knowledge could have.

You should only blame people with weak passwords.

all they need to do is search your e-mail/IP on the database and there you have the password. Your password being weak/strong/LONG AF doesn't change anything.

Also SAMP encrypt is shit, doesn't matter how many times you change it, it's just shit. PAWN isn't the greatest language.

Stop spreading lies and fear mongering. You sound like a first year comp engineering student, take it from a 4 year comp sci major who's in a cryptography and computer security class, longer passwords with special characters are more secure than all lowercase + numbers which my forum acc ironically was from way long ago.

Everyone's password is stored hashed, nothing is in plaintext, the database being leaked only allows for the hacker to attempt a guess by hashing all possible combinations of passwords then looking up the hashed outcome in their database and finding the username attached to it.

Pawn bring an old language doesnt mean a damn thing either. Languages dont have encrypt functions built in for what RCRP was doing either, you can implement any hash algorithm in any programming language.

Read my previous reply about how this could potentially happen, I feel like I need to make a post teaching everyone the basics of how this works but everyone will just start arguing over which hashing algorithm is the best when that's completely beside the point.

Sent from my SAMSUNG-SM-G920A using Tapatalk

First of all, I am not spreading lies. Did I say longer passwords were NOT more secure? No.

Did I say forum passwords were NOT hashed? No. I even said they were probably(?) hashed. There is NO way I can be certain they are hashed because I can't access the database, obviously.

PAWN is an old and an inefficient language. SAMP should've picked LUA from the first day it was being built. I am certain there is a reason PAWN was chosen but in my eyes, and many others' eyes, LUA is way more efficient than PAWN is.

Last but not least, I didn't say anything about languages having built-in encrypt functions. All I said was PAWN was way weaker than LUA in terms of data security, this has been proven, many times in fact. Encryption function comes via Libraries and Libraries are made for SAMP, not for every language out there, it's kind of weird how you took my words out of their context and deemed I was talking about a built-in function, strange.

I am not spreading lies, I am talking the truth and warning people to stop using the same damn password EVERYWHERE. Is it ironic that Thomasz warned you about the same hacking method as I am talking about right now but yet you act like you know nothing about it and accuse me of fear mongering?

edit to end this discussion finally; There is no way your unprofessional server can be secure when even big corporations get hacked. I don't mean anything offensive by this, big corporations are obviously more professional than this server is. I don't hold anyone responsible on this incident, I am sure Tommy took precautions beforehand, even hashing passwords is a precaution as is. However, as Karner said, there is NO WAY for your passwords to be a hundred percent safe, no hashing method is impenetrable, some are really strong, yes, but none are impossible to penetrate. Could my PAWN rant be wrong? Could be. I am just a guy who is looking for opportunities to shit on PAWN, not going to lie. Fact remains that you should NOT use the same damn password for every website out there. It's just stupid on many levels. Your password being long/weak/strong/longest password ever doesn't matter on this incident mainly because most of the passwords were taken from a leaked database. I didn't mean passwords being longer wasn't important generally.

Edit: Not to even mention a language being old doesn't matter;
http://www.compuphase.com/pawn/pawn.htm

PAWN has been publicly available since 1998, while LUA first appeared at 1993.

https://en.wikipedia.org/wiki/Lua_(programming_language)

I don't think you could argue against LUA being superior.