Password Vulnerability Fix

**Luke** · 08-30-2008, 11:33 AM

All users that have made their account here with Vulnerable passwords (i.e. password same as their user name) have had their passwords reset and sent the following email. If you are one of these people and are having issues please reply here.

Dear XXXX,

A vulnerability has been found with your password at Blizzard Sector. Some passwords are vulnerable to exploitation which may allow a third party to hijack your account.

This may lead to your account being used without your knowledge or permission, and actions being performed under your name.

Vulnerable accounts can also be bad for the board as a whole as they may enable access for automated tools to spam both the forums and other user accounts,
using your username.

As such we have had to reset your password.
You can find your new login details below.

Username: XXXX
Password: XXXX

If you want to change your password, login with the above details at the following location:
http://www.blizzsector.co/profile.php?do=editpassword

We apologize for any inconvenience this may cause and appreciate your understanding.

All the best,
Blizzard Sector

**Mathalamus** · 08-30-2008, 12:51 PM

good thinking spitfire, that should remind people to use stronger passwords

**Blue** · 08-30-2008, 02:06 PM

I bet Pam got the message.

Edit: Yes, I did just go out away to poke fun at you, reminds you of someone, doesn't it?

**Nethran** · 08-31-2008, 07:57 AM

Originally Posted by Spitfire

Dear XXXX,

<snip>

As such we have had to reset your password.
You can find your new login details below.

Username: XXXX
Password: XXXX

You reset that guys password to the same thing as his username? That doesn't seem very secure.

I'm not stupid, I was making a joke.

**Blue** · 08-31-2008, 08:29 AM

Originally Posted by Kellard

You reset that guys password to the same thing as his username? That doesn't seem very secure.

I'm not stupid, I was making a joke.

You misunderstood.
The four star thingy was just showing you an example.
What it probably would look like is this
Account = Exmp
Pass = 7653

**Nethran** · 08-31-2008, 11:28 AM

Har har har! I gots me one! Highlight the text under my statement.

**Blue** · 08-31-2008, 02:28 PM

Originally Posted by Kellard

Har har har! I gots me one! Highlight the text under my statement.

Now I'm confused.
What?

**Fuggle** · 08-31-2008, 03:04 PM

Highlight his first post, you'll see words appear like magic.

**Blue** · 08-31-2008, 04:44 PM

ohhh... I was highlighting up and down after he said that, and I didnt see a damn thing.

**Skye** · 08-31-2008, 05:04 PM

I should say something... but I won't.

Good idea Luke.

**Mathalamus** · 08-31-2008, 06:37 PM

my password is a generic one...at least for me. all critical accounts (such as MSN) has a harder password. but most of my accounts has the same pass as blizzsector.

hmm... gotta change the facebook password.

**Nethran** · 08-31-2008, 06:40 PM

I use the same unlikely password for this as I do for virtually everything in my life.

**Mathalamus** · 09-01-2008, 09:43 AM

sometimes the best password is obvious. but most times its dangerous. (some people have a hard time finding the obvious)

**Luke** · 09-01-2008, 05:39 PM

Obvious passwords such as user name and password the same are easy for people to hack. Simply setup a brute force bot that tries every username on a forum entering in the username as the password.