uTorrent forums hacked, is neowin vulnerable?


 Share

Recommended Posts

https://invisionpower.com/news/ipboard-34x-and-ipnexus-15x-security-update-r972/

 

v3.4.9 was released on June 1st, a few days ago the utorrent forums were hacked, possibly by the vulnerabilities patched in IPB v3.4.9. Has neowin upgraded to v3.4.9 yet? Also are passwords salted and hashed on neowin as it appears that russian social media site vk.com has had 100 million plaintext password leaked a few days ago. Hoping that neowin isn't next.

 

EDIT: just realised that neowin is running a much newer version of IPB. Silly me.

  • Like 1
Link to comment
Share on other sites

Passwords in IPB have been hashed and salted for as long as I can remember. We're on 4.1.12 (or something very close, there's a new update coming out every week at the moment, and I lose track), which is a long way ahead of the 3.4 series (V4 was a complete re-write of the code)

  • Like 2
Link to comment
Share on other sites

4 minutes ago, DaveLegg said:

Passwords in IPB have been hashed and salted for as long as I can remember. We're on 4.1.12 (or something very close, there's a new update coming out every week at the moment, and I lose track), which is a long way ahead of the 3.4 series (V4 was a complete re-write of the code)

Check behind you Dave, I'm already in.

  • Like 2
Link to comment
Share on other sites

Quote

The uTorrent team was alerted to the issue by one of their vendors earlier this week. While the vulnerability didn't originate at the uTorrent forums, it was indirectly compromised. "The vulnerability appears to have been through one of the vendor's other clients, however it allowed attackers to access some information on other accounts. As a result, attackers were able to download a list of our forum users," uTorrent writes. The security alert is posted in the forums but as far as we know users haven't been notified individually. There is no mention of the massive security breach on uTorrent and BitTorrent's social media accounts either.

 

In its announcement, UTorrent said: "On June 6th, 2016, BitTorrent was made aware of a security issue involving the vendor which powers our forums. The vulnerability appears to have been through one of the vendor's other clients. However, it allowed attackers to access some information on other accounts. As a result, attackers were able to download a list of our forum users. We are investigating further to learn if any other information was accessed."

 

 

 

  • Like 1
Link to comment
Share on other sites

I changed my Neowin password anyway.  Took 20 seconds.  I actually took me longer to find the account settings than it did to change the password.   :D 

 

 

Link to comment
Share on other sites

Just now, Michael Scrip said:

I changed my Neowin password anyway.  Took 20 seconds.  I actually took me longer to find the account settings than it did to change the password.   :D 

 

 

i've changed my neowin password since never. :laugh:

 

On a serious note, some not so well known sites, make password changing mandatory.

  • Like 1
Link to comment
Share on other sites

8 minutes ago, Draconian Guppy said:

i've changed my neowin password since never. :laugh:

 

On a serious note, some not so well known sites, make password changing mandatory.

My former Neowin password was my old "standard" password from before I discovered LastPass.  It was short, easy to type and I used that same password everywhere  (thus not very secure)

 

Now I use passwords like this... different on every website:  470l1p0fH8^%0i4S

 

I wish hackers good luck in cracking that :D

 

Plus I now use 2FA on very important accounts.

Link to comment
Share on other sites

4 minutes ago, Michael Scrip said:

My former Neowin password was my old "standard" password from before I discovered LastPass.  It was short, easy to type and I used that same password everywhere  (thus not very secure)

 

Now I use passwords like this... different on every website:  470l1p0fH8^%0i4S

 

I wish hackers good luck in cracking that :D

 

Plus I now use 2FA on very important accounts.

without going far off topic,

 

 I used to brag on how my hotmail account was a simple 5 letter 10 year old password until they forced a change around 2006-8ish, goes to show how insignificant/worthless I am.

  • Like 1
Link to comment
Share on other sites

Just now, Draconian Guppy said:

without going far off topic,

 

 I used to brag on how my hotmail account was a simple 5 letter 10 year old password until they forced a change around 2006-8ish

Mine used to be 6 letters... then I later added a couple digits.

 

Those were the days!

Link to comment
Share on other sites

29 minutes ago, Michael Scrip said:

My former Neowin password was my old "standard" password from before I discovered LastPass.  It was short, easy to type and I used that same password everywhere  (thus not very secure)

 

Now I use passwords like this... different on every website:  470l1p0fH8^%0i4S

 

I wish hackers good luck in cracking that :D

 

Plus I now use 2FA on very important accounts.

This deserved a quote.  And a like.  And should be repeated often.  

 

It makes issues like "suchandsuch site was hacked, should I worry?" really really easy.

 

2FA + different passwords everywhere + password manager = secure.

  • Like 1
Link to comment
Share on other sites

2 hours ago, DaveLegg said:

Passwords in IPB have been hashed and salted for as long as I can remember. We're on 4.1.12 (or something very close, there's a new update coming out every week at the moment, and I lose track), which is a long way ahead of the 3.4 series (V4 was a complete re-write of the code)

Also they use blowfish not md5 as the encryption.

Link to comment
Share on other sites

This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.