Page 5 of 7

Re: All forums user should reset their password

Posted: Tue Mar 01, 2016 5:45 pm
by The-Wizard
Da_Thunderbird wrote:
I'm with Marke, and so pissed that I used my real email that I removed Mint from computers as it cannot be trusted.


Don't forget to throw away your sony devices. Their web site was hacked too.
and anyone on this list http://www.itproportal.com/2016/02/18/t ... s-of-2015/

wizard

Re: All forums user should reset their password

Posted: Tue Mar 01, 2016 6:18 pm
by Schultz
The date of the hack should have been put in the email to avoid confusion. I thought it was hacked again until I read clem's first post in this thread.

Re: All forums user should reset their password

Posted: Tue Mar 01, 2016 8:14 pm
by Sector11
Well, the only safe computer is one that has never been turned on, or if it has, has access to the net CUT at the source before going online. :D

LinuxMint is fine, the forums are OK as well. Read the OP.

Re: All forums user should reset their password

Posted: Tue Mar 01, 2016 9:55 pm
by knten
Well that's some bad news but at least it'll take trillions of years to brute force that password they got. I hope none of you were still running password1. :lol:

Re: All forums user should reset their password

Posted: Tue Mar 01, 2016 10:09 pm
by don250r
Wow, i cant believe some people are equating the forum hack, with poor security in LM.
The forums(servers) are totally unrelated to LM OS.
The hacked ISOs could have been a problem for the unlucky few that downloaded them.
LM was just the target this time, any other distribution will be next :D

Re: All forums user should reset their password

Posted: Wed Mar 02, 2016 5:04 am
by Dooteriah
Many Thanks for this Info! My PW is changed.
So stay cool and hanging up the hackers! :evil: :evil: :mrgreen:

Re: All forums user should reset their password

Posted: Wed Mar 02, 2016 7:30 am
by Ark987
Thanks for taking the time to notify users about this. Now let's apply defense in depth!

Re: All forums user should reset their password

Posted: Wed Mar 02, 2016 7:37 am
by akino17
im not familiar with this site https://haveibeenpwned.com/ can u explain more.

Re: All forums user should reset their password

Posted: Wed Mar 02, 2016 7:41 am
by Moem
The site itself does that quite nicely:
https://haveibeenpwned.com/About

Re: All forums user should reset their password

Posted: Wed Mar 02, 2016 8:21 am
by Radish
Regarding my problem with "Topic reply notification" emails from Mint Forums going into Junk in ThunderBird and trying to train TB to not put them there. Yesterday I had a brainwave and went to look at what was happening in my actual Hotmail email account.

It turned out the emails being classed as Junk was happening at Hotmail itself. So I adjusted my settings at Hotmail for "Safe Senders" by adding the domain "linuxmint.com" into that list. As soon as I did that my "Topic reply notification" emails started arriving in my inbox again. Problem solved, great!

However, funny thing is that in the Safe Senders list I already had entries for "forums@linuxmint.com" and "admin@linuxmint.com" there. So I'm kind of scratching my head as how those two entries didn't guarantee that the notification emails went to my Inbox after the new forum went online. Why did I (eventually) have to add the domain linuxmint.com to the list to get the emails delivered into my Inbox after the new forum went online? Mmm...

Never mind, problem solved. Thanks for the responses. :)

Re: All forums user should reset their password

Posted: Wed Mar 02, 2016 10:37 am
by Rollem
Perhaps in future the password contraints could be modified to allow the most secure passwords (xkcd style)

Re: All forums user should reset their password

Posted: Wed Mar 02, 2016 12:57 pm
by nuiq2
Just for info for all of you, I am a customer of Lifelock, an identity theft protection service. They just informed me that some of my data had been detected on another website for sale. It turned out to be my current email address and my forum username. I changed both my email and forum passwords. I like to check my passwords with “thepasswordmeter dot com” and “howsecureismypassword dot net” and both my password strengths should take between 4000 and 344000 years to crack. Anyway, the breach was real and the hackers did obtain data which they are trying to sell.

Re: All forums user should reset their password

Posted: Wed Mar 02, 2016 2:00 pm
by coolmanoh
In reference to recent email advising that
The Linux Mint forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted (hashed and salted) copy of your password from the forum database.
that password that was compromised--was it the password for this forum or for my email?

Re: All forums user should reset their password

Posted: Wed Mar 02, 2016 2:05 pm
by xenopeek
That's the password for this forum. If you used the same password for other websites or for your email, you should change your password there as soon as possible. Use unique passwords.

Read the FAQ in the first post of this topic again though; attackers might be able to use brute-force to guess your password for this website but they can't decrypt it (the amount of time needed for brute-force guessing depends on the complexity of your password).

Re: All forums user should reset their password

Posted: Wed Mar 02, 2016 6:01 pm
by killer de bug
I have still not received the email. Should I consider that it has been blocked or that I will receive it later?
I mean I don't really care about receiving this email, because I'm well aware of the situation. I care more if 30 or 50% of the users are not receiving the notification...

:?

Re: All forums user should reset their password

Posted: Wed Mar 02, 2016 8:51 pm
by English Invader
killer de bug wrote:I have still not received the email. Should I consider that it has been blocked or that I will receive it later?
I mean I don't really care about receiving this email, because I'm well aware of the situation. I care more if 30 or 50% of the users are not receiving the notification...

:?
I didn't get an e-mail either. When I visited the forum for the first time after it went back online, I got a message saying I couldn't access the forum until I changed my password.

Re: All forums user should reset their password

Posted: Wed Mar 02, 2016 9:25 pm
by Duke49th
Gosh...I use this password for many forums. Nothing with sensible informations I guess...but at least for forums.

What you guys would say? 11 characters, uper/lower case, numbers and special characters (like !#?§ and so on).

I would guess it takes up to a couple of yers to brute force just one of such a password...?

Im lazy to change all my accounts. I really cant use a unique password on everything....heck...where shall I write this down? Writing down passwords is stupid...isnt it?

Edit: Just for the case (I alredy received an PM :D ) I already use several passwords minimum 11 chars long in combination with several email accounts.

Its just that I use this one from here on several forums. I already changed my email, password and password to some other sites that I use this email together with this password.

I now change everything within the next upcoming days. I use keepass now and generate better passwords. Worst case would be to lose the database lol...

Goodbye good ol' "Im feeling safe with 10-15 char long passwords" :(

This is the 3rd security breach on a website were Im a member in 2 month......that one day when I will have such a cracker kid infront of me :evil:

Re: All forums user should reset their password

Posted: Thu Mar 03, 2016 4:21 am
by killer de bug
Duke49th wrote: What you guys would say? 11 characters, uper/lower case, numbers and special characters (like !#?§ and so on).
Remotely, I would not bet on more than a few days. :wink:

Re: All forums user should reset their password

Posted: Thu Mar 03, 2016 4:44 am
by Moem
Duke49th wrote:Writing down passwords is stupid...isnt it?
No. Especially not if you keep it in a hidden place (like inside a book that's stored with 500 other books and only you know that it's in that one) and if it allows you to use different passwords. Reusing passwords is stupid.

Re: All forums user should reset their password

Posted: Thu Mar 03, 2016 5:36 am
by BigEasy
Duke49th wrote:What you guys would say? 11 characters, uper/lower case, numbers and special characters (like !#?§ and so on).
Sorry, that password is already in use! :twisted: :lol:
https://www.youtube.com/watch?v=MZrdrfdAl44