All forums user should reset their password

Chat about anything related to Linux Mint
User avatar
The-Wizard
Level 12
Level 12
Posts: 4075
Joined: Fri Jan 28, 2011 3:12 pm
Location: Bedforshire, ENGLAND

Re: All forums user should reset their password

Post by The-Wizard » Tue Mar 01, 2016 5:45 pm

Da_Thunderbird wrote:
I'm with Marke, and so pissed that I used my real email that I removed Mint from computers as it cannot be trusted.


Don't forget to throw away your sony devices. Their web site was hacked too.
and anyone on this list http://www.itproportal.com/2016/02/18/t ... s-of-2015/

wizard
The idea that Bill Gates has appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by peddling second-rate technology, led them into it in the first place.

User avatar
Schultz
Level 7
Level 7
Posts: 1634
Joined: Thu Feb 25, 2016 8:57 pm

Re: All forums user should reset their password

Post by Schultz » Tue Mar 01, 2016 6:18 pm

The date of the hack should have been put in the email to avoid confusion. I thought it was hacked again until I read clem's first post in this thread.

User avatar
Sector11
Level 3
Level 3
Posts: 175
Joined: Mon Nov 22, 2010 10:33 am

Re: All forums user should reset their password

Post by Sector11 » Tue Mar 01, 2016 8:14 pm

Well, the only safe computer is one that has never been turned on, or if it has, has access to the net CUT at the source before going online. :D

LinuxMint is fine, the forums are OK as well. Read the OP.
Using: BunsenLabs based on Debian Stable.
Conky PitStop

knten
Level 1
Level 1
Posts: 1
Joined: Thu Jun 04, 2015 6:52 am

Re: All forums user should reset their password

Post by knten » Tue Mar 01, 2016 9:55 pm

Well that's some bad news but at least it'll take trillions of years to brute force that password they got. I hope none of you were still running password1. :lol:

User avatar
don250r
Level 3
Level 3
Posts: 143
Joined: Thu Feb 11, 2016 2:41 pm

Re: All forums user should reset their password

Post by don250r » Tue Mar 01, 2016 10:09 pm

Wow, i cant believe some people are equating the forum hack, with poor security in LM.
The forums(servers) are totally unrelated to LM OS.
The hacked ISOs could have been a problem for the unlucky few that downloaded them.
LM was just the target this time, any other distribution will be next :D
Mint 18 Cinnamon, 4.6.3 kernel
Intel i5-2500k@4.8GHz
16 Gb DDR3
Nvidia GTX670

Dooteriah
Level 1
Level 1
Posts: 1
Joined: Fri Mar 15, 2013 7:17 am

Re: All forums user should reset their password

Post by Dooteriah » Wed Mar 02, 2016 5:04 am

Many Thanks for this Info! My PW is changed.
So stay cool and hanging up the hackers! :evil: :evil: :mrgreen:

Ark987
Level 4
Level 4
Posts: 353
Joined: Tue Apr 07, 2015 4:20 am

Re: All forums user should reset their password

Post by Ark987 » Wed Mar 02, 2016 7:30 am

Thanks for taking the time to notify users about this. Now let's apply defense in depth!

User avatar
akino17
Level 1
Level 1
Posts: 2
Joined: Fri Aug 14, 2015 7:19 am

Re: All forums user should reset their password

Post by akino17 » Wed Mar 02, 2016 7:37 am

im not familiar with this site https://haveibeenpwned.com/ can u explain more.

User avatar
Moem
Level 19
Level 19
Posts: 9553
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: All forums user should reset their password

Post by Moem » Wed Mar 02, 2016 7:41 am

The site itself does that quite nicely:
https://haveibeenpwned.com/About
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

User avatar
Radish
Level 4
Level 4
Posts: 316
Joined: Sun May 12, 2013 11:20 pm

Re: All forums user should reset their password

Post by Radish » Wed Mar 02, 2016 8:21 am

Regarding my problem with "Topic reply notification" emails from Mint Forums going into Junk in ThunderBird and trying to train TB to not put them there. Yesterday I had a brainwave and went to look at what was happening in my actual Hotmail email account.

It turned out the emails being classed as Junk was happening at Hotmail itself. So I adjusted my settings at Hotmail for "Safe Senders" by adding the domain "linuxmint.com" into that list. As soon as I did that my "Topic reply notification" emails started arriving in my inbox again. Problem solved, great!

However, funny thing is that in the Safe Senders list I already had entries for "forums@linuxmint.com" and "admin@linuxmint.com" there. So I'm kind of scratching my head as how those two entries didn't guarantee that the notification emails went to my Inbox after the new forum went online. Why did I (eventually) have to add the domain linuxmint.com to the list to get the emails delivered into my Inbox after the new forum went online? Mmm...

Never mind, problem solved. Thanks for the responses. :)
Mint 17.3 x64 Cinnamon - Rosa
When stating what version of Mint you are using remember to include the "Edition". Is it "Cinnamon", "Mate", "KDE" or "XFCE"? This helps others help you.

Rollem
Level 1
Level 1
Posts: 13
Joined: Mon Jun 09, 2014 6:22 am

Re: All forums user should reset their password

Post by Rollem » Wed Mar 02, 2016 10:37 am

Perhaps in future the password contraints could be modified to allow the most secure passwords (xkcd style)

nuiq2
Level 1
Level 1
Posts: 15
Joined: Fri Sep 20, 2013 4:20 pm

Re: All forums user should reset their password

Post by nuiq2 » Wed Mar 02, 2016 12:57 pm

Just for info for all of you, I am a customer of Lifelock, an identity theft protection service. They just informed me that some of my data had been detected on another website for sale. It turned out to be my current email address and my forum username. I changed both my email and forum passwords. I like to check my passwords with “thepasswordmeter dot com” and “howsecureismypassword dot net” and both my password strengths should take between 4000 and 344000 years to crack. Anyway, the breach was real and the hackers did obtain data which they are trying to sell.

coolmanoh
Level 1
Level 1
Posts: 23
Joined: Tue Dec 10, 2013 7:56 pm

Re: All forums user should reset their password

Post by coolmanoh » Wed Mar 02, 2016 2:00 pm

In reference to recent email advising that
The Linux Mint forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted (hashed and salted) copy of your password from the forum database.
that password that was compromised--was it the password for this forum or for my email?

User avatar
xenopeek
Level 24
Level 24
Posts: 24137
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: All forums user should reset their password

Post by xenopeek » Wed Mar 02, 2016 2:05 pm

That's the password for this forum. If you used the same password for other websites or for your email, you should change your password there as soon as possible. Use unique passwords.

Read the FAQ in the first post of this topic again though; attackers might be able to use brute-force to guess your password for this website but they can't decrypt it (the amount of time needed for brute-force guessing depends on the complexity of your password).
Image

User avatar
killer de bug
Level 14
Level 14
Posts: 5415
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: All forums user should reset their password

Post by killer de bug » Wed Mar 02, 2016 6:01 pm

I have still not received the email. Should I consider that it has been blocked or that I will receive it later?
I mean I don't really care about receiving this email, because I'm well aware of the situation. I care more if 30 or 50% of the users are not receiving the notification...

:?
If it ain't broke, fix it until it is.

English Invader
Level 4
Level 4
Posts: 225
Joined: Thu Apr 23, 2015 11:53 am

Re: All forums user should reset their password

Post by English Invader » Wed Mar 02, 2016 8:51 pm

killer de bug wrote:I have still not received the email. Should I consider that it has been blocked or that I will receive it later?
I mean I don't really care about receiving this email, because I'm well aware of the situation. I care more if 30 or 50% of the users are not receiving the notification...

:?
I didn't get an e-mail either. When I visited the forum for the first time after it went back online, I got a message saying I couldn't access the forum until I changed my password.

User avatar
Duke49th
Level 1
Level 1
Posts: 8
Joined: Fri Dec 11, 2015 8:15 am
Location: Philippines
Contact:

Re: All forums user should reset their password

Post by Duke49th » Wed Mar 02, 2016 9:25 pm

Gosh...I use this password for many forums. Nothing with sensible informations I guess...but at least for forums.

What you guys would say? 11 characters, uper/lower case, numbers and special characters (like !#?§ and so on).

I would guess it takes up to a couple of yers to brute force just one of such a password...?

Im lazy to change all my accounts. I really cant use a unique password on everything....heck...where shall I write this down? Writing down passwords is stupid...isnt it?

Edit: Just for the case (I alredy received an PM :D ) I already use several passwords minimum 11 chars long in combination with several email accounts.

Its just that I use this one from here on several forums. I already changed my email, password and password to some other sites that I use this email together with this password.

I now change everything within the next upcoming days. I use keepass now and generate better passwords. Worst case would be to lose the database lol...

Goodbye good ol' "Im feeling safe with 10-15 char long passwords" :(

This is the 3rd security breach on a website were Im a member in 2 month......that one day when I will have such a cracker kid infront of me :evil:
Laptop: Acer Aspire 5750Z - Pentium B940 - 4 GB RAM - 500 GB HDD
Dekstop: Intel Board 1155 - Intel i3 6300 - 120GB Samsung SSD/1.5GB WD green/500 GB Seagate - actually only 1x4 Gb Ram and Onboard Gfx - Audigy EX Platinum

User avatar
killer de bug
Level 14
Level 14
Posts: 5415
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: All forums user should reset their password

Post by killer de bug » Thu Mar 03, 2016 4:21 am

Duke49th wrote: What you guys would say? 11 characters, uper/lower case, numbers and special characters (like !#?§ and so on).
Remotely, I would not bet on more than a few days. :wink:
If it ain't broke, fix it until it is.

User avatar
Moem
Level 19
Level 19
Posts: 9553
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: All forums user should reset their password

Post by Moem » Thu Mar 03, 2016 4:44 am

Duke49th wrote:Writing down passwords is stupid...isnt it?
No. Especially not if you keep it in a hidden place (like inside a book that's stored with 500 other books and only you know that it's in that one) and if it allows you to use different passwords. Reusing passwords is stupid.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

BigEasy
Level 6
Level 6
Posts: 1257
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: All forums user should reset their password

Post by BigEasy » Thu Mar 03, 2016 5:36 am

Duke49th wrote:What you guys would say? 11 characters, uper/lower case, numbers and special characters (like !#?§ and so on).
Sorry, that password is already in use! :twisted: :lol:
https://www.youtube.com/watch?v=MZrdrfdAl44
Windows assumes I'm stupid but Linux demands proof of it

Post Reply

Return to “Chat about Linux Mint”