This discussion is now closed.
Check out other Related discussions
- Chevening Scholarship - Avoiding return to home country for 2 years
- Data breach
- Uk is a backwards aristocratic society
- Enhanced disclosure check for nursing degree
- Ethical Research Misconduct (continued discussion)
- Serious Misconduct Hearing
- Is it technically possible for this to happen in the future?
- Someone created
- My privacy has been completely invaded!!
- Post your biggest secret anonymously
- The London Clinic: Hospital where Kate treated responds after alleged privacy breach
- queen mary or st georges
- 2023 - Asylum decision maker recruitment
- Employer sueing employee
- Should TikTok get banned?
- Help (Cambridge)
- First speeding ticket
- 5 ways how AI is improving cloud computing
- Chevening Scholarship - Has someone not come back to your home country?
- Citi Graduate 2024
TSR security breach - what happened and what we're doing
Scroll to see replies
Original post by Milostar
\
First and foremost, thank you very much for keeping us (the TSR community) informed about these developments
secondly some general cyber security points that you are probably well aware of (so I spoilered them, only read them if you can be bothered).
Spoiler
Thanks for the update, but I think you need to spread this information around the site and not just contain it to a single thread where only a small proportion of users will see it 
I appreciate you don't wish to cause alarm, but it's better information comes from the ''community team'' rather than through hear-say somewhere else on a chance basis. Last time the site was hacked there was a large banner and announcement across the site, as two examples.
Can you confirm the threat has passed, i.e. any potential malicious software removed and not just that security access has been locked down? Thanks.
edit: thanks for the site wide announcement
I appreciate you don't wish to cause alarm, but it's better information comes from the ''community team'' rather than through hear-say somewhere else on a chance basis. Last time the site was hacked there was a large banner and announcement across the site, as two examples.Can you confirm the threat has passed, i.e. any potential malicious software removed and not just that security access has been locked down? Thanks.
edit: thanks for the site wide announcement
(edited 10 years ago)
Original post by rmhumphries
One of the possibilities the community considered was that the attacker changed the login and 'change your password' scripts to steal (in plain-text) people's passwords if they logged in / changed their password. Could you confirm this didn't happen? Also, if the attacker didn't have access to the server files, does this mean they are not aware of the hashing scheme used?.
I'm going to pass this on to tech, although they might be keeping an eye on the thread. They're really busy right now so please be patient on a response. Personally, I don't have enough information (of tech skillz) to be able to comment.
I'm also sorry to the people who are upset that it took a while for the official announcement. We are a pretty small company and it felt really 'all hands on deck' this morning.
It was really important to me, and the rest of the team, that we did give you all a fuller picture of what happened so that you wouldn't feel like we were hiding things rather than just saying 'yes, it happened, but you're ok now, bye'. It's horribly frustrating when websites don't give you information, and I'm sorry we kept you waiting.
While we wanted to give you more info, there's a balance between what it safe to share, and what's more sensitive, and there are numerous people who have to check the comms we send out, which means that news has to trickle out slowly.
(edited 10 years ago)
Not again 
Odds on imso anyone?
Odds on imso anyone?
JUST to clarify, My post about CJ's password was a joke and was not meant to be taken literally.
I'll delete the post as it seems to be causing some confusion.
Sorry guise. My bad
I thought it was blatanly clear.
...
I'll delete the post as it seems to be causing some confusion.
Sorry guise. My bad
I thought it was blatanly clear.Ape Gone Insane
Original post by rmhumphries
One of the possibilities the community considered was that the attacker changed the login and 'change your password' scripts to steal (in plain-text) people's passwords if they logged in / changed their password. Could you confirm this didn't happen?
If you changed it last night in response to the hack, please do so again.
I think that, very subtly and discreetly, answers your question.
Original post by tehforum
I think the hacker has significant amount of time and power.
When technical people say significant time and power, they typically mean of the order of the entire Earth's computer resources running non-stop for a million years (not sure that this is the case here of course).
Guys, what does it mean when the OP said 'Access to the back-end system is heavily locked down'?
Original post by James A
Guys, what does it mean when the OP said 'Access to the back-end system is heavily locked down'?
'We make it difficult for people to get access to the admin control panels'
Edit: OK, poor taste in this thread maybe...
(edited 10 years ago)
Original post by James A
Guys, what does it mean when the OP said 'Access to the back-end system is heavily locked down'?
Basically they will have limited who has access to the Admin Control Panel.
Original post by Chrosson
I think that, very subtly and discreetly, answers your question.
When technical people say significant time and power, they typically mean of the order of the entire Earth's computer resources running non-stop for a million years (not sure that this is the case here of course).
When technical people say significant time and power, they typically mean of the order of the entire Earth's computer resources running non-stop for a million years (not sure that this is the case here of course).
Changing your password again could just mean that the attacker was able to take multiple database dumps as opposed to them being able to edit the server side files though.
Original post by James A
Guys, what does it mean when the OP said 'Access to the back-end system is heavily locked down'?
It means that high level access to the more sensitive parts of the site, like the admin control panel have been further restricted.
The kid who hacked TSR is a legend 
Original post by upthegunners
The kid who hacked TSR is a legend
Well, if all they did was put that message up, then yes it's quite funny. But if they really do have any data, then I'm not too sure.
Original post by Iamyourfather
So he hacked the entire site just to have a Skype convo with Vikki? Pathetic
Original post by pandabird
I find this all very strange that the outcome of this grand hack was to try and skype with Vikki
I don't think the attacker hacked TSR purely in an attempt to Skype with me, as they have also hacked other sites in the past.
I think he had other intentions, perhaps not malicious but just for publicity.
Tsr mailed me a new password today, thankyou
Posted from TSR Mobile
Posted from TSR Mobile
Original post by Morgsie
DON'T DISCLOSE YOUR PASSWORDS TO ANYONE
this hasn't been said before and if there is a TSR wide communication then please mention this?
this hasn't been said before and if there is a TSR wide communication then please mention this?
Is this particularly relevant to the security breach though?
Original post by Iamyourfather
So he hacked the entire site just to have a Skype convo with Vikki? Pathetic
... Or really romantic.
Original post by rmhumphries
Changing your password again could just mean that the attacker was able to take multiple database dumps as opposed to them being able to edit the server side files though.
Fair point.
Original post by Morgsie
DON'T DISCLOSE YOUR PASSWORDS TO ANYONE
this hasn't been said before and if there is a TSR wide communication then please mention this?
this hasn't been said before and if there is a TSR wide communication then please mention this?
TSR has no obligation to protect against stupidity. Get a grip.
Related discussions
- Chevening Scholarship - Avoiding return to home country for 2 years
- Data breach
- Uk is a backwards aristocratic society
- Enhanced disclosure check for nursing degree
- Ethical Research Misconduct (continued discussion)
- Serious Misconduct Hearing
- Is it technically possible for this to happen in the future?
- Someone created
- My privacy has been completely invaded!!
- Post your biggest secret anonymously
- The London Clinic: Hospital where Kate treated responds after alleged privacy breach
- queen mary or st georges
- 2023 - Asylum decision maker recruitment
- Employer sueing employee
- Should TikTok get banned?
- Help (Cambridge)
- First speeding ticket
- 5 ways how AI is improving cloud computing
- Chevening Scholarship - Has someone not come back to your home country?
- Citi Graduate 2024
Latest
Trending
Last reply 1 month ago
The Student Room Update: New Look, New Homepage and More!Trending
Last reply 1 month ago
The Student Room Update: New Look, New Homepage and More!
