Do you know if this is why there a message that popped up about something to do with twitter, or someone's twitter account when I looked at some of the threads yesterday?
Do you know if this is why there a message that popped up about something to do with twitter, or someone's twitter account when I looked at some of the threads yesterday?
Yes, that was it.
The hacker left that popup whilst he was still in the system.
During the last security breach, then they said 'They accessed the site through a compromised privileged user account.'. Morgsie said 'The stupidity is the person revealing it so the sit can get hacked. ' in relation to last time - I am saying I am not sure a compromised account necessarily means someone revealing their password.
You asked "Does this imply that....". Any questions that begin with that opener, I can categorically say 'no'. There is no spin or hidden implications in the announcement. If it's something sensitive, I just won't disclose it. Please refrain from speculating or over-analysing the words I use. I know it's tempting to try and put together the pieces, but it's for this reason that other websites (e.g. Twitter after the last big hack) often will not talk to users about security breaches.
Guys, what does it mean when the OP said 'Access to the back-end system is heavily locked down'?
Others have answered this.
I appreciate your suggestion. Right now I can't confirm what further communication to go out. The risk of screwing up exam out of worry about compromised data in this case is significantly higher that the risk of your TSR account being compromised, so we need to take a considered approach.
The only passwords relevant to you points are admin/staff passwords. I'd like to hope they're not such novices. It would however appear that my hopes have been proven wrong.
You're making that assumption based on only a small amount of knowledge. I understand you're angry with TSR for succumbing to a security breach, and I'm sorry.
You're making that assumption based on only a small amount of knowledge. I understand you're angry with TSR for succumbing to a security breach, and I'm sorry.
I think you misremembered /dreamed that! In any case it's incorrect.
As stated in later posts, that was badly worded. I was asking Morgsie if that was the case, as he was saying it was - as opposed to myself saying that.
You might be surprised. Human short term memory is based off acoustics, so if you get one which rolls off the tongue as two separate words you can remember it as such. Because you've chosen one that's acoustically 'good' it's easier to bring to short term memory and easier to imprint - e.g. GloverLencol. After trying one for a week I've found I remember it after not using it at all for 6 months.
It also ends up in muscle memory much easier (and is therefore faster to type) because it's all alpha and doesn't require you to leave the home row to press unfamiliar key combinations to get a symbol.
Honestly, I find my 4 month old 16 character password easier to remember than my 7 character TSR one I've had for 4 years (which I still stumble over occasionally). The 16 character one is also massively massively more secure, despite essentially just having lower case alpha whereas my TSR one has everything (upper, lower, number, symbol) - length is far more important.
All the above said, your scheme is quite clever and protects you very very well against hash cracking. Unfortunately it makes you quite vulnerable to a) keyloggers b) sites who don't hash (and if they don't hash they won't understand security) c) compromised login forms, as the passwords are not disposable - one password leak reduces the difficulty of hacking your other accounts by an insane factor. And have fun with those random strings