The Student Room Group

Scroll to see replies

Original post by Potally_Tissed
The account being compromised doesn't mean that someone was stupid and managed to give their password away :nah:


That was my point to Morgsie :tongue: Sorry - my post was fairly badly worded.
Reply 61
Do you know if this is why there a message that popped up about something to do with twitter, or someone's twitter account when I looked at some of the threads yesterday?
Original post by rmhumphries
That was my point to Morgsie :tongue: Sorry - my post was fairly badly wored.


Ah sorry :smile: In that case I agree with you :five:
Original post by lucy3003
Do you know if this is why there a message that popped up about something to do with twitter, or someone's twitter account when I looked at some of the threads yesterday?


Yes, that was it.

The hacker left that popup whilst he was still in the system.
Reply 64
Sorry but I was under the impression that someone holding an ordinary account admitted publicly
Original post by rmhumphries
During the last security breach, then they said 'They accessed the site through a compromised privileged user account.'. Morgsie said 'The stupidity is the person revealing it so the sit can get hacked. ' in relation to last time - I am saying I am not sure a compromised account necessarily means someone revealing their password.


oh i see! :smile:
Reply 66
Original post by Vulpes
I have a post on creating unique but memorable passwords here.

I'm a fan of http://www.multicians.org/thvv/gpw.html
Reply 67


Thats how you came up with your username no? :teehee:

And thats hardly memorable. :rolleyes:
Reply 68
Original post by CasualSoul
oh right:smile: eugh I have to go and change them all again :pierre:

Why would you have to go change them all again, unless you changed them all to the same thing, despite being told it's a horribly stupid thing to do? :wink:
Reply 69
what kind of a lame alias was rootinabox anyway...
Reply 70
Original post by tehforum
Comments in bold.


You asked "Does this imply that....". Any questions that begin with that opener, I can categorically say 'no'. There is no spin or hidden implications in the announcement. If it's something sensitive, I just won't disclose it. Please refrain from speculating or over-analysing the words I use. I know it's tempting to try and put together the pieces, but it's for this reason that other websites (e.g. Twitter after the last big hack) often will not talk to users about security breaches.

Original post by Chrosson
I think that, very subtly and discreetly, answers your question.


Ditto, that is pure speculation. It's just a security measure.

Original post by James A
Guys, what does it mean when the OP said 'Access to the back-end system is heavily locked down'?


Others have answered this.



I appreciate your suggestion. Right now I can't confirm what further communication to go out. The risk of screwing up exam out of worry about compromised data in this case is significantly higher that the risk of your TSR account being compromised, so we need to take a considered approach.
Reply 71
Original post by MrJiggly
what kind of a lame alias was rootinabox anyway...


I'm guessing you have no experience with UNIX based systems...
Reply 72
Original post by Menelaus
I'm guessing you have no experience with UNIX based systems...


please, I didn't even know how to operate a toaster till last week :wink:
Reply 73
Original post by G8D
The only passwords relevant to you points are admin/staff passwords. I'd like to hope they're not such novices. It would however appear that my hopes have been proven wrong.


You're making that assumption based on only a small amount of knowledge. I understand you're angry with TSR for succumbing to a security breach, and I'm sorry.

Original post by rmhumphries
Even last time, was it confirmed that it is a privileged user divulging their password which caused the breach?


I think you misremembered /dreamed that! In any case it's incorrect.
Original post by Milostar
You're making that assumption based on only a small amount of knowledge. I understand you're angry with TSR for succumbing to a security breach, and I'm sorry.



I think you misremembered /dreamed that! In any case it's incorrect.


As stated in later posts, that was badly worded. I was asking Morgsie if that was the case, as he was saying it was - as opposed to myself saying that.
This is funny.
Reply 76
Original post by Milostar
Ditto, that is pure speculation. It's just a security measure.

rmhumphries pointed out that I was being a bit hasty in my assumption, so I apologise for that :smile:
Reply 77
Original post by Vulpes
Thats how you came up with your username no? :teehee:

And thats hardly memorable. :rolleyes:

:teehee:

You might be surprised. Human short term memory is based off acoustics, so if you get one which rolls off the tongue as two separate words you can remember it as such. Because you've chosen one that's acoustically 'good' it's easier to bring to short term memory and easier to imprint - e.g. GloverLencol. After trying one for a week I've found I remember it after not using it at all for 6 months.

It also ends up in muscle memory much easier (and is therefore faster to type) because it's all alpha and doesn't require you to leave the home row to press unfamiliar key combinations to get a symbol.

Honestly, I find my 4 month old 16 character password easier to remember than my 7 character TSR one I've had for 4 years (which I still stumble over occasionally). The 16 character one is also massively massively more secure, despite essentially just having lower case alpha whereas my TSR one has everything (upper, lower, number, symbol) - length is far more important.

All the above said, your scheme is quite clever and protects you very very well against hash cracking. Unfortunately it makes you quite vulnerable to a) keyloggers b) sites who don't hash (and if they don't hash they won't understand security) c) compromised login forms, as the passwords are not disposable - one password leak reduces the difficulty of hacking your other accounts by an insane factor. And have fun with those random strings :tongue:

Each to their own though :smile:
Reply 78
Original post by Chrosson
rmhumphries pointed out that I was being a bit hasty in my assumption, so I apologise for that :smile:


No problem.:smile: It had to be said officially that it wasn't true in any case.
Reply 79
Who done it?

Latest