Attention - Password and Security Update - Kawasaki ZX-10R.net
 8Likes
Reply
 
LinkBack Thread Tools Display Modes
post #1 of 13 Old 06-14-2016, 10:06 AM Thread Starter
Administrator
 
administrator's Avatar
 
Join Date: Oct 2006
Posts: 368
Posting Frequency
Images: 2
  
Garage
Attention - Password and Security Update

Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
administrator is offline  
Sponsored Links
Advertisement
 
post #2 of 13 Old 06-23-2016, 05:16 PM
WSB Rider
 
skidooboy's Avatar
 
Join Date: Jun 2012
Location: michigan
Posts: 550
Posting Frequency
 
respectfully, passwords are "supposed" to be the users preference. I have a strong 9 character password I use. we aren't sharing world trade secrets here, it is an internet forum. how many of our accounts get hacked and do damage to our site? I'm getting to the point, where I don't want to deal with these types of "non issue" requests and just stop frequenting the site(s). I am guessing I am not the only one, and probably part of the reason for the down turn in all www. forum site traffic. supermotojunkie is doing the same thing. it is a giant pain in the ass for the user, and really doesn't change the outcome for anyone except, seeing password resets, because we forgot a password that isn't easily remembered BY OURSELVES, THE USER. my .02

even here I tried my password reset, and it is unchangeable.
ski
tdh likes this.

May we all, get to have a chance to ride the fast one, walk away wiser when we crash one, keep hopin that the best one is the last one.
skidooboy is offline  
post #3 of 13 Old 06-23-2016, 05:39 PM
tdh
GP Rider
 
tdh's Avatar
 
Join Date: Jan 2015
Posts: 1,479
Posting Frequency
 
I agree 100%. I had a perfectly good and security hardened 3 letter password that I've been using all my life and now I have to go remember a new one. :) No, it wasn't 123, it was all letters as I said (lower case). :)

.
tdh is offline  
 
post #4 of 13 Old 06-23-2016, 06:55 PM
Administrator
 
YSR50's Avatar
 
Join Date: Apr 2004
Location: Chicago burbs
Posts: 6,587
Posting Frequency
Images: 32
 
Garage
These threats to leave over password guidelines crack me up. I'm going to try that with my banks and cc sites and see if they change their rules.

I'm sure your password is fine, but that doesn't change the fact that the updated software requires something better/different. If you're worried about remembering a new password that tells me that you are most likely using a common password for multiple sites. It surprises me that in this day with all the password managers available that people are still writing down their info on a post-it under their keyboard.

"Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind."
--Dr. Seuss
YSR50 is offline  
post #5 of 13 Old 06-23-2016, 07:37 PM
WSB Rider
 
skidooboy's Avatar
 
Join Date: Jun 2012
Location: michigan
Posts: 550
Posting Frequency
 
techy admin responses crack me up. LOL! banking and cc sites, compared to a forum. LOL! apples to oranges. lets see, your financial information, or finding out how I make tire changes easy on a gen 4. our favorite tracks, how to fix this or that. yeah... that needs a super secret decoder ring to protect. LMFAO. this forum site actually has a more stringent password than my auto insurance company access, my bank, my cc, and my health insurance account accesses. it really isn't necessary for a web forum.

and since you reset the site a second time... I still cant change the password. awesome!

Ski

May we all, get to have a chance to ride the fast one, walk away wiser when we crash one, keep hopin that the best one is the last one.

Last edited by skidooboy; 06-23-2016 at 07:53 PM.
skidooboy is offline  
post #6 of 13 Old 06-23-2016, 08:03 PM
Track Day Rider
 
Siwa's Avatar
 
Join Date: Apr 2016
Location: Sydney, Australia
Posts: 207
Posting Frequency
 
Garage
Just going to chime in here since a lot of you seem to have some pretty strong feelings toward this.
My day job is a Security Consultant. Not one who sits in your office telling you how many times you should reset your password. But the kind who is hired to break companies, and tear apart networks.
I am hired to target people like you guys in order to get at things much bigger.

While this forum is essentially a pool for discussion knowledge etc, I can tell you now, with some compromised accounts on here, myself and the people I work with could do considerable damage. Not here, but everywhere else you touch.
We treat forums, and 'hobby' sites as large targets during attack simulation jobs as they can be gateways into companies through password reuse, personal information disclosure, and social engineering.

I won't go into a massive rant, but simply tell you a story from a year or so back.

My boss was hired to attack a large global company.
His first stop was to target the people, not the technology.
He chose someone who was a Sys Admin and began looking at his life.
He noticed he enjoyed hiking as mentioned in a little blurb somewhere.
Due to tracking him down on some obscure hiking website, somewhere he felt comfortable, he socially engineered him through the site, leading to the compromise of his email accounts and Macbook, then used that as gateway into his corporate life. The end result was full compromise of his companies domain.

While this is not common. It is done. Everything in your life is a lot more connected than you think.

You're all free to make whatever passwords you want. But, as some advice, don't go for short complicated little things. Honestly, the most time consuming passwords to bruteforce or use a dictionary attack against are simply long ones.

Eg:
wowthissureisareallylongpassword
is far better than
H3lloK1t7y!!@

For every character you add to your password, you exponentially increase the time it takes to brute. That leaves human guessing, or a different attack vector, such as phishing.

I could go far more in-depth with all this but I'm sure most of you have stopped reading by now.
dudewhrsmybike and ZZRJo like this.


2016 - ZX-10R KRT Winter Edition
2008 - WR450F Motard (Sold)
2004 - GSXR-600 Track (Sold)
1964 - AJS CSR 500 Thruxton
1963 - Triumph Chopper
Siwa is offline  
post #7 of 13 Old 06-23-2016, 08:56 PM
Administrator
 
YSR50's Avatar
 
Join Date: Apr 2004
Location: Chicago burbs
Posts: 6,587
Posting Frequency
Images: 32
 
Garage
Thanks for chiming in Siwa. People rarely think of the big picture, past their current little situation. This site is part of a large company that employs many people. Keeping members info safe is good for business.

If this site has more stringent requirements than your financial accounts and you only do their minimum, that's good news for Siwa.

And as for the "techy admin" comment, I had nothing to do with the changes. I was just replying to your comment with, what I thought was, common sense.

If you are having problems changing your password, and have tried the usual (log out, clear cookies/cache, restart, log back in ...) without any luck then reply here with your OS, browser, and any other info that might help us troubleshoot your issue.

"Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind."
--Dr. Seuss

Last edited by YSR50; 06-23-2016 at 08:59 PM.
YSR50 is offline  
post #8 of 13 Old 06-23-2016, 08:59 PM
Squid
 
kronos's Avatar
 
Join Date: Jun 2016
Posts: 49
Posting Frequency
 
I just came here to verify that the emails I got regarding password reset were legitimate. I received the same notifications for a few other forum sites I visit.

Quote:
Originally Posted by Siwa View Post
I won't go into a massive rant, but simply tell you a story from a year or so back.

My boss was hired to attack a large global company.
His first stop was to target the people, not the technology.
He chose someone who was a Sys Admin and began looking at his life.
He noticed he enjoyed hiking as mentioned in a little blurb somewhere.
Due to tracking him down on some obscure hiking website, somewhere he felt comfortable, he socially engineered him through the site, leading to the compromise of his email accounts and Macbook, then used that as gateway into his corporate life. The end result was full compromise of his companies domain.

That's actually quite fascinating. Sounds like a fun job to me!
dudewhrsmybike likes this.
kronos is offline  
post #9 of 13 Old 06-24-2016, 11:19 AM
Street Rider
 
ZZRJo's Avatar
 
Join Date: Mar 2015
Posts: 95
Posting Frequency
 
I'm with Siwa on this.

I've been in every facet of IT in my professional career. Systems administration, Network Administration, Application development, the list goes on. I'm currently employed as a security engineer for an IT training company. I write labs on -- as well as teach -- penetration testing, ethical hacking, etc to CISSP hopefuls, work on tech white papers, present feedback on technical articles, etc. I also do bug bounty programs and penetration testing, much like Siwa, at an enterprise level. One of the biggest security concerns in my professional life has been my employees, end users, etc utilizing small time websites like hobbyist sites, church websites, forums and even small town chamber of commerce sites.

It's my turn to give you all a scenario.

When I was younger, I found a small town chamber of commerce site running on an outdated version of wordpress. It had a flash page based vulnerability that let me upload arbitrary files to their webserver. What this allowed me to do was create a 'new' login page on their site that still used their top-level domain name and their web certificate. AKA, to the regular Joe, and even software-implemented security measures, it was completely safe and legit. This login page was then able to be emailed out through spear-phishing and users began logging in with it almost immediately. A vast majority of users used the same username/email/password for everything. Bank accounts, social media accounts, you name it.

That's the problem. That's what they are trying to warn you about. Password reuse is a serious problem. They aren't necessarily concerned with what personal data you may share on this forum but, rather, what other accounts your credentials will link to.
ZZRJo is offline  
post #10 of 13 Old 06-24-2016, 12:57 PM
tdh
GP Rider
 
tdh's Avatar
 
Join Date: Jan 2015
Posts: 1,479
Posting Frequency
 
Quote:
Originally Posted by Siwa View Post
Eg:
wowthissureisareallylongpassword
is far better than
H3lloK1t7y!!@
Dammit, thanks for posting my password! Now I have to go change it again. :(
dudewhrsmybike and Siwa like this.

.
tdh is offline  
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Kawasaki ZX-10R.net forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome