|
:1orglaugh Aww man this is going to be a fun one... for me at least, since I don't use Paxum. 50+ people who don't learn from the past? We shall see.
|
Quote:
|
Quote:
|
Join Date: Jan 2012
:1orglaugh :1orglaugh :1orglaugh doing biz here for decade before you came along. LOL |
Quote:
Go sell some more $5 banners, banner boy. |
Quote:
gotcha well thanks for the eyes. I always appreciate the new business these threads bring. I use paxum if anyone needs adult services and use this as payment just hit me up! |
Quote:
Nonetheless, my banners are not $5. prices here http://www.getbannersmade.com but I will make any client who emails me a deal and do some $5 ones just because of this thread LOL email me! |
Quote:
|
Quote:
|
http://farm6.staticflickr.com/5052/5...0850270b7c.jpg
YOUR PASSWORDS ARE IN MOTION ... PLEASE REMAIN CALM!! ----------------- So glad I do not have a horse in the PAXUM race ... I learned my lesson with epassporte. :Oh crap |
In case anyone missed the PAXUM response, they fixed the issue and were upgrading something.
|
Quote:
|
Quote:
Had people been warned a week or more before they went down for their "upgrades" then there wouldn't be a problem... but considering they went down unexpectedly tells us something went wrong somewhere... and since they're saying they're down for "security upgrades" and have foolishly sent all of their clients plain text passwords via email... the whole thing screams "we were hacked and we're trying to make it look like we weren't". |
Quote:
Money is in motion ... :winkwink: |
Quote:
Bad idea. |
Quote:
|
Quote:
Of course you could combine some solid algorithms together but not to use only one of your own. |
Quote:
|
1. Unscheduled downtime
2. Everyone's password reset and you can't use your old one that you had with paxum 3. Unable to transfer funds to mastercard. It's pretty safe to say its not just a "login upgrade". Such actions are always a case when your site gets compromised. Seen it far too many times. |
Something weird is happening here for sure.
When I login with the new password and try to set it back to what it was I get: "The new password you have entered has been used in the past. Please select a password that has never been used on this account." So Paxum does know our old passwords and still have them in their possession. Hence the fact they email a new password to everyone in plain text is just borderline ridiculous. They could have easily put up a page where you can login with your current password and set a new password after you have identified yourself by logging in. I don't know about Canada but every financial institution should report any hacks. The fact that Paxum holds funds for a ton of account holders and thus probably millions makes it an interesting goal for people who need quick cash without having to buy a gun and rob a bank. It is probably targeted daily by hackers. I am not saying Paxum got hacked but as an account holder I demand a better and more detailed explanation, my bullshit radar is reporting very high numbers currently. |
Quote:
|
Quote:
|
Quote:
They can have it stored in their database as a md5 hash for example and just compare your entry after they md5 it. The point is though that they do have the old passwords which makes this whole email with a clear text password in it not only unnecessary but from a security point a view also very stupid |
http://newvimaxpills.org/wp-content/...vimaxpills.gif http://i30.photobucket.com/albums/c3...tz/2cmrqm8.jpg TRUST US, EVERYTHING IS FINE! |
It boggles my mind that people use unprotected services such as this and the insane amount of dishonesty and bullshit spewed out by them let alone actions that are lets just say not even professional for a company operating in the 90s on the internet.
Doesn't mater what will happen. The vast majority will continue to use service such as this. Once a fool always a fool. |
We initially anticipated this update to take approximately three hours. However, during our migration to the new and improved security login engine we encountered some difficulties porting the old passwords to the new system. Since we do not have access to the passwords ourselves we had to reset everyone's password during this process. Once reset we were able to continue implementation of the new login engine and complete our updates. Unfortunately our estimated downtime was much longer than we first thought and we sincerely apologize for the additional downtime.
In regards to the plain text emails; we took the necessary measures to protect the passwords. We activated approval codes (users can disable them), and we sent a separate authentication key, which greatly reduces the odds of having the information fall into the wrong hands. There have been several waves of phishing attempts targeting Paxum clients recently, and this is partly the reason we thought it wise to not include HTML in our notifications. In response to the query regarding the 'password match' when resetting your password; Paxum does not store passwords in clear text and never has. What we store is a crypt result based on an algorithm and not the actual password. When somebody logs into the system we apply the same crypt algorithm to the password entered by the user and compare the result with what we have stored on the client file. We do not know the actual password, that's why you cannot recover the password from the system when forgotten. You can only reset it. Now as to how we knew you were trying to set the same password as before, that's easy. After you enter the password on the interface we create the crypt result based on the new engine and we also create the crypt result based on the old engine. Therefore, the comparison can be made between the crypt results from both engines. Ultimately, the purpose of this new update is to create an even safer environment for our clients. We sincerely hope our intentions here are clear, and that is; to protect our clients. |
Quote:
Edit: I remember why I said it was plaintext now. The site said that the password was too similar to one I've used before so it's not a hash that's being stored. |
Are there plans to not do feature upgrades on a Friday afternoon during regular business hours?
As a worldwide service provider its always regular business hours in some time zone, but upgrading during a weekend would be easier on customers. |
What about the bitcoins thing? Just a timely coincidence?
|
Quote:
We will take your suggestion for weekend downtime into consideration for future upgrades though. Thank you for sharing your thoughts. :) |
ticket #141539 could somebody please look into it.
would be great! |
Quote:
|
so if I'm an obnoxious sysadmin all I have to do is trawl all my employees emails and see if there are any paxum passwords in there? neat. Beats reading about secret office love affairs.
|
Thanks Ruth.
|
changes are great , but not to often , btw Ruth you tha best Paxum should pay more for speaking in the ZOO with the monkeys :)
|
| All times are GMT -7. The time now is 10:33 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123