CyberHustler

Aww man this is going to be a fun one... for me at least, since I don't use Paxum. 50+ people who don't learn from the past? We shall see.

ZeroHero

Thanks Ruth

Rothstein

Fletch XXX

Join Date: Jan 2012



doing biz here for decade before you came along.

LOL

__________________

Want an Android App for your tube, membership, or free site?

Need banners or promo material? Hit us up (ICQ Fletch: 148841377) or email me fletchxxx at gmail.com - recent work - About me

Rothstein

Had over 10 nicks before yours was registered.

Go sell some more $5 banners, banner boy.

Fletch XXX

hahaha

gotcha well thanks for the eyes.

I always appreciate the new business these threads bring.

I use paxum if anyone needs adult services and use this as payment just hit me up!

__________________

Want an Android App for your tube, membership, or free site?

Need banners or promo material? Hit us up (ICQ Fletch: 148841377) or email me fletchxxx at gmail.com - recent work - About me

Fletch XXX

ooohh banner boy, havent heard that one inawhile, forgot who coined it.

Nonetheless, my banners are not $5.

prices here http://www.getbannersmade.com

but I will make any client who emails me a deal and do some $5 ones just because of this thread LOL

email me!

__________________

Want an Android App for your tube, membership, or free site?

Need banners or promo material? Hit us up (ICQ Fletch: 148841377) or email me fletchxxx at gmail.com - recent work - About me

mafia_man

MD5 has been ripped to pieces a long time ago. As a financial institution they should be using bcrypt minimum.

__________________
I'm out.

vdbucks

They should be using their own algorithm...

facialfreak

YOUR PASSWORDS ARE IN MOTION ... PLEASE REMAIN CALM!!

-----------------

So glad I do not have a horse in the PAXUM race ...

I learned my lesson with epassporte.

__________________

Managed Shared Hosting starting at $4.99/mo
Managed VPS starting at $29.99/mo

cherrylula

In case anyone missed the PAXUM response, they fixed the issue and were upgrading something.

Rothstein

Idiot, this thread is about security.

vdbucks

That's the 'official' response... but anyone worth anything knows that a company doesn't take their site down without ample warning to perform upgrades. It's really that simple.

Had people been warned a week or more before they went down for their "upgrades" then there wouldn't be a problem... but considering they went down unexpectedly tells us something went wrong somewhere... and since they're saying they're down for "security upgrades" and have foolishly sent all of their clients plain text passwords via email... the whole thing screams "we were hacked and we're trying to make it look like we weren't".

pornmasta

Money is in motion ...

mafia_man

Nonononono

Bad idea.

__________________
I'm out.

vdbucks

Why? if you don't know the algorithm then it's harder to crack.... assuming of course they have someone who knows wtf they are doing... which from the looks of it, they currently don't so you're probably right :P

pornmasta

you need to be a specialist in cryptography to create an algorithm.
Of course you could combine some solid algorithms together but not to use only one of your own.

anexsia

my theory is there will be a new movie out shortly about paxum.

ladida

1. Unscheduled downtime
2. Everyone's password reset and you can't use your old one that you had with paxum
3. Unable to transfer funds to mastercard.

It's pretty safe to say its not just a "login upgrade". Such actions are always a case when your site gets compromised. Seen it far too many times.

__________________
agentGFY *at* gmail.com

AdultEUhost

Something weird is happening here for sure.

When I login with the new password and try to set it back to what it was I get:

"The new password you have entered has been used in the past. Please select a password that has never been used on this account."

So Paxum does know our old passwords and still have them in their possession. Hence the fact they email a new password to everyone in plain text is just borderline ridiculous. They could have easily put up a page where you can login with your current password and set a new password after you have identified yourself by logging in.

I don't know about Canada but every financial institution should report any hacks. The fact that Paxum holds funds for a ton of account holders and thus probably millions makes it an interesting goal for people who need quick cash without having to buy a gun and rob a bank. It is probably targeted daily by hackers.

I am not saying Paxum got hacked but as an account holder I demand a better and more detailed explanation, my bullshit radar is reporting very high numbers currently.

__________________
ICQ: 267-443-722 / leon [at] adulteuhost [dotcom]

Nominated for an XBIZ Award as "Webhost of the Year" in 2007, 2012, 2013 and 2014

Best-In-BC

ROFL, under that logic we should all take our money outta the banks ;) if we are to learn something from epass it'd be not to leave insane amounts of money in your account.

__________________
Vacares - Web Hosting, Domains, O365, Security & More
Unparked domains burning a hole in your pocket? 5 Simple Ways to Make Easy $$$ from Unused Domains

mafia_man

This shocked me also. Paxum knew about my previous passwords which means they are being stored in the clear somewhere.

__________________
I'm out.

AdultEUhost

That is not true and most unlikely
They can have it stored in their database as a md5 hash for example and just compare your entry after they md5 it.

The point is though that they do have the old passwords which makes this whole email with a clear text password in it not only unnecessary but from a security point a view also very stupid

__________________
ICQ: 267-443-722 / leon [at] adulteuhost [dotcom]

Nominated for an XBIZ Award as "Webhost of the Year" in 2007, 2012, 2013 and 2014

epitome

suesheboy

It boggles my mind that people use unprotected services such as this and the insane amount of dishonesty and bullshit spewed out by them let alone actions that are lets just say not even professional for a company operating in the 90s on the internet.

Doesn't mater what will happen. The vast majority will continue to use service such as this. Once a fool always a fool.

__________________
Adult Web Site Domain Names For Sale
Adult Sex Toy Domain Names For Sale
Tantric Delights, Sex Toys Blog, Tantric Sex Toys

RuthB

We initially anticipated this update to take approximately three hours. However, during our migration to the new and improved security login engine we encountered some difficulties porting the old passwords to the new system. Since we do not have access to the passwords ourselves we had to reset everyone's password during this process. Once reset we were able to continue implementation of the new login engine and complete our updates. Unfortunately our estimated downtime was much longer than we first thought and we sincerely apologize for the additional downtime.

In regards to the plain text emails; we took the necessary measures to protect the passwords. We activated approval codes (users can disable them), and we sent a separate authentication key, which greatly reduces the odds of having the information fall into the wrong hands. There have been several waves of phishing attempts targeting Paxum clients recently, and this is partly the reason we thought it wise to not include HTML in our notifications.

In response to the query regarding the 'password match' when resetting your password;

Paxum does not store passwords in clear text and never has. What we store is a crypt result based on an algorithm and not the actual password. When somebody logs into the system we apply the same crypt algorithm to the password entered by the user and compare the result with what we have stored on the client file. We do not know the actual password, that's why you cannot recover the password from the system when forgotten. You can only reset it.

Now as to how we knew you were trying to set the same password as before, that's easy. After you enter the password on the interface we create the crypt result based on the new engine and we also create the crypt result based on the old engine. Therefore, the comparison can be made between the crypt results from both engines.

Ultimately, the purpose of this new update is to create an even safer environment for our clients. We sincerely hope our intentions here are clear, and that is; to protect our clients.

__________________
Send & Receive Mass Global Payments - Mass P2P/Wire/EFT/SEPA - Adult Industry Friendly - Award Winning Payment Service - Fast, Reliable & Secure!
Paxum ...... Paxum Bank
Email: [email protected] ~ Telegram: PaxumRuth

mafia_man

Oops brain fart. Of course they are being hashed on the fly and compared. Although I'm not a big fan of companies storing my old passwords because they could still be in use elsewhere. Also nobody should use MD5 these days.

Edit: I remember why I said it was plaintext now. The site said that the password was too similar to one I've used before so it's not a hash that's being stored.

__________________
I'm out.

epitome

Are there plans to not do feature upgrades on a Friday afternoon during regular business hours?

As a worldwide service provider its always regular business hours in some time zone, but upgrading during a weekend would be easier on customers.

CyberHustler

RuthB

Based on our knowledge of our customers activity, Friday afternoon is typically one of the least busy times at Paxum. This is the reason we chose the time we did to make the upgrade.

We will take your suggestion for weekend downtime into consideration for future upgrades though. Thank you for sharing your thoughts.

__________________
Send & Receive Mass Global Payments - Mass P2P/Wire/EFT/SEPA - Adult Industry Friendly - Award Winning Payment Service - Fast, Reliable & Secure!
Paxum ...... Paxum Bank
Email: [email protected] ~ Telegram: PaxumRuth

ThumbLord

ticket #141539 could somebody please look into it.
would be great!

__________________
We Sell Domains | ThumbLords | ICQ 128106905 | TubeLords | Traffic Holder | eRoken

RuthB

Hi ThumbLord, Your request involves some manual changes. We estimate to have your request complete by Monday. Thanks

__________________
Send & Receive Mass Global Payments - Mass P2P/Wire/EFT/SEPA - Adult Industry Friendly - Award Winning Payment Service - Fast, Reliable & Secure!
Paxum ...... Paxum Bank
Email: [email protected] ~ Telegram: PaxumRuth

livexxx

so if I'm an obnoxious sysadmin all I have to do is trawl all my employees emails and see if there are any paxum passwords in there? neat. Beats reading about secret office love affairs.

__________________
http://www.webcamalerts.com for auto tweets for web cam operators

ThumbLord

Thanks Ruth.

__________________
We Sell Domains | ThumbLords | ICQ 128106905 | TubeLords | Traffic Holder | eRoken

ZeroHero

changes are great , but not to often , btw Ruth you tha best Paxum should pay more for speaking in the ZOO with the monkeys