,.....AAAAAAAAAAAAAAAAAAHHHHHHH I don't even want to click those screenshots because it will probably only make me froth with rage and frothing rage is only good when you can take it out on the guilty party.
Yeeeeah, it's pretty ragetastic, and not even counting the original stupidity and subsequent backpedalling, the comments from people defending the assholes are just...
Mmrph. Well, this post is a condensed version, too, anyways - it's linked in the post I linked up above. It's a better and more clear write-up, but definitely has triggery sorts of things within.
Apparently the foundations of the site were built on rather shaky and insecure ground as is. Hackerfolk have been poking all sorts of holes in it over the past few months, I guess.
Still, I think the security issues here are the least of anyone's worries.
I've not heard any cries of conspiracies, personally. All I know is that the above information has been verified, and besides that, Dragoneer has been digging himself even deeper in comments made about the issue.
Comments 6
Reply
Mmrph. Well, this post is a condensed version, too, anyways - it's linked in the post I linked up above. It's a better and more clear write-up, but definitely has triggery sorts of things within.
Reply
However, this looks like the site code was designed expressly to go through PMs, which is a different issue altogether.
I would strongly suggest that anyone who is on FA change any passwords that are the same as their FA password.
If the code lets him check PMs... it just as easily could let him check passwords.
I know for a fact this is a simple matter - I've done it myself as a forum admin (as part of tracking down and banning socks).
Unless the forums were using a standard forum package (where the code prevents password snooping from the get go), it's quite likely you're exposed.
Reply
Still, I think the security issues here are the least of anyone's worries.
Reply
Reply
Reply
Leave a comment