Server vulnerability 14 July 2013 - Database restored and passwords reset

So I lost like 50 something posts. I can rebuild back to what I had.

Hilbert is it possible for you to repost your reviews for the various GeForce gtx 760 cards?

 

No need to send me a PM, as it's clear to me now that it must be a very hard to do. I normally just think of a password, and then type it, but you appear to be trying to bend time and space in thinking up a password so uncrackable that it would give a Chinese hacker sleepless nights.

 

I'm surprised we had very little down time in all of this. Nvidia forums were down for months when something similar happened. Well done!

 

try to bend time and space?

already done it.

 

Well, that's why I use KeePass. =b

Useful for generating strong passwords and saving them.
Then I just put the .kdbx file on SpiderOak.
A 3-minute affair on average.

 

It doesn't matter, as the password is still stored on the server as a XML file, or something like that, anyway.

 

Uh...what?
Don't really get what you meant by "doesn't matter".

 

By creating a strong password, as they are stored on the server too. So if someone manages to retrieve these, the password will be copied. But overall a strong password is good to stop anyone from guessing your password.

 

Usually the one being stored on the database is the one-way hash of the password, not the password itself.
If someone manages to retrieve it, it won't mean jack crap.

On sites/services that stores encrypted sensitive information like credit card numbers, the hash is usually only used to identify a user, but the one being used to encrypt the user's data is still the user's password (with added salt if the admin wants to) so the hash of the password can't be used to decrypt those data.

So yes, it matters having a strong password, the server being hacked or not.
It is so that it'll be harder for miscreants to guess your password or decrypt your encrypted data.

 

When you are talking about sites storing your own CC/debit card details or a personal email address, then yes a strong password is needed. But for gaming sites, nah.

 

This. All discussion forums I use pretty easy, basic passwords. Anything involving money, transactions, or even email accounts, then its something else.

 

The worst thing about this hack.

Seriously though, sucks about this. Security is where it's at, future career people!

 

And I was just replying to your statement regarding having strong passwords "doesn't matter" when someone hacked a server because he/she'll have the password anyway, which is not.

 

That doesn't mean the password the hacker got from an admin was a weak password, chances are it wasn't. I should have worded it better the first time, sorry.

 

Corrected!

 

Hilbert has already apologized to the community.
Please accept it and move on.
Thank you,

 

Good to be back.

 

Now I know why all the new Kerbal Space Program images disappeared 9___9

 

Ah, so that's what it is...kinda had rollback here, lost 100 posts.