electro-music.com   Dedicated to experimental electro-acoustic
and electronic music
 
    Front Page  |  Radio
 |  Media  |  Forum  |  Wiki  |  Links
Forum with support of Syndicator RSS
 FAQFAQ   CalendarCalendar   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   LinksLinks
 RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in  Chat RoomChat Room 
go to the radio page Live at electro-music.com radio 1 Please visit the chat
poster
 Forum index » electro-music.com
Please update your forum password(s)
Post new topic   Reply to topic
Page 1 of 1 [5 Posts]
View unread posts
View new posts in the last week
Mark the topic unread :: View previous topic :: View next topic
Author Message
blue hell
Site Admin


Joined: Apr 03, 2004
Posts: 24075
Location: The Netherlands, Enschede
Audio files: 277
G2 patch files: 320

PostPosted: Wed Oct 09, 2013 1:57 pm    Post subject:  Please update your forum password(s) Reply with quote  Mark this post and the followings unread

Recently we noticed some activities in the site's log files indicating that account details may have been obtained through a software vulnerability in one of the forum tools.

Although passwords are stored in an encrypted form it is technically possible that they may be misused anyway.

Also it seems highly likely that email addresses and user names have been read from the forum database and from the shop database.

We would recommend that all users update their account password(s) for electro-music.com, and when that same password is used for other sites as well it would be a good idea to change it there as well.

We are very sorry for the inconvenience caused by this.

The particular vulnerability that was discovered has been fixed now. We are monitoring the forum traffic for suspect patterns, and so far have not seen any new alarming traffic.
Back to top
View user's profile Send private message Visit poster's website
varice



Joined: Dec 29, 2004
Posts: 961
Location: Northeastern shore of Toledo Bend
Audio files: 29
G2 patch files: 54

PostPosted: Wed Oct 09, 2013 4:05 pm    Post subject: Reply with quote  Mark this post and the followings unread

Thanks for the warning, Jan.

Regarding account security, it really is a good idea to change passwords occasionally. I haven’t changed mine since I joined. Embarassed But now I will.

I have noticed that recently I have been getting some phishing and outright fraudulent spam emails to my address on record here, much more now than in the past. But, I have no idea if it is related to this possible breach of the electro-music.com account information. I wonder if other forum members have noticed any recent increase in dangerous spam to their email inbox. If so, that may confirm that member email addresses have been compromised.

_________________
varice
Back to top
View user's profile Send private message
analog_backlash



Joined: Sep 04, 2012
Posts: 393
Location: Aldershot, UK
Audio files: 21

PostPosted: Wed Oct 09, 2013 4:10 pm    Post subject: Reply with quote  Mark this post and the followings unread

Thanks Jan.

I have just changed mine. No strange e-mails at the moment, but I'll let you know if anything dodgy turns up.

Gary
Back to top
View user's profile Send private message
blue hell
Site Admin


Joined: Apr 03, 2004
Posts: 24075
Location: The Netherlands, Enschede
Audio files: 277
G2 patch files: 320

PostPosted: Wed Oct 09, 2013 4:33 pm    Post subject: Reply with quote  Mark this post and the followings unread

varice wrote:
I have noticed that recently I have been getting some phishing and outright fraudulent spam emails to my address on record here, much more now than in the past. But, I have no idea if it is related to this possible breach of the electro-music.com account information. I wonder if other forum members have noticed any recent increase in dangerous spam to their email inbox. If so, that may confirm that member email addresses have been compromised.


I had noticed an increase too in the last couple of months, but as i have no special email address for the forum I could not relate it to that. It seems very plausible though ... the exploit had been invented in 2011, the first event I could see was on Sept 11 this year, but that is about where our log history ends.

I think the weak spot was at one place only, and I fixed that - still investigating for other places, and also some general precautions are being worked on. I started monitoring the logs for suspect patterns as well, to be able to act quickly when it happens again at some other place.

The technique used goes by the name of "DOUBLE QUERY INJECTIONS" - when you google that and go to sites maybe make sure you have your defense shields up, one tends to get on vague sites when searching for vulnerability explanations / exploits.

In general, it is based on the error reporting of mySQL, and on bad PHP code that does not properly sanitize web request URLs. The bad sanitizing allows for SQL injection. The SQL presented is designed to generate an SQL error and then the error message then tells more than it should - it's pretty clever actually Shocked

_________________
Jan
also .. could someone please turn down the thermostat a bit.
Posted Image, might have been reduced in size. Click Image to view fullscreen.
Back to top
View user's profile Send private message Visit poster's website
varice



Joined: Dec 29, 2004
Posts: 961
Location: Northeastern shore of Toledo Bend
Audio files: 29
G2 patch files: 54

PostPosted: Wed Oct 09, 2013 5:23 pm    Post subject: Reply with quote  Mark this post and the followings unread

Blue Hell wrote:
...the first event I could see was on Sept 11 this year...

Well, I think that is about the same time that I noticed the increase in malicious spam. Evil or Very Mad

_________________
varice
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic
Page 1 of 1 [5 Posts]
View unread posts
View new posts in the last week
Mark the topic unread :: View previous topic :: View next topic
 Forum index » electro-music.com
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Forum with support of Syndicator RSS
Powered by phpBB © 2001, 2005 phpBB Group
Copyright © 2003 through 2009 by electro-music.com - Conditions Of Use