http://www.vg247.com/forum/topic.php?id=4585 Just another bbPress community en-US Sun, 26 May 2013 08:34:31 +0000 http://bbpress.org/?v=1.0.2 q http://www.vg247.com/forum/search.php http://www.vg247.com/forum/topic.php?id=4585#post-22223 Mon, 02 May 2011 19:20:28 +0000 Kerplunk 22223@http://www.vg247.com/forum/ <p>@ Ireland Michael:</p> <p>The latest US PS Blog <a href="http://blog.us.playstation.com/2011/05/02/playstation-network-security-update/?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+PSBlog+%28PlayStation.Blog%29&amp;utm_content=Google+Reader">update</a> makes an important clarification on the topic of password storage:</p> <blockquote><p> While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form.</p> </blockquote> <p>Details between the methods referred to are linked to on the blog article.</p> <p>Would be nice to see this clarification and reassurance reported as news. Though as it's not scaremongering information I doubt it's considered especially newsworthy. :-\</p> <p>UPDATE:<br /> Just for fun, I did a little checking of this site. Guess what? It's not running the latest version of Wordpress. In fact, if the authenticity of certain files on this site's server is correct, it's at least 5 revisions old. And that's including a number of (wait for it!) SECURITY updates too.</p> <p>Most recent Wordpress revision: 3.1.2<br /> This site's Wordpress revision (according to certain files on the site): 3.0.4</p> <p>To access this information, all you need to know is how files are laid out in a Wordpress installation and the ability to type addresses into a web-browser's URL bar.</p> <p>Wordpress is fantastic software and most incremental updates include security fixes. Updating Wordpress is a 1-click affair that can be done from the Wordpress dashboard. No unzipped or FTPing required. </p> <p>I'd love to know why this site isn't as secure as it could be and why standard .htaccess control isn't implemented on the server to prevent the sort of basic snooping I've done.</p> <p>Maybe we'll get a press conference about it? Or perhaps it'll just get ignored and hope it goes away? :) </p> http://www.vg247.com/forum/topic.php?id=4585#post-22218 Mon, 02 May 2011 15:33:52 +0000 Edo 22218@http://www.vg247.com/forum/ <p>Is this a trick question!? </p> http://www.vg247.com/forum/topic.php?id=4585#post-22141 Fri, 29 Apr 2011 11:58:18 +0000 Ireland Michael 22141@http://www.vg247.com/forum/ <p>Practically every database on earth encrypts user passwords by default. Even WordPress, the software running this site, does so. </p> <p>*Not* doing so isn't just stupid. It's flat out incompetent. </p> http://www.vg247.com/forum/topic.php?id=4585#post-22140 Fri, 29 Apr 2011 11:14:46 +0000 freedoms_stain 22140@http://www.vg247.com/forum/ <p>Well, British people do, the Data Protection Act gave us that right. </p> http://www.vg247.com/forum/topic.php?id=4585#post-22138 Fri, 29 Apr 2011 09:09:15 +0000 Kerplunk 22138@http://www.vg247.com/forum/ <p>Absolutely people have the right and expectation.</p> <p>But not at the expense of their own responsibility in the same areas. Security begins with you.</p> <p>These entities only have the information that you give them. Of course, it's <em>convenient</em> to buy things online with a card. For many, its simpler to put their card details into PSN then go out and buy a pre-paid card and do things that way. That's a choice people make and one that they are responsible for.</p> <p>- How often to you check your card transactions?<br /> - Do you know the balance of your bank account(s) right now?<br /> - Do you have a username/password combination that's used in more than one place?<br /> - Do you keep all your email receipts for your online transactions?</p> <p>As for vendors retaining card details. Yes, that's a very good point. Rather than being a manual 'opt out' policy where details are kept unless you manual choose to remove them it may be better to have the opposite situation. This will sacrifice convenience for security but I think that is the main trade-off in all this. Which is genuinely more important to you?</p> <p>I would also add that publicly posting IP addresses of visitors to your site <em>for any reason</em> is irresponsible in the extreme. I've seen it happen by a 'Keymaster' on this site quite recently. I sincerely hope that such irresponsible misuse of private information doesn't occur again. </p> http://www.vg247.com/forum/topic.php?id=4585#post-22137 Fri, 29 Apr 2011 08:21:13 +0000 frostquake 22137@http://www.vg247.com/forum/ <p>I do that as well Syrok. Unfortunately, you can't use False Credit Card Information if your an honest Consumer. They should give you the OPTION to NOT SAVE YOUR INFORMATION!</p> <p>Though with Sony, you can use only Sony Pre-Paid Cards, which is what i have been doing for sometime now! </p> http://www.vg247.com/forum/topic.php?id=4585#post-22136 Fri, 29 Apr 2011 08:16:24 +0000 Syrok 22136@http://www.vg247.com/forum/ <p>Of course you have the right to expect that your information is secure and kept private, but at the same time you also have to expect that something can go wrong at any time. I always try to give as little information as possible and where I can I will use false information. </p> http://www.vg247.com/forum/topic.php?id=4585#post-22135 Fri, 29 Apr 2011 08:08:00 +0000 frostquake 22135@http://www.vg247.com/forum/ <p>I guess in this day and age, with all our Information on a Database somewhere, do we really have a right to expect privacy and security of our information?</p> <p>Do we expect VG247 to keep our Passwords encrypted? What exactly do we expect in security? Do we assume, I know I have gotten Lazy, that everywhere we go and input data that it is safe?</p> <p>My HUGE complaint, is that I should be able to not have my information saved!! Some sights offer it, but most do not. Wal-Mart and Amazon, for example, will store your Credit Card information on your first order. I then have to go in after each order and delete it, over and over again!</p> <p>Every Site needs a way of deleting or not saving your information, asking you, "would you like to save this information?"</p> <p>I am afraid for this to happen though, in the USA, will need to have an act of congress to make it law!</p> <p>So if anything, the Sony Debacle, has once again awakened us to be careful with our information. The Question is, "How long will it be before we become complacent again?" </p> <p>I think the answer to the above question will be "not very long, till we are back to our lazy ways!" </p>