Stan's Hacked??

[beck15]

There is an URGENT SITE ANNOUNCEMENT posted at the 'move submitted' page. it's not april 1st yet, so i know stan's not kidding.
so,,,
What would anyone stand to gain by hacking stan's ??

[savin]

beck,

I think "hacked" is a little strong of a word. Some of the players at the site do not use the most appropriate passwords. Stupid things like same password as name etc. This opens it up to someone trying to log in and guess a password and make a move in a game. The site is pretty secure, but if people's passwords are too easy to guess then .....

We had a similar problem a couple of years ago. We have just had this happen again so we felt it was worth making an appeal to the user base to try and use passwords that are not easily guessable.

I suspect a few will ignore the advace and sooner or later it will happen again ...

Anyway, nothing to worry about unless you have a very obvious password.

[yitwail]

i'm curious, was the culprit apprehended, so to speak?

[Stan Steliga]

I'm trying to deal with the problem without calling anyone out. The important thing to remember is that anyone on the internet can browse the pages at the site and try guessing passwords. That's why it's important to maintain a password that is impossible to guess.

[yassen]

How many cases of guessed passwords are we talking about?!

[Stan Steliga]

Only a couple, but it just pointed out that there are many vulnerable accounts because of insecure (guessable) passwords. I am actually going to implement some kind of simple password rules that will force people to use a more secure password. You won't be able to have a password that is the same as your nickname, part of your name...

Most sites and other password protected entities have some sort of password rules. I will not make it a nuisance... just more secure than it is now.

[perseus]

I had changed my password already. I sort of sussed this out.

[beck15]

is there a limit on the length of password here at stans??

[Stan Steliga]

Yes - it is currently limited to 10 characters. I realize that I should have allowed it to be longer. That might be one of the changes (allowing maybe up to 20 characters) we'll make when we work on making the passwords more secure.

When the site first went live, we didn't have the log in option, so you had to enter your password with everything. I think that is why I thought shorter passwords would be ok.

[Blockhead]

Perhaps I'm missing something here, but what is the actual scale and nature of the problem?

If someone guesses my SNC password what damage can they do? They could mess up some (all?) of my games! They could change my personal details on SNC, maybe make me look silly and absurd!

As a blockhead I don't think this would cause undue concern. Should my grade be affected why should I care? I have a sense of my own chessic worth, and I'm not unduly concerned if that is shared by my chessic peers or not. There is no reason I'm aware of why I couldn't just start over again!

I love being part of SNC but becoming paranoid about the possibility of someone getting access to my SNC account has no appeal. It would be a waste of my valued emotional inteligence.

Rather than seek the objective probability of an event occurring, it wearies me that so many abandon rational thought.

On hearing irresponsible media coverage, or worse, anecdotal evidence ... 'gossip', regarding wayward miscreants who 'threaten' to break into their homes (SNC account!), many willingly seek and embrace a siege mentality. They make every effort to transform a home into a 'protected' fortress.

Hold ups, c**k-ups, and lost socks, are part of the natural (dis)order of things.

I will continue using my present pass word.

I await the coming storm with calm equanimity.

[nightmare]

Hey Blockhead? Do you have any idea what you just said? Its sounds to me like a bag of hot air. I too dont care about wins and losses, but Idlike to get both on My playings not somebody elses.

[Blockhead]

nightmare said:

Hey Blockhead? ...

Hmmm, here's me thinking someone had swiped this annoying little mosquito from this MB for good!

[nightmare]

Whats a matter Blockhead? The truth hurts, doesn't it?

[yassen]

Some time ago, I learned another person's password, because he mistakenly typed it in the game comment field. No complicated password rules will protect you from that.

[nightmare]

Maybe Stan should look at using numbers as passwords.