[jillybean]

And need

[jillybean]

to catch up

[jillybean]

on upvotes

[Free]

lol

[mycroft]

Elianna, on 2011-June-06, 15:16, said:

I do know other bridge players who are members of ravelry, and I know someone else who is a member of both forums, but he is not a frequent poster, and has not posted on this thread.

Sorry to put serious information into a fabulous forum thread like this, but if you don't know about Ravelry being hacked, and to change your password, as well as passwords on any other account anywhere (BBO?) that has the same username/password combination, you should.

(please note, link from (yet another site), and as I am not a ravelry member, I can't read it without logging in to confirm, but I trust the several people who pointed this out. *If* I am just scare-mongering, I am really sorry).

[Free]

I think JLOGIC can use some upvotes to compensate for Lurpoa's manhunt.

[mtvesuvius]

Free, on 2011-June-15, 07:43, said:

I think JLOGIC can use some upvotes to compensate for Lurpoa's manhunt.

lol I think everyone does. Hmm, I am dangerously close to 100 rep.

Oh and happy birthday!

[Elianna]

mycroft, on 2011-June-10, 15:49, said:

Sorry to put serious information into a fabulous forum thread like this, but if you don't know about Ravelry being hacked, and to change your password, as well as passwords on any other account anywhere (BBO?) that has the same username/password combination, you should.

(please note, link from (yet another site), and as I am not a ravelry member, I can't read it without logging in to confirm, but I trust the several people who pointed this out. *If* I am just scare-mongering, I am really sorry).

Of course I saw that, it was front page news there. But who is silly enough to have the same username/password combo on different sites that you can spend money?

[cherdano]

Elianna, on 2011-June-16, 13:45, said:

But who is silly enough to have the same username/password combo on different sites that you can spend money?

Many.

[PassedOut]

Elianna, on 2011-June-16, 13:45, said:

Of course I saw that, it was front page news there. But who is silly enough to have the same username/password combo on different sites that you can spend money?

Reminds me of a time I did some contracting for a company in Atlanta and needed a half dozen passwords to get at the various systems involved. Huge red-on-white signs hung in every room:

1. Use a different password for each system!
2. Change your passwords every week or lose your privileges!
3. Never use the same password twice!
4. Never write down your passwords!

They were very security conscious.

[hotShot]

PassedOut, on 2011-June-16, 14:23, said:

Reminds me of a time I did some contracting for a company in Atlanta and needed a half dozen passwords to get at the various systems involved. Huge red-on-white signs hung in every room:

1. Use a different password for each system!
2. Change your passwords every week or lose your privileges!
3. Never use the same password twice!
4. Never write down your passwords!

They were very security conscious.

Actually they were not.
If you change your password on half a dozen systems every week, you need to learn 6 passwords every week. After a few weeks you will start to mix them up or you will start to invent some systemic change. e.g. use the same password, with the number of the week in the end or you will violate rule 4 and write them down.
So rules 1 and 2 force you to violate rules 3 and 4.

Does changing the password help? No really.
Assume it takes 7 days to try all possible passwords, and assume that you change the password at the end of day 1.
If your password was hacked at day 1, the damage was already done.
If it was not hacked, than changing the password has a 6 to 1 chance that the new password is still in the set that hast to be tested. So changing the password will not slow down that hack in 6/7 of the cases. Obviously changing the password will help more if it happens at the end of the 7 day period. If your password is created in a way that it takes much longer than 7 days to hack you will hardly ever benefit from the change.
But ... if you change your system settings in a way that only on login try is allowed in 15 minutes, hacking an insecure 4 digit password will on average take 5000 times 15 minutes which is about 21 hours. Allowing one try every millisecond will allow the hack to be done in about 1.25 seconds.

So if these guys where really aware of security, they would have allowed you to pick a long password that you can remember and implemented a slow login retry.
This would allow you to follow rules 1,3 and 4.

As to rule 4, if you write down your password and put the paper with the password into a locked drawer of your desk.
It can usually only be accessed by someone who is allowed to enter your office. If your office is inside an access restricted area, the risk from writing down your passwords is very small.
In fact if you are able to use a password that is longer and more complicated, by writing it down the fact that it is more difficult to hack can over compensate for the small risk of writing it down.

[blackshoe]

"If we had our way, there wouldn't be any users!" -- US Navy LT, assigned to NSA, at a conference on computer security.

[PassedOut]

blackshoe, on 2011-June-16, 15:30, said:

"If we had our way, there wouldn't be any users!" -- US Navy LT, assigned to NSA, at a conference on computer security.

[PassedOut]

hotShot, on 2011-June-16, 15:10, said:

PassedOut, on 2011-June-16, 14:23, said:

They were very security conscious.

Actually they were not.

They were very conscious of security, but not actually secure. Those signs evidently eased the concerns of some managers.

[Vampyr]

Elianna, on 2011-June-16, 13:45, said:

Of course I saw that, it was front page news there. But who is silly enough to have the same username/password combo on different sites that you can spend money?

cherdano, on 2011-June-16, 14:15, said:

Many.

Err... nearly everyone?

[1eyedjack]

Fluffy, on 2011-June-02, 13:43, said:

or perhaps we could all go and upvote someone so he feels relieved, since shubi (or was it his name?) is not around anymore I propose pirate22 or TWOferBride

Rejoice. Shubi lives:
http://www.bridgebas...opic/46417-tst/

cherdano, on 2011-June-05, 17:05, said:

Well, over the last year or two, BBF has had flame wars, hurt feelings, and the quality of posts going down.

matmat, on 2011-June-05, 17:12, said:

I expect proof of this assertion to appear shortly.

I confidently expect the quality of posts to rise imminently.

(I have low aspirations. My goal is to reach "Excellent")

[Bbradley62]

hotShot, on 2011-June-16, 15:10, said:

PassedOut, on 2011-June-16, 14:23, said:

They were very security conscious.

Actually they were not.

Conscious, yes... smart, no.

[JLOGIC]

FWIW I just + voted myself 40 times after losing ~50 in 2 days of not posting on random old threads, and ~100 in general from lurpoa and some brand new accounts. Sorry if anyone is offended by that action, I am not trying to be a downvote police or whatever, and would not do that just because I disagreed with a BS - vote or something in normal conditions. Posting here to explain/not be shady.

[JLOGIC]

Finally, in relation to the Lurpoa thing:

http://www.bridgebas...917#entry555917

Action finally taken against Lurpoa. Rain thinks that Lurpoa was driven to this due to our harassment! I made a long post. My favorite part was remembering that jillybean first mass downvoted everyone in this thread (while downvoting was anonymous), then spammed this thread hoping for + votes (still anon downvoting). Then - votes were public, and I downvoted her, and she messaged me on BBO telling me to stop downvoting her! Haha. That is right up there with Lurpoa's profile posting that is in my signature, while downvoting everyone.

Haters gonna hate. At least jilly had the sense to stop downvoting everyone for no reason.

[Phil]

epic