Revenge of Mars!

Get all the latest news on Slitherine.

Moderator: Slitherine Core

Post Reply
IainMcNeil
Site Admin
Site Admin
Posts: 13498
Joined: Fri Apr 01, 2005 10:19 am

Revenge of Mars!

Post by IainMcNeil » Fri Mar 09, 2012 5:00 pm

It's been another long night and hard day with further sustained malicious attacks on the Slitherine server. We had to take the site offline to protect it and repair the damage and after many hours we're now back online.

The latest attack was completely different to the initial one and affected the server in a different way. While the changes we made did not stop the attack, this time we were able to trace how they got in and added extra protection to ensure this cannot happen again. In addition we were able to trace the IP address where the attack originated which is a huge step forwards in tracking down who did this.

As a result of the latest attack we have unfortunately lost some more data. This means any multiplayer turns played on the 8th March will be lost and games will revert to their state on the 7th March. We have also lost forum posts from the 8th March. The PBEM system is not fully online yet but we will have it back up in the next couple of hours.

We'd like to apologise again for any inconvenience. Thanks for your continued patience and support.

VPaulus
Slitherine
Slitherine
Posts: 7960
Joined: Mon Dec 27, 2010 8:33 pm
Location: Portugal

Re: Revenge of Mars!

Post by VPaulus » Fri Mar 09, 2012 5:09 pm

Go get them!

GrudgeBringer
Sergeant - Panzer IIC
Sergeant - Panzer IIC
Posts: 179
Joined: Tue Nov 29, 2011 1:59 am

Re: Revenge of Mars!

Post by GrudgeBringer » Fri Mar 09, 2012 7:12 pm

Good Job Guys....Hang em by their, well ya know what I mean.

From what I am gathering, we can (and I did get on the regular forum), but I might be the first one on there. I still can't get my password to get into games but I t DOES work here and the Forum. Hope that helps some.

enric
Brigadier-General - 8.8 cm Pak 43/41
Brigadier-General - 8.8 cm Pak 43/41
Posts: 1854
Joined: Sun May 15, 2011 8:47 am

Re: Revenge of Mars!

Post by enric » Fri Mar 09, 2012 7:22 pm

Maybe it's a stupid question, but who will be interested in doing this?, and why?,

peterrjohnston
Field of Glory Moderator
Field of Glory Moderator
Posts: 1506
Joined: Mon Jul 02, 2007 11:51 am

Re: Revenge of Mars!

Post by peterrjohnston » Fri Mar 09, 2012 7:26 pm

Iain, do you recommend changing passwords? No idea how far in they got.

IainMcNeil
Site Admin
Site Admin
Posts: 13498
Joined: Fri Apr 01, 2005 10:19 am

Re: Revenge of Mars!

Post by IainMcNeil » Fri Mar 09, 2012 7:52 pm

No need to change passwords - all passwords are stored hashed which means there is no way to work them out.

shadowdragon
Brigadier-General - Elite Grenadier
Brigadier-General - Elite Grenadier
Posts: 2043
Joined: Sat Nov 28, 2009 7:29 pm
Location: Manotick, Ontario, Canada

Re: Revenge of Mars!

Post by shadowdragon » Fri Mar 09, 2012 9:01 pm

enric wrote:Maybe it's a stupid question, but who will be interested in doing this?, and why?,
It's not a stupid question at all. Unfortunately it's not one that's being asked enough (i.e. who asks about security when buying their new mobile phone/tablet?); and many companies hide the fact that they've been a victim (i.e., don't want to lose customer confidence - full credit to slitherine for being up front on this).

Here's a wiki link to a list of the some things that have been going on:

http://en.wikipedia.org/wiki/List_of_cy ... eat_trends

You can google each one of the items listed and get more info, but one thing that you can be sure of is that the cyber threat world has moved waaaay beyond the geek in his basement/bedroom/garage doing a little bit of hacking.

Arcticthunder
Lance Corporal - Panzer IA
Lance Corporal - Panzer IA
Posts: 17
Joined: Wed Mar 07, 2012 3:43 pm

Re: Revenge of Mars!

Post by Arcticthunder » Fri Mar 09, 2012 9:16 pm

iainmcneil wrote:No need to change passwords - all passwords are stored hashed which means there is no way to work them out.
That's only true as long as they are salted, i.e randomness added when they are hashed. This is one oversight many hacked companies have made and embarrassed publicly by Anonymous and LulzSec over the past two years. These companies were naive enough to not add any randomness to the hashed passwords.

Without randomness, it means the same passwords were hashed to the exact same value. So hackers just correlated those with the most popular passwords like Password1 and could make a pretty good guess what the passwords are.

So please double check that the passwords are salted, aka SSHA (secure salted hashing algorithm).

Gersen
Administrative Corporal - SdKfz 251/1
Administrative Corporal - SdKfz  251/1
Posts: 128
Joined: Tue May 25, 2010 6:57 am

Re: Revenge of Mars!

Post by Gersen » Sat Mar 10, 2012 7:23 am

shadowdragon wrote:
enric wrote:Maybe it's a stupid question, but who will be interested in doing this?, and why?,
It's not a stupid question at all. Unfortunately it's not one that's being asked enough (i.e. who asks about security when buying their new mobile phone/tablet?); and many companies hide the fact that they've been a victim (i.e., don't want to lose customer confidence - full credit to slitherine for being up front on this).

Here's a wiki link to a list of the some things that have been going on:

http://en.wikipedia.org/wiki/List_of_cy ... eat_trends

You can google each one of the items listed and get more info, but one thing that you can be sure of is that the cyber threat world has moved waaaay beyond the geek in his basement/bedroom/garage doing a little bit of hacking.
But "why"? I don't get it. I understand motives behind crippling large corporations, Govt websites etc. But a wargaming hobby site? :roll:

enric
Brigadier-General - 8.8 cm Pak 43/41
Brigadier-General - 8.8 cm Pak 43/41
Posts: 1854
Joined: Sun May 15, 2011 8:47 am

Re: Revenge of Mars!

Post by enric » Sat Mar 10, 2012 8:14 am

I think there are two main ways to try to understand reason behind this: profit or hate.
Profit. What economical profit could be obtained attaching a wargaming hobby site?, well maybe getting the VISAS of customers. but has really Slitherine this info? or is the PayPal or similar who keeps it?. Or the profit will come from avoiding Slitherine grown?.

Hate attack, because they feel Slitherine is joining the iPad side and they hate the iPad, sound stupid, no?.
Someone who has been fired, or a developer who feels rejected for a non accepted game for distribution?.

Two consecutive attacks are too much to be just hooliganism.

timmy1
Lieutenant-General - Nashorn
Lieutenant-General - Nashorn
Posts: 3436
Joined: Fri Feb 29, 2008 8:39 pm
Location: Chelmsford, Essex, England

Re: Revenge of Mars!

Post by timmy1 » Sat Mar 10, 2012 9:37 am

Check where Phil Barker was when the two attacks occurred...

shadowdragon
Brigadier-General - Elite Grenadier
Brigadier-General - Elite Grenadier
Posts: 2043
Joined: Sat Nov 28, 2009 7:29 pm
Location: Manotick, Ontario, Canada

Re: Revenge of Mars!

Post by shadowdragon » Sat Mar 10, 2012 4:00 pm

Gersen wrote:
shadowdragon wrote:
enric wrote:Maybe it's a stupid question, but who will be interested in doing this?, and why?,
It's not a stupid question at all. Unfortunately it's not one that's being asked enough (i.e. who asks about security when buying their new mobile phone/tablet?); and many companies hide the fact that they've been a victim (i.e., don't want to lose customer confidence - full credit to slitherine for being up front on this).

Here's a wiki link to a list of the some things that have been going on:

http://en.wikipedia.org/wiki/List_of_cy ... eat_trends

You can google each one of the items listed and get more info, but one thing that you can be sure of is that the cyber threat world has moved waaaay beyond the geek in his basement/bedroom/garage doing a little bit of hacking.
But "why"? I don't get it. I understand motives behind crippling large corporations, Govt websites etc. But a wargaming hobby site? :roll:
As mentioned above there's two main reasons - profit (the primary one these days) and hate. I certainly can't speak to the specifics of this attack and probably slitherine shouldn't as it would be under investigation, but in the "profit camp" we have identity theft (not just credit card info, but addresses, names, passwords, etc. which could be amalgamated with info from other sites), testing capability, demonstrating capability, extortion, industrial espionage (stealing proprietary info), embedding malicious software in downloadable legitimate slitherine software, gaining access to servers (to gain control, gateway to more interesting systems), etc., etc. Remember you might only be seeing a piece of a larger game.

You might probably already know this, but, statistically, the odds are that your home computer is part of someone's bot-net (i.e., part of network of computers controlled by someone who would rent use of the network). Your anti-virus software probably won't detect the code since this type of code isn't as visible as the usual virus-type software.

Kudos to slitherine for acting responsibly and promptly, which means they seem to have excellent IT security awareness.

hazelbark
General - Carrier
General - Carrier
Posts: 4957
Joined: Tue Feb 13, 2007 9:53 pm
Location: Capital of the World !!

Re: Revenge of Mars!

Post by hazelbark » Tue Mar 13, 2012 4:02 am

timmy1 wrote:Check where Phil Barker was when the two attacks occurred...
He'sin the clear. Phil has yet to turn on the power switch to his slide rule. Computer. Don't be daft, you know they are a fad.

Post Reply

Return to “News & Announcements”