Revenge of Mars!
Moderator: Slitherine Core
-
- Site Admin
- Posts: 13558
- Joined: Fri Apr 01, 2005 10:19 am
Revenge of Mars!
It's been another long night and hard day with further sustained malicious attacks on the Slitherine server. We had to take the site offline to protect it and repair the damage and after many hours we're now back online.
The latest attack was completely different to the initial one and affected the server in a different way. While the changes we made did not stop the attack, this time we were able to trace how they got in and added extra protection to ensure this cannot happen again. In addition we were able to trace the IP address where the attack originated which is a huge step forwards in tracking down who did this.
As a result of the latest attack we have unfortunately lost some more data. This means any multiplayer turns played on the 8th March will be lost and games will revert to their state on the 7th March. We have also lost forum posts from the 8th March. The PBEM system is not fully online yet but we will have it back up in the next couple of hours.
We'd like to apologise again for any inconvenience. Thanks for your continued patience and support.
The latest attack was completely different to the initial one and affected the server in a different way. While the changes we made did not stop the attack, this time we were able to trace how they got in and added extra protection to ensure this cannot happen again. In addition we were able to trace the IP address where the attack originated which is a huge step forwards in tracking down who did this.
As a result of the latest attack we have unfortunately lost some more data. This means any multiplayer turns played on the 8th March will be lost and games will revert to their state on the 7th March. We have also lost forum posts from the 8th March. The PBEM system is not fully online yet but we will have it back up in the next couple of hours.
We'd like to apologise again for any inconvenience. Thanks for your continued patience and support.
Re: Revenge of Mars!
Go get them!
Re: Revenge of Mars!
Good Job Guys....Hang em by their, well ya know what I mean.
From what I am gathering, we can (and I did get on the regular forum), but I might be the first one on there. I still can't get my password to get into games but I t DOES work here and the Forum. Hope that helps some.
From what I am gathering, we can (and I did get on the regular forum), but I might be the first one on there. I still can't get my password to get into games but I t DOES work here and the Forum. Hope that helps some.
Re: Revenge of Mars!
Maybe it's a stupid question, but who will be interested in doing this?, and why?,
-
- Field of Glory Moderator
- Posts: 1506
- Joined: Mon Jul 02, 2007 11:51 am
Re: Revenge of Mars!
Iain, do you recommend changing passwords? No idea how far in they got.
-
- Site Admin
- Posts: 13558
- Joined: Fri Apr 01, 2005 10:19 am
Re: Revenge of Mars!
No need to change passwords - all passwords are stored hashed which means there is no way to work them out.
-
- Brigadier-General - Elite Grenadier
- Posts: 2048
- Joined: Sat Nov 28, 2009 7:29 pm
- Location: Manotick, Ontario, Canada
Re: Revenge of Mars!
It's not a stupid question at all. Unfortunately it's not one that's being asked enough (i.e. who asks about security when buying their new mobile phone/tablet?); and many companies hide the fact that they've been a victim (i.e., don't want to lose customer confidence - full credit to slitherine for being up front on this).enric wrote:Maybe it's a stupid question, but who will be interested in doing this?, and why?,
Here's a wiki link to a list of the some things that have been going on:
http://en.wikipedia.org/wiki/List_of_cy ... eat_trends
You can google each one of the items listed and get more info, but one thing that you can be sure of is that the cyber threat world has moved waaaay beyond the geek in his basement/bedroom/garage doing a little bit of hacking.
-
- Lance Corporal - Panzer IA
- Posts: 17
- Joined: Wed Mar 07, 2012 3:43 pm
Re: Revenge of Mars!
That's only true as long as they are salted, i.e randomness added when they are hashed. This is one oversight many hacked companies have made and embarrassed publicly by Anonymous and LulzSec over the past two years. These companies were naive enough to not add any randomness to the hashed passwords.iainmcneil wrote:No need to change passwords - all passwords are stored hashed which means there is no way to work them out.
Without randomness, it means the same passwords were hashed to the exact same value. So hackers just correlated those with the most popular passwords like Password1 and could make a pretty good guess what the passwords are.
So please double check that the passwords are salted, aka SSHA (secure salted hashing algorithm).
Re: Revenge of Mars!
But "why"? I don't get it. I understand motives behind crippling large corporations, Govt websites etc. But a wargaming hobby site?shadowdragon wrote:It's not a stupid question at all. Unfortunately it's not one that's being asked enough (i.e. who asks about security when buying their new mobile phone/tablet?); and many companies hide the fact that they've been a victim (i.e., don't want to lose customer confidence - full credit to slitherine for being up front on this).enric wrote:Maybe it's a stupid question, but who will be interested in doing this?, and why?,
Here's a wiki link to a list of the some things that have been going on:
http://en.wikipedia.org/wiki/List_of_cy ... eat_trends
You can google each one of the items listed and get more info, but one thing that you can be sure of is that the cyber threat world has moved waaaay beyond the geek in his basement/bedroom/garage doing a little bit of hacking.
Re: Revenge of Mars!
I think there are two main ways to try to understand reason behind this: profit or hate.
Profit. What economical profit could be obtained attaching a wargaming hobby site?, well maybe getting the VISAS of customers. but has really Slitherine this info? or is the PayPal or similar who keeps it?. Or the profit will come from avoiding Slitherine grown?.
Hate attack, because they feel Slitherine is joining the iPad side and they hate the iPad, sound stupid, no?.
Someone who has been fired, or a developer who feels rejected for a non accepted game for distribution?.
Two consecutive attacks are too much to be just hooliganism.
Profit. What economical profit could be obtained attaching a wargaming hobby site?, well maybe getting the VISAS of customers. but has really Slitherine this info? or is the PayPal or similar who keeps it?. Or the profit will come from avoiding Slitherine grown?.
Hate attack, because they feel Slitherine is joining the iPad side and they hate the iPad, sound stupid, no?.
Someone who has been fired, or a developer who feels rejected for a non accepted game for distribution?.
Two consecutive attacks are too much to be just hooliganism.
-
- Lieutenant-General - Nashorn
- Posts: 3436
- Joined: Fri Feb 29, 2008 8:39 pm
- Location: Chelmsford, Essex, England
Re: Revenge of Mars!
Check where Phil Barker was when the two attacks occurred...
-
- Brigadier-General - Elite Grenadier
- Posts: 2048
- Joined: Sat Nov 28, 2009 7:29 pm
- Location: Manotick, Ontario, Canada
Re: Revenge of Mars!
As mentioned above there's two main reasons - profit (the primary one these days) and hate. I certainly can't speak to the specifics of this attack and probably slitherine shouldn't as it would be under investigation, but in the "profit camp" we have identity theft (not just credit card info, but addresses, names, passwords, etc. which could be amalgamated with info from other sites), testing capability, demonstrating capability, extortion, industrial espionage (stealing proprietary info), embedding malicious software in downloadable legitimate slitherine software, gaining access to servers (to gain control, gateway to more interesting systems), etc., etc. Remember you might only be seeing a piece of a larger game.Gersen wrote:But "why"? I don't get it. I understand motives behind crippling large corporations, Govt websites etc. But a wargaming hobby site?shadowdragon wrote:It's not a stupid question at all. Unfortunately it's not one that's being asked enough (i.e. who asks about security when buying their new mobile phone/tablet?); and many companies hide the fact that they've been a victim (i.e., don't want to lose customer confidence - full credit to slitherine for being up front on this).enric wrote:Maybe it's a stupid question, but who will be interested in doing this?, and why?,
Here's a wiki link to a list of the some things that have been going on:
http://en.wikipedia.org/wiki/List_of_cy ... eat_trends
You can google each one of the items listed and get more info, but one thing that you can be sure of is that the cyber threat world has moved waaaay beyond the geek in his basement/bedroom/garage doing a little bit of hacking.
You might probably already know this, but, statistically, the odds are that your home computer is part of someone's bot-net (i.e., part of network of computers controlled by someone who would rent use of the network). Your anti-virus software probably won't detect the code since this type of code isn't as visible as the usual virus-type software.
Kudos to slitherine for acting responsibly and promptly, which means they seem to have excellent IT security awareness.
-
- General - Carrier
- Posts: 4957
- Joined: Tue Feb 13, 2007 9:53 pm
- Location: Capital of the World !!
Re: Revenge of Mars!
He'sin the clear. Phil has yet to turn on the power switch to his slide rule. Computer. Don't be daft, you know they are a fad.timmy1 wrote:Check where Phil Barker was when the two attacks occurred...