1 post • joined 28 Sep 2011
Some clarification on UKChatterbox
Quote: "Although one user accused UKChatterbox of a succession of basic security errors and subsequent cover-ups, we have a lot of sympathy for the site. Running an IRC channel – which often becomes a magnet for flame wars, hack attacks and squabbles"
I, being that "one user" being referenced, used to be staff on the service. Firstly, UKChatterbox is not your average IRC network, so flame wars, net/irc wars aren't an issue. They don't describe themselves as an IRC net, they're a "web-chat service", they are the largest "web-chat" service of it's sort in the UK with over 2 million users, over 2 thousand on-site at any time.
The security errors have been acknowledged, they range from mysql injections which allowed access to the user database (the reason for the password resets), through to other human-errors on their staffs part with regards to the complexity of passwords and password reset procedures.
Until the "password reset announcement" they hadn't once admitted or acknowledged any of the activities to it's users/chatters for two months, but communication in-house did mention them. What the users got was numerous notices about server/hardware failure, maintenance and upgrades.
So whilst I don't wish to inflame the situation (apparently some of the staff have taken this very personally), the reason for the forced password resets and the accompanying recommendations on email security is that multiple tables in the database have been accessed, with plaintext passwords in-use, over 90% of users use the same passwords on multiple sites.
- Asteroids as powerful as NUCLEAR BOMBS strike Earth TWICE YEARLY
- Review Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
- Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
- Feature Reg man builds smart home rig, gains SUPREME CONTROL of DOMAIN – Pics
- HTC mulls swoop for Nokia's MASSIVE Chennai plant