1 post • joined 28 Sep 2011
Some clarification on UKChatterbox
Quote: "Although one user accused UKChatterbox of a succession of basic security errors and subsequent cover-ups, we have a lot of sympathy for the site. Running an IRC channel – which often becomes a magnet for flame wars, hack attacks and squabbles"
I, being that "one user" being referenced, used to be staff on the service. Firstly, UKChatterbox is not your average IRC network, so flame wars, net/irc wars aren't an issue. They don't describe themselves as an IRC net, they're a "web-chat service", they are the largest "web-chat" service of it's sort in the UK with over 2 million users, over 2 thousand on-site at any time.
The security errors have been acknowledged, they range from mysql injections which allowed access to the user database (the reason for the password resets), through to other human-errors on their staffs part with regards to the complexity of passwords and password reset procedures.
Until the "password reset announcement" they hadn't once admitted or acknowledged any of the activities to it's users/chatters for two months, but communication in-house did mention them. What the users got was numerous notices about server/hardware failure, maintenance and upgrades.
So whilst I don't wish to inflame the situation (apparently some of the staff have taken this very personally), the reason for the forced password resets and the accompanying recommendations on email security is that multiple tables in the database have been accessed, with plaintext passwords in-use, over 90% of users use the same passwords on multiple sites.
- Breaking news: Google exec in terrifying SKY PLUNGE DRAMA
- Geek's Guide to Britain Kingston's aviation empire: From industry firsts to Airfix heroes
- Analysis Happy 2nd birthday, Windows 8 and Surface: Anatomy of a disaster
- Google chief Larry Page gives Sundar Pichai keys to the kingdom
- Adobe spies on readers: EVERY DRM page turn leaked to base over SSL