* WalrusIRC

You need to have 5 posts and not be part of restricted usergroups in order to use the WalrusIRC embedded shoutbox. However, you can also access our IRC channel called #CodeWalrus via EFnet.

Author Topic: Important security notice about your CodeWalrus account  (Read 9792 times)

0 Members and 1 Guest are viewing this topic.

Offline xlibman

  • Omni founder & CW co-founder
  • Super User
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 18872
  • Post Rating Ratio: +99/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
Important security notice about your CodeWalrus account
« on: December 06, 2015, 04:31:35 am »
We were supposed to have a programming contest and a newsletter tomorrow, but first, we have some much more important news for all of our forum members, which will also be included in the newsletter header, which will also exceptionally be sent to every member, regardless of if they have opted in or out of e-mail notifications:


Yesterday, Omnimaga got hacked and both KermMartian and Geekboy1011's accounts were compromised elsewhere. The Omnimaga website has since been restored after hours of downtime, but the database content has been leaked and compromised. This includes all members personal information, ranging from private messages to passwords. According to Eeems, it looks like SMF doesn't salt+hash their passwords in a very secure way, something very possible due to how quickly the hacker managed to get Kerm and Geek's password. The passwords were re-used to attempt logging in on Cemetech.

If you have an Omnimaga account, then we heavily recommend that you change your password on any website (including CodeWalrus) on which you used the same password and we recommend that you use different passwords everywhere. No matter how hard it is for the hacker to decrypt the passwords, it's better to be safe than sorry!

We do not know how the attack occurred, we know that Omnimaga was two SMF versions behind and Omnimaga was not the only place attacked, as one of KermMartian e-mail account was also hit. Also, according to the Omnimaga topic and their IRC logs, the IP address used by the hacker is from France (although we do not know what it is).

On our side, we are going to investigate about what the IP address is and if it was used on CodeWalrus and our servers.

Source:
https://www.omnimaga.org/news/downtime-22209/
http://chat.eeems.ca/?server=irc.omnimaga.org%206667&channel=omnimaga&date=Sat%20Dec%2005%202015
« Last Edit: December 06, 2015, 04:40:58 am by DJ Omnimaga »


  • Calculators owned: TI-57, 73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline bb010g

  • Full User
  • Safe-haven access
  • Join Date: Dec 2014
  • Location: Seattle, WA
  • Posts: 93
  • Post Rating Ratio: +1/-1
  • I do stuff, I guess
    • @bb010g
    • bb010g
    • /u/bb010g
    • bb010g
  • Gender: Male
This is also a good time to bring up password managers. (Anytime is a good time, really.)

KeePass and KeePassX are solid.
pass is simple (in the Unix way) and on pretty much all platforms if you're willing to put in some setup.
1Password is very nice, but closed source and not on Linux.
  • Calculators owned: HP 50g, Prime, 28S, 35S, Casio Prizm, dead Nspire CX CAS

Offline xlibman

  • Omni founder & CW co-founder
  • Super User
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 18872
  • Post Rating Ratio: +99/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
We're out of luck so far to get the hacker IP address, because all Omni admins are offline. Ideally the other sites should do a forum scan of that IP in case it matches someone there. That's unless the hacker was using Tor or a proxy, though, then maybe we're out of luck.

I notified Planète-Casio of the attack because some of their members have Omnimaga accounts.

Thanks for the programs by the way. I just hope there is a way to retrieve the passwords from them so if my computer crashes and has to be reformated, then I am not locked out of all my Internet accounts.

EDIT: @Juju got one suspicious IP address, and is running scans on our server right now. Please report here once done.

He gave me the IP and I did scans on the forums. No matches could be found:
https://usercontent.irccloud-cdn.com/file/3EzvCLx2/
« Last Edit: December 06, 2015, 07:31:14 am by DJ Omnimaga »
  • Calculators owned: TI-57, 73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Online Juju

  • aka Yuki Kagayaki aka J̵̭͕͇ù̞̭̝̯̦j̴̭̙̗͖͡ù͏͓̲̕
  • CodeWalrus Staff
  • Super User
  • Server Maintenance
  • Moderator
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Inside a walrus
  • Posts: 3131
  • Post Rating Ratio: +32/-2
  • Couch potato
    • jul.savard
    • juju2143
    • @juju2143
    • juju2143
    • @julosoft
    • juju-kun
    • /u/juju2143
    • juju2143
    • @juju2143
    • Juju's shed
  • Gender: Female
  • WalriiPoints: 99999
Found 2 matches in the logs, both seems to be images linked from Omnimaga or TI-Planet. Also me looking for that IP. Nothing found here, really.
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
  • Consoles, mobile devices and vintage computers owned: A lot
On semi-hiatus until who knows when. CODEWALRUS 2.0 COMING SOON
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

if you wanna throw money at me and/or CodeWalrus monthly it's here

Offline xlibman

  • Omni founder & CW co-founder
  • Super User
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 18872
  • Post Rating Ratio: +99/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
Apparently, there was a lot of stuff on TI-Planet, though, in the server logs.

EDIT: According to Kerm, the password was freely given to the hacker. He also finds it weird that most recent community attacks and trolling always target Omni and Cemetech (eg Ephraim ban evasion, the sucks.fyi trolling via strange hostnames and now this) and never other sites.
« Last Edit: December 06, 2015, 09:18:12 am by DJ Omnimaga »
  • Calculators owned: TI-57, 73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline Snektron

  • Lvl 69 Russian Snake
  • Super User
  • Join Date: Dec 2014
  • Location: Netherlands
  • Posts: 3165
  • Post Rating Ratio: +32/-0
  • SSSssssss.....
    • RobinDeWalvis
    • Kzyrox
    • RobinDeWalvis
    • quantuminfinity
  • Gender: Male
Well, he suck.fyi guy was here too. Also i've updated my password too :)
  • Calculators owned: TI-84+
Legends say if you spam more than DJ Omnimaga, you will become a walrus...


Offline Streetwalrus

  • Professional slacker
  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location: Israel
  • Posts: 2903
  • Post Rating Ratio: +20/-0
  • ƎW∀⅁ ƎH⊥
  • Gender: Male
This is also a good time to bring up password managers. (Anytime is a good time, really.)

KeePass and KeePassX are solid.
pass is simple (in the Unix way) and on pretty much all platforms if you're willing to put in some setup.
1Password is very nice, but closed source and not on Linux.
Indeed, it's high time I switched to something like that. Thanks for the recommendations.
  • Calculators owned: TI-80, HP 40G, TI-84 Plus rev G (yay 128k RAM), TI-83 Plus Silver Edition (broken LCD), TI-82 Stats.fr (black), TI-Nspire CX rev C (yay Nlaunchy), TI-83+ SE ViewScreen



Offline Snektron

  • Lvl 69 Russian Snake
  • Super User
  • Join Date: Dec 2014
  • Location: Netherlands
  • Posts: 3165
  • Post Rating Ratio: +32/-0
  • SSSssssss.....
    • RobinDeWalvis
    • Kzyrox
    • RobinDeWalvis
    • quantuminfinity
  • Gender: Male
We used KeePassX on my dad's linux computer. The problem was he deleted the database one time and said it was my own fault <_<
  • Calculators owned: TI-84+
Legends say if you spam more than DJ Omnimaga, you will become a walrus...


Offline brentmaas

  • Full User
  • Join Date: Jan 2015
  • Location: Netherlands
  • Posts: 172
  • Post Rating Ratio: +2/-0
  • Java > all, fite me
    • brentmaas
  • Gender: Male
  • WalriiPoints: 25
I tried a bit of research into the IP, but all I could find was a physical adress.
Lel I glitched Omni

Offline Streetwalrus

  • Professional slacker
  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location: Israel
  • Posts: 2903
  • Post Rating Ratio: +20/-0
  • ƎW∀⅁ ƎH⊥
  • Gender: Male
Just set pass up and changed most of my passwords for 32 character passwords, different for each site. I suppose that's enough to keep me covered. :P
  • Calculators owned: TI-80, HP 40G, TI-84 Plus rev G (yay 128k RAM), TI-83 Plus Silver Edition (broken LCD), TI-82 Stats.fr (black), TI-Nspire CX rev C (yay Nlaunchy), TI-83+ SE ViewScreen



Offline xlibman

  • Omni founder & CW co-founder
  • Super User
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 18872
  • Post Rating Ratio: +99/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
32 chars is a bad idea imho. Some sites upgrade their softwares and end up lowering the max lenght in fields and I remember yAronet password or nickname change field allowed more chars than than the login fields and I was unable to login anymore. 24 chars is safer against such admin mishaps.
  • Calculators owned: TI-57, 73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline Travis

  • Full User
  • Safe-haven access
  • Join Date: Jan 2015
  • Location:
  • Posts: 126
  • Post Rating Ratio: +3/-0
    • 8361
  • Gender: Male
Thanks for the programs by the way. I just hope there is a way to retrieve the passwords from them so if my computer crashes and has to be reformated, then I am not locked out of all my Internet accounts.

KeePassX saves the database in a location you specify, so if you keep that file backed up and don't forget the master password to decrypt it, you should be fine. It can also export everything to a .txt file in case you need that.
  • Calculators owned: TI-81, TI-82, TI-85, TI-86, TI-89, TI-89 Titanium, 2 × HP 50g
ticalc.org staff member—http://www.ticalc.org/

Offline critor

  • Full User
  • Join Date: Dec 2014
  • Location:
  • Posts: 191
  • Post Rating Ratio: +6/-0
According to Kerm, the password was freely given to the hacker. He also finds it weird that most recent community attacks and trolling always target Omni and Cemetech (eg Ephraim ban evasion, the sucks.fyi trolling via strange hostnames and now this) and never other sites.

How would he know about other sites ? Is he omniscient ?

And apparently, he quickly forgot about this :
https://codewalr.us/index.php?topic=647.0

Online Juju

  • aka Yuki Kagayaki aka J̵̭͕͇ù̞̭̝̯̦j̴̭̙̗͖͡ù͏͓̲̕
  • CodeWalrus Staff
  • Super User
  • Server Maintenance
  • Moderator
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Inside a walrus
  • Posts: 3131
  • Post Rating Ratio: +32/-2
  • Couch potato
    • jul.savard
    • juju2143
    • @juju2143
    • juju2143
    • @julosoft
    • juju-kun
    • /u/juju2143
    • juju2143
    • @juju2143
    • Juju's shed
  • Gender: Female
  • WalriiPoints: 99999
Well, the most recent ones, as in, the last 3 incidents or so. He knows about other sites because we told him so.
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
  • Consoles, mobile devices and vintage computers owned: A lot
On semi-hiatus until who knows when. CODEWALRUS 2.0 COMING SOON
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

if you wanna throw money at me and/or CodeWalrus monthly it's here

Offline xlibman

  • Omni founder & CW co-founder
  • Super User
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 18872
  • Post Rating Ratio: +99/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
Guys, I found something strange on Omnimaga: Netham45 account is no longer listed in the member list (even if we do a search) and he isn't in the staff list either. I don't know how long it has been like that, though:

https://www.omnimaga.org/team

His account is still intact, but he is no longer in the staff groups and his signature changed was changed to "Omnimaga admin" instead of the broken Space Invader animation. He also last logged in on December 4th 2015.


Normally, when an existing SMF forum account no longer shows up in the member list, this means it is currently banned. Did he ask that on request due to a long hiatus or was his account compromised?


EDIT: An attempt to break into @Ivoah forum account on CodeWalrus has been recorded over three hours ago:

Quote
IP address   Display name   Message   Date
90.11.159.131   Guest   Password incorrect - Ivoah
?action=login2   Today at 07:34:23 pm

EDIT: There was also an attempt by 80.119.166.103 to login into my account, but it doesn't match anything else out of the ordinary on the forums. Mind doing a scan on CW server @Juju and on TI-Planet @Adriweb ? It was over an hour before Ivoah account was hit.
« Last Edit: December 07, 2015, 04:00:12 am by DJ Omnimaga »
  • Calculators owned: TI-57, 73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

 


You can also use the following HTML or bulletin board code to share it on your page or forum signature!


Also do not forget to check our affiliates below.
Planet Casio TI-Planet Calc.news BroniesQC BosaikNet Velocity Games