Go Down

Topic: Warning - Porn links on Login (Read 1 time) previous topic - next topic

mastrolinux

I do not think disclosing the name publicly is a good idea. In addition I have to collect all the evidences and be 100% sire, now I am at 99%

I reported the url to the registrar for abuse. Let's see what happens.


LarryD

Than you for fixing site problems, this is greatly appreciated.


However, on this forum, maybe next time your team could acknowledge sooner that a problem is being investigated.

Your users are worthy of information.


One more time, thank you!

.
No technical PMs.
The last thing you did is where you should start looking.

Nick Gammon

LOL at the number of threads created on this subject. Hey, it helps resolve things if you put stuff in the same place! I've locked all the other ones I could find. :)
Please post technical questions on the forum, not by personal message. Thanks!

More info:
http://www.gammon.com.au/electronics

travis_farmer

I would like to chime in and say thank you as well. I know i spent a pretty good deal of time trying to catch the bug, and found it to be very frustrating. I am very glad it was located and fixed.

~Travis
Currently trying to build a DIY CNC machine.

Riva

I would like to chime in and say thank you as well. I know i spent a pretty good deal of time trying to catch the bug, and found it to be very frustrating. I am very glad it was located and fixed.
It did take a long time from my first flagging up the google.ga site here to something being done.  :(
Don't PM me for help as I will ignore it.

Nick Gammon

It's taking a long time for me to get the NBN in my suburb. And after hearing recent reports from people who have it, I'm in no hurry.

Please post technical questions on the forum, not by personal message. Thanks!

More info:
http://www.gammon.com.au/electronics

pert

Great explanation mastrolinux, thanks!

ElCaron

Quote
What data where got stolen?

Nothing, because that js that we inspected the first thing it does is a redirect and once you are out of arduino.cc domains you cannot read any data from the js. In addition we had a  security mitigation not allowing untrusted js to read cookies where we store the session.
I have doubts about this.
1. People have reported different issues, on different platforms. You might not have investigated each and every script that was used over time.
2. Cookies are not the issue. A Javascript could have read the input field during typing, revealing the unhashed login data of a user.

The only responsible thing to say here is: "Yes, it was technically possible that login data was stolen. Change you passwords." But it also wasn't exactly responsible to let a compromised board online for so long.

Go Up
 


Please enter a valid email to subscribe

Confirm your email address

We need to confirm your email address.
To complete the subscription, please click the link in the email we just sent you.

Thank you for subscribing!

Arduino
via Egeo 16
Torino, 10131
Italy