Total Posts:27|Showing Posts:1-27
Jump to topic:

MOD OR ADMIN question about my old account

East2
Posts: 1
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 12:11:25 AM
Posted: 6 months ago
This is my 3rd account on DDO. I keep having to make new ones because I forget my old usernames and emails and passwords. My old username is East. Is there anyway the mod or admin can email me here, or on my personal email account for this address, and remind me of the email account I used to sign up with East? I can probably remember my password on my own. Then I can delete this account. Thanks.
1harderthanyouthink
Posts: 13,102
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 12:14:06 AM
Posted: 6 months ago
I remember you.

You can talk to Airmax1227 about it. I don't know what will happen, though.
"It's awfully considerate of you to think of me here,
And I'm much obliged to you for making it clear - that I'm not here."

-Syd Barrett

DDO Risk King
PetersSmith
Posts: 5,839
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 12:58:10 AM
Posted: 6 months ago
At 5/19/2016 12:11:25 AM, East2 wrote:
This is my 3rd account on DDO. I keep having to make new ones because I forget my old usernames and emails and passwords. My old username is East. Is there anyway the mod or admin can email me here, or on my personal email account for this address, and remind me of the email account I used to sign up with East? I can probably remember my password on my own. Then I can delete this account. Thanks.

How about, you know, write it down?
Empress of DDO (also Poll and Forum "Maintenance" Moderator)

"The two most important days in your life is the day you were born, and the day you find out why."
~Mark Twain

"Wow"
-Doge

"Don't believe everything you read on the internet just because there's a picture with a quote next to it."
~Abraham Lincoln

Guide to the Polls Section: http://www.debate.org...
TBR
Posts: 9,991
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 1:28:49 AM
Posted: 6 months ago
At 5/19/2016 12:11:25 AM, East2 wrote:
This is my 3rd account on DDO. I keep having to make new ones because I forget my old usernames and emails and passwords. My old username is East. Is there anyway the mod or admin can email me here, or on my personal email account for this address, and remind me of the email account I used to sign up with East? I can probably remember my password on my own. Then I can delete this account. Thanks.

I don't see how he is going to be able to give you the email account behind a ID. That would be a huge security issue.

Lets say I want to get the email account of a old member. I just make a new account as and ask the admin for the email account associated with ? Yea, I would not give this to you.
Danielle
Posts: 21,330
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 1:31:47 AM
Posted: 6 months ago
At 5/19/2016 1:28:49 AM, TBR wrote:
I don't see how he is going to be able to give you the email account behind a ID. That would be a huge security issue.

Even if the admin gives him the e-mail address, he's not giving him the password.
President of DDO
TBR
Posts: 9,991
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 1:34:19 AM
Posted: 6 months ago
At 5/19/2016 1:31:47 AM, Danielle wrote:
At 5/19/2016 1:28:49 AM, TBR wrote:
I don't see how he is going to be able to give you the email account behind a ID. That would be a huge security issue.

Even if the admin gives him the e-mail address, he's not giving him the password.

Yea, whats you private email address? Want to give it to some random person on the internet claiming - no seriously, I AM this guy.

It is like security 101.
Danielle
Posts: 21,330
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 1:35:32 AM
Posted: 6 months ago
At 5/19/2016 1:34:19 AM, TBR wrote:
Yea, whats you private email address? Want to give it to some random person on the internet claiming - no seriously, I AM this guy.

It is like security 101.

Sure. DanielleOfAllTrades @gmail.com

Have at it.
President of DDO
TBR
Posts: 9,991
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 1:36:51 AM
Posted: 6 months ago
At 5/19/2016 1:35:32 AM, Danielle wrote:
At 5/19/2016 1:34:19 AM, TBR wrote:
Yea, whats you private email address? Want to give it to some random person on the internet claiming - no seriously, I AM this guy.

It is like security 101.

Sure. DanielleOfAllTrades @gmail.com

Have at it.

Great. Look forward to the porn.
Danielle
Posts: 21,330
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 1:38:03 AM
Posted: 6 months ago
At 5/19/2016 1:36:51 AM, TBR wrote:
Great. Look forward to the porn.

Cool. I'm sure if it was 1999 I'd have trouble filtering through it.
President of DDO
TBR
Posts: 9,991
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 1:40:30 AM
Posted: 6 months ago
At 5/19/2016 1:38:03 AM, Danielle wrote:
At 5/19/2016 1:36:51 AM, TBR wrote:
Great. Look forward to the porn.

Cool. I'm sure if it was 1999 I'd have trouble filtering through it.

You are totally missing the point, but whatever. Just don't pursue a job in IT, OK?
airmax1227
Posts: 13,241
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 1:43:59 AM
Posted: 6 months ago
At 5/19/2016 12:11:25 AM, East2 wrote:
This is my 3rd account on DDO. I keep having to make new ones because I forget my old usernames and emails and passwords. My old username is East. Is there anyway the mod or admin can email me here, or on my personal email account for this address, and remind me of the email account I used to sign up with East? I can probably remember my password on my own. Then I can delete this account. Thanks.

Please accept my friend request or send me a PM.
Debate.org Moderator
airmax1227
Posts: 13,241
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 1:46:12 AM
Posted: 6 months ago
At 5/19/2016 1:28:49 AM, TBR wrote:
At 5/19/2016 12:11:25 AM, East2 wrote:
This is my 3rd account on DDO. I keep having to make new ones because I forget my old usernames and emails and passwords. My old username is East. Is there anyway the mod or admin can email me here, or on my personal email account for this address, and remind me of the email account I used to sign up with East? I can probably remember my password on my own. Then I can delete this account. Thanks.

I don't see how he is going to be able to give you the email account behind a ID. That would be a huge security issue.

This information is available in the admin.

Lets say I want to get the email account of a old member. I just make a new account as and ask the admin for the email account associated with ? Yea, I would not give this to you.

Right, except I'm not stupid. I know how to tell if someone is trying to find out someone's information or the issue is legit. This also isn't some type of gut feeling thing, it is easily verifiable (using methods I'm sure you can figure out).
Debate.org Moderator
TBR
Posts: 9,991
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 1:50:28 AM
Posted: 6 months ago
At 5/19/2016 1:46:12 AM, airmax1227 wrote:
At 5/19/2016 1:28:49 AM, TBR wrote:
At 5/19/2016 12:11:25 AM, East2 wrote:
This is my 3rd account on DDO. I keep having to make new ones because I forget my old usernames and emails and passwords. My old username is East. Is there anyway the mod or admin can email me here, or on my personal email account for this address, and remind me of the email account I used to sign up with East? I can probably remember my password on my own. Then I can delete this account. Thanks.

I don't see how he is going to be able to give you the email account behind a ID. That would be a huge security issue.

This information is available in the admin.

Lets say I want to get the email account of a old member. I just make a new account as and ask the admin for the email account associated with ? Yea, I would not give this to you.

Right, except I'm not stupid. I know how to tell if someone is trying to find out someone's information or the issue is legit. This also isn't some type of gut feeling thing, it is easily verifiable (using methods I'm sure you can figure out).

Its entirely up to you. What is being missed by the other poster is.

1) It is entirely up to an individual what they want to post about themselves. Full names, home addresses, all up to them.
2) An admin (you in this case) has a responsibility to safeguard data. Why someone might want a personal email address is not even the issue, that someone is asking for the information should raise flags regardless how benign the request seems.
3) If you, the admin, verify him someway, great. I still question breaking a security model in a casual fashion.

Then again. My background is banking, security, and government, so... My concerns for passing audits and not getting tossed in jail are huge.
airmax1227
Posts: 13,241
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 2:00:23 AM
Posted: 6 months ago
At 5/19/2016 1:50:28 AM, TBR wrote:
At 5/19/2016 1:46:12 AM, airmax1227 wrote:
At 5/19/2016 1:28:49 AM, TBR wrote:
At 5/19/2016 12:11:25 AM, East2 wrote:
This is my 3rd account on DDO. I keep having to make new ones because I forget my old usernames and emails and passwords. My old username is East. Is there anyway the mod or admin can email me here, or on my personal email account for this address, and remind me of the email account I used to sign up with East? I can probably remember my password on my own. Then I can delete this account. Thanks.

I don't see how he is going to be able to give you the email account behind a ID. That would be a huge security issue.

This information is available in the admin.

Lets say I want to get the email account of a old member. I just make a new account as and ask the admin for the email account associated with ? Yea, I would not give this to you.

Right, except I'm not stupid. I know how to tell if someone is trying to find out someone's information or the issue is legit. This also isn't some type of gut feeling thing, it is easily verifiable (using methods I'm sure you can figure out).

Its entirely up to you. What is being missed by the other poster is.

1) It is entirely up to an individual what they want to post about themselves. Full names, home addresses, all up to them.
2) An admin (you in this case) has a responsibility to safeguard data. Why someone might want a personal email address is not even the issue, that someone is asking for the information should raise flags regardless how benign the request seems.
3) If you, the admin, verify him someway, great. I still question breaking a security model in a casual fashion.

Then again. My background is banking, security, and government, so... My concerns for passing audits and not getting tossed in jail are huge.

Sure, I get all that, and to be clear, this isn't something I'm at all casual about. I thoroughly investigate the issue each time these things are asked, and unless I'm 100% confident that the issue is legitimate (that it is their former account, and that it is valid that they access the account again), I'm not going to provide someone with the information. I realize that you are pointing this out for people who may not get this, but it's not something that I need to be convinced of. I take any type of private information very seriously and there are procedures for how these things are dealt with to prevent access to someone who shouldn't have it.
Debate.org Moderator
TheGreatAndPowerful
Posts: 3,012
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 2:04:24 AM
Posted: 6 months ago
@TBR:

Your point is well taken, though I am credulous regarding the mod's ability to validate this person's connection with the account in question.

That said, security on this site is not a high priority. lol. It's been hacked before, has had issues with input validation, and the password restrictions are laughable.

I'd not put anything on DDO you are uncomfortable anyone else seeing, eventually.
TBR
Posts: 9,991
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 2:08:15 AM
Posted: 6 months ago
At 5/19/2016 2:00:23 AM, airmax1227 wrote:
At 5/19/2016 1:50:28 AM, TBR wrote:
At 5/19/2016 1:46:12 AM, airmax1227 wrote:
At 5/19/2016 1:28:49 AM, TBR wrote:
At 5/19/2016 12:11:25 AM, East2 wrote:
This is my 3rd account on DDO. I keep having to make new ones because I forget my old usernames and emails and passwords. My old username is East. Is there anyway the mod or admin can email me here, or on my personal email account for this address, and remind me of the email account I used to sign up with East? I can probably remember my password on my own. Then I can delete this account. Thanks.

I don't see how he is going to be able to give you the email account behind a ID. That would be a huge security issue.

This information is available in the admin.

Lets say I want to get the email account of a old member. I just make a new account as and ask the admin for the email account associated with ? Yea, I would not give this to you.

Right, except I'm not stupid. I know how to tell if someone is trying to find out someone's information or the issue is legit. This also isn't some type of gut feeling thing, it is easily verifiable (using methods I'm sure you can figure out).

Its entirely up to you. What is being missed by the other poster is.

1) It is entirely up to an individual what they want to post about themselves. Full names, home addresses, all up to them.
2) An admin (you in this case) has a responsibility to safeguard data. Why someone might want a personal email address is not even the issue, that someone is asking for the information should raise flags regardless how benign the request seems.
3) If you, the admin, verify him someway, great. I still question breaking a security model in a casual fashion.

Then again. My background is banking, security, and government, so... My concerns for passing audits and not getting tossed in jail are huge.

Sure, I get all that, and to be clear, this isn't something I'm at all casual about. I thoroughly investigate the issue each time these things are asked, and unless I'm 100% confident that the issue is legitimate (that it is their former account, and that it is valid that they access the account again), I'm not going to provide someone with the information. I realize that you are pointing this out for people who may not get this, but it's not something that I need to be convinced of. I take any type of private information very seriously and there are procedures for how these things are dealt with to prevent access to someone who shouldn't have it.

I know you do, I trust you do.

Sitting on thousands of details, be they email addresses or whatever is much different than what the normal user things about.

I have a hell of a good story (well a number of good security stores) about a bank executive at BankOne (Chase). He "realized" how much actual data the admins had access to and freaked the hell out. I talked to him for a couple hours, but I swear it never occurred to him? Made me wonder how the guy could be making the salary he was.
airmax1227
Posts: 13,241
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 2:10:40 AM
Posted: 6 months ago
At 5/19/2016 2:04:24 AM, TheGreatAndPowerful wrote:
@TBR:

Your point is well taken, though I am credulous regarding the mod's ability to validate this person's connection with the account in question.

That said, security on this site is not a high priority. lol. It's been hacked before, has had issues with input validation, and the password restrictions are laughable.

I'd not put anything on DDO you are uncomfortable anyone else seeing, eventually.

This is a valid point, though I should point out that after the hack you mentioned a lot of effort was put into greater security, and something of that sort hasn't happened since. Still, I think your caution is something members should take seriously.
Debate.org Moderator
airmax1227
Posts: 13,241
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 2:13:45 AM
Posted: 6 months ago
At 5/19/2016 2:08:15 AM, TBR wrote:
At 5/19/2016 2:00:23 AM, airmax1227 wrote:
At 5/19/2016 1:50:28 AM, TBR wrote:
At 5/19/2016 1:46:12 AM, airmax1227 wrote:
At 5/19/2016 1:28:49 AM, TBR wrote:
At 5/19/2016 12:11:25 AM, East2 wrote:
This is my 3rd account on DDO. I keep having to make new ones because I forget my old usernames and emails and passwords. My old username is East. Is there anyway the mod or admin can email me here, or on my personal email account for this address, and remind me of the email account I used to sign up with East? I can probably remember my password on my own. Then I can delete this account. Thanks.

I don't see how he is going to be able to give you the email account behind a ID. That would be a huge security issue.

This information is available in the admin.

Lets say I want to get the email account of a old member. I just make a new account as and ask the admin for the email account associated with ? Yea, I would not give this to you.

Right, except I'm not stupid. I know how to tell if someone is trying to find out someone's information or the issue is legit. This also isn't some type of gut feeling thing, it is easily verifiable (using methods I'm sure you can figure out).

Its entirely up to you. What is being missed by the other poster is.

1) It is entirely up to an individual what they want to post about themselves. Full names, home addresses, all up to them.
2) An admin (you in this case) has a responsibility to safeguard data. Why someone might want a personal email address is not even the issue, that someone is asking for the information should raise flags regardless how benign the request seems.
3) If you, the admin, verify him someway, great. I still question breaking a security model in a casual fashion.

Then again. My background is banking, security, and government, so... My concerns for passing audits and not getting tossed in jail are huge.

Sure, I get all that, and to be clear, this isn't something I'm at all casual about. I thoroughly investigate the issue each time these things are asked, and unless I'm 100% confident that the issue is legitimate (that it is their former account, and that it is valid that they access the account again), I'm not going to provide someone with the information. I realize that you are pointing this out for people who may not get this, but it's not something that I need to be convinced of. I take any type of private information very seriously and there are procedures for how these things are dealt with to prevent access to someone who shouldn't have it.

I know you do, I trust you do.

Sitting on thousands of details, be they email addresses or whatever is much different than what the normal user things about.

I have a hell of a good story (well a number of good security stores) about a bank executive at BankOne (Chase). He "realized" how much actual data the admins had access to and freaked the hell out. I talked to him for a couple hours, but I swear it never occurred to him? Made me wonder how the guy could be making the salary he was.

I think it's something a lot of people are just oblivious to. G&P made a good point though, but it's also true that Juggle is careful about who has access to the admin. There isn't any serious risk to anyone's personal info on DDO currently, but people should be careful on the internet regardless.
Debate.org Moderator
TBR
Posts: 9,991
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 2:27:25 AM
Posted: 6 months ago
At 5/19/2016 2:04:24 AM, TheGreatAndPowerful wrote:
@TBR:

Your point is well taken, though I am credulous regarding the mod's ability to validate this person's connection with the account in question.

That said, security on this site is not a high priority. lol. It's been hacked before, has had issues with input validation, and the password restrictions are laughable.

I'd not put anything on DDO you are uncomfortable anyone else seeing, eventually.

Again, I think people are missing the point, and I am trying to explain WHY a target like DDO IS valuable.

It is NOT hard to get some information on a person. Lets say I want to get your crap. I find you on facebook, poke around, find a link to DDO or a mention etc. Now I have a "soft target" to start exploiting. Just asking for your email address from DDO is a he11 of a lot easier than penetrating Facebook, so here I go. I jsut ask the admin. Now I have an email address. I may even get a little more personal information in the PMs. Friends, links to other information. Even just access to PM others that THINK I am you is valuable. Regardless, I have a new piece of information. I didn't give a rats a$$ about your DDO activity, I wanted the email address, and I got it.

Make sense?
TheGreatAndPowerful
Posts: 3,012
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 11:11:29 AM
Posted: 6 months ago
At 5/19/2016 2:27:25 AM, TBR wrote:
At 5/19/2016 2:04:24 AM, TheGreatAndPowerful wrote:
@TBR:

Your point is well taken, though I am credulous regarding the mod's ability to validate this person's connection with the account in question.

That said, security on this site is not a high priority. lol. It's been hacked before, has had issues with input validation, and the password restrictions are laughable.

I'd not put anything on DDO you are uncomfortable anyone else seeing, eventually.

Again, I think people are missing the point, and I am trying to explain WHY a target like DDO IS valuable.

It is NOT hard to get some information on a person. Lets say I want to get your crap. I find you on facebook, poke around, find a link to DDO or a mention etc. Now I have a "soft target" to start exploiting. Just asking for your email address from DDO is a he11 of a lot easier than penetrating Facebook, so here I go. I jsut ask the admin. Now I have an email address. I may even get a little more personal information in the PMs. Friends, links to other information. Even just access to PM others that THINK I am you is valuable. Regardless, I have a new piece of information. I didn't give a rats a$$ about your DDO activity, I wanted the email address, and I got it.

Make sense?

You're coming off a bid condescending in this post, intentionally or not. I understand what you're talking about. I'm simply relaying to you that there are/were issues beyond this one here that should make one wary of the information they store on this site.

And I'm not talking about "DDO activity." I'm talking about any information you provide, to include anything private, public, profile or otherwise.
TBR
Posts: 9,991
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 3:21:53 PM
Posted: 6 months ago
At 5/19/2016 11:11:29 AM, TheGreatAndPowerful wrote:
At 5/19/2016 2:27:25 AM, TBR wrote:
At 5/19/2016 2:04:24 AM, TheGreatAndPowerful wrote:
@TBR:

Your point is well taken, though I am credulous regarding the mod's ability to validate this person's connection with the account in question.

That said, security on this site is not a high priority. lol. It's been hacked before, has had issues with input validation, and the password restrictions are laughable.

I'd not put anything on DDO you are uncomfortable anyone else seeing, eventually.

Again, I think people are missing the point, and I am trying to explain WHY a target like DDO IS valuable.

It is NOT hard to get some information on a person. Lets say I want to get your crap. I find you on facebook, poke around, find a link to DDO or a mention etc. Now I have a "soft target" to start exploiting. Just asking for your email address from DDO is a he11 of a lot easier than penetrating Facebook, so here I go. I jsut ask the admin. Now I have an email address. I may even get a little more personal information in the PMs. Friends, links to other information. Even just access to PM others that THINK I am you is valuable. Regardless, I have a new piece of information. I didn't give a rats a$$ about your DDO activity, I wanted the email address, and I got it.

Make sense?

You're coming off a bid condescending in this post, intentionally or not. I understand what you're talking about. I'm simply relaying to you that there are/were issues beyond this one here that should make one wary of the information they store on this site.

And I'm not talking about "DDO activity." I'm talking about any information you provide, to include anything private, public, profile or otherwise.

While I am not intending to be condescending - at least not now - I am shifting the discussion a bit for a reason. Its an interesting topic past the initial issue. How does an admin of a site like DDO work to protect confidentially, and what are the ramifications of disclosing otherwise benign information in the roll of an administrator?

Hacking works nothing like what is portrayed in a movie. Even the worse security is unlikely to be "hacked" with nothing more than mad computer skills, and when it is hacked, it is by rainbow attack / dictionary attacks / brute force. What happens most often is social engineering just like this. Simple asking people for information that they give up thinking it is nothing. The one piece of information may be nothing, but put in a bowl with all the other information the hacker has gleaned, he gets what he wants.

Think about some conversation about your "first car", or about your pets. Sh1t like that gets passed around all the time on facebook, and I have to giggle a bit. I would rather tell people the first 5 digits of an actual password than the answers to common security questions.

Anyway, I am at this point, just having a conversation about security, not talking about this case. I know airmax has it well in-hand. Figuring out if this guy is who he says he is is very possible for max, but if he had said "no f**king way" I totally would have understood and backed him up. No matter how nice you want to be, breaking a security schema can be very bad for you professionally and financial.
TheGreatAndPowerful
Posts: 3,012
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 6:11:06 PM
Posted: 6 months ago
At 5/19/2016 3:21:53 PM, TBR wrote:
At 5/19/2016 11:11:29 AM, TheGreatAndPowerful wrote:
At 5/19/2016 2:27:25 AM, TBR wrote:
At 5/19/2016 2:04:24 AM, TheGreatAndPowerful wrote:
@TBR:

Your point is well taken, though I am credulous regarding the mod's ability to validate this person's connection with the account in question.

That said, security on this site is not a high priority. lol. It's been hacked before, has had issues with input validation, and the password restrictions are laughable.

I'd not put anything on DDO you are uncomfortable anyone else seeing, eventually.

Again, I think people are missing the point, and I am trying to explain WHY a target like DDO IS valuable.

It is NOT hard to get some information on a person. Lets say I want to get your crap. I find you on facebook, poke around, find a link to DDO or a mention etc. Now I have a "soft target" to start exploiting. Just asking for your email address from DDO is a he11 of a lot easier than penetrating Facebook, so here I go. I jsut ask the admin. Now I have an email address. I may even get a little more personal information in the PMs. Friends, links to other information. Even just access to PM others that THINK I am you is valuable. Regardless, I have a new piece of information. I didn't give a rats a$$ about your DDO activity, I wanted the email address, and I got it.

Make sense?

You're coming off a bid condescending in this post, intentionally or not. I understand what you're talking about. I'm simply relaying to you that there are/were issues beyond this one here that should make one wary of the information they store on this site.

And I'm not talking about "DDO activity." I'm talking about any information you provide, to include anything private, public, profile or otherwise.

While I am not intending to be condescending - at least not now - I am shifting the discussion a bit for a reason. Its an interesting topic past the initial issue. How does an admin of a site like DDO work to protect confidentially, and what are the ramifications of disclosing otherwise benign information in the roll of an administrator?

Hacking works nothing like what is portrayed in a movie. Even the worse security is unlikely to be "hacked" with nothing more than mad computer skills, and when it is hacked, it is by rainbow attack / dictionary attacks / brute force. What happens most often is social engineering just like this. Simple asking people for information that they give up thinking it is nothing. The one piece of information may be nothing, but put in a bowl with all the other information the hacker has gleaned, he gets what he wants.

Think about some conversation about your "first car", or about your pets. Sh1t like that gets passed around all the time on facebook, and I have to giggle a bit. I would rather tell people the first 5 digits of an actual password than the answers to common security questions.

Anyway, I am at this point, just having a conversation about security, not talking about this case. I know airmax has it well in-hand. Figuring out if this guy is who he says he is is very possible for max, but if he had said "no f**king way" I totally would have understood and backed him up. No matter how nice you want to be, breaking a security schema can be very bad for you professionally and financial.

It is an interesting topic. It's been my job for over a decade. And I do like talking about it, But your approach is more of one of lecturing down to people and it's not appreciated.
TBR
Posts: 9,991
Add as Friend
Challenge to a Debate
Send a Message
5/19/2016 9:35:32 PM
Posted: 6 months ago
At 5/19/2016 6:11:06 PM, TheGreatAndPowerful wrote:
At 5/19/2016 3:21:53 PM, TBR wrote:
At 5/19/2016 11:11:29 AM, TheGreatAndPowerful wrote:
At 5/19/2016 2:27:25 AM, TBR wrote:
At 5/19/2016 2:04:24 AM, TheGreatAndPowerful wrote:
@TBR:

Your point is well taken, though I am credulous regarding the mod's ability to validate this person's connection with the account in question.

That said, security on this site is not a high priority. lol. It's been hacked before, has had issues with input validation, and the password restrictions are laughable.

I'd not put anything on DDO you are uncomfortable anyone else seeing, eventually.

Again, I think people are missing the point, and I am trying to explain WHY a target like DDO IS valuable.

It is NOT hard to get some information on a person. Lets say I want to get your crap. I find you on facebook, poke around, find a link to DDO or a mention etc. Now I have a "soft target" to start exploiting. Just asking for your email address from DDO is a he11 of a lot easier than penetrating Facebook, so here I go. I jsut ask the admin. Now I have an email address. I may even get a little more personal information in the PMs. Friends, links to other information. Even just access to PM others that THINK I am you is valuable. Regardless, I have a new piece of information. I didn't give a rats a$$ about your DDO activity, I wanted the email address, and I got it.

Make sense?

You're coming off a bid condescending in this post, intentionally or not. I understand what you're talking about. I'm simply relaying to you that there are/were issues beyond this one here that should make one wary of the information they store on this site.

And I'm not talking about "DDO activity." I'm talking about any information you provide, to include anything private, public, profile or otherwise.

While I am not intending to be condescending - at least not now - I am shifting the discussion a bit for a reason. Its an interesting topic past the initial issue. How does an admin of a site like DDO work to protect confidentially, and what are the ramifications of disclosing otherwise benign information in the roll of an administrator?

Hacking works nothing like what is portrayed in a movie. Even the worse security is unlikely to be "hacked" with nothing more than mad computer skills, and when it is hacked, it is by rainbow attack / dictionary attacks / brute force. What happens most often is social engineering just like this. Simple asking people for information that they give up thinking it is nothing. The one piece of information may be nothing, but put in a bowl with all the other information the hacker has gleaned, he gets what he wants.

Think about some conversation about your "first car", or about your pets. Sh1t like that gets passed around all the time on facebook, and I have to giggle a bit. I would rather tell people the first 5 digits of an actual password than the answers to common security questions.

Anyway, I am at this point, just having a conversation about security, not talking about this case. I know airmax has it well in-hand. Figuring out if this guy is who he says he is is very possible for max, but if he had said "no f**king way" I totally would have understood and backed him up. No matter how nice you want to be, breaking a security schema can be very bad for you professionally and financial.

It is an interesting topic. It's been my job for over a decade. And I do like talking about it, But your approach is more of one of lecturing down to people and it's not appreciated.

If you are feeling lectured to, than I don't know what to tell you. Not every conversation has to be had without pushing some peoples buttons. There is a notion that security is everyone's business, and as tech security becomes the most obvious shortcoming of any business, people should be talked to in a serious manner. Little bits of data you hold about other people is valuable. Give your OWN data up as much as you like, but be suspicious of anyone asking for data on others that you hold. If some person calling from some department calls asking you for an employees parking space number - I would question the necessity for the caller to have it.
TBR
Posts: 9,991
Add as Friend
Challenge to a Debate
Send a Message
5/20/2016 3:01:06 AM
Posted: 6 months ago
At 5/19/2016 11:39:29 PM, TheGreatAndPowerful wrote:
At 5/19/2016 9:35:32 PM, TBR wrote:

You keep acting like I'm disagreeing with you on some point.

I think you are just reading-in stuff that is not there.