Flash Flash Revolution: Community Forums

Flash Flash Revolution: Community Forums (http://www.flashflashrevolution.com/vbz/index.php)
-   Bug Reports and Suggestions (http://www.flashflashrevolution.com/vbz/forumdisplay.php?f=15)
-   -   Your passwords are not encrypted (http://www.flashflashrevolution.com/vbz/showthread.php?t=150132)

xXOpkillerXx 11-10-2018 12:05 PM

Your passwords are not encrypted
 
Hi

Whenever you login on this website, if anyone with minimal hacking skills (packet sniffing) is in your network (public events or just a public wifi), they can see your password clearly.

Can something Please be done about it, ty.

aperson 11-10-2018 12:06 PM

Re: Your passwords are not encrypted
 
http://www.flashflashrevolution.com/...d.php?t=150077

rushyrulz 11-10-2018 12:06 PM

Re: Your passwords are not encrypted
 
Synthlight

EDIT: ninjad

xXOpkillerXx 11-10-2018 12:10 PM

Re: Your passwords are not encrypted
 
It's not taken seriously enough, and this thread hopefully shows everyone with no knowledge on https the clear consequence.

Duplica 11-10-2018 12:13 PM

Re: Your passwords are not encrypted
 
m-my p-p-password!!!


mellonxcollie 11-10-2018 12:13 PM

Re: Your passwords are not encrypted
 
make your password something super stupid you would never use anywhere else

xXOpkillerXx 11-10-2018 12:14 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by mellonxcollie (Post 4656176)
make your password something super stupid you would never use anywhere else

Yes, I do.

But the point is not to protect me, but the users who have no idea

aperson 11-10-2018 12:26 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by Duplica (Post 4656175)
m-my p-p-password!!!


very girthy

MarioNintendo 11-10-2018 12:33 PM

Re: Your passwords are not encrypted
 
And that's whyI never log into FFR while at AN

kommisar 11-10-2018 12:36 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by MarioNintendo (Post 4656181)
And that's whyI never log into FFR while at AN

what if I social engineer you into doing it



in b4 everyone uses VPNs at anime north lmao

PrawnSkunk 11-10-2018 12:44 PM

Re: Your passwords are not encrypted
 
Synthlight let our cPanel license expire back in May, so there is nothing we can do about it.

xXOpkillerXx 11-10-2018 12:45 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by PrawnSkunk (Post 4656184)
Synthlight let our cPanel license expire back in May, so there is nothing we can do about it.

And what does it take to get a new license ?

PrawnSkunk 11-10-2018 12:47 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by xXOpkillerXx (Post 4656185)
And what does it take to get a new license ?

Synthlight

xXOpkillerXx 11-10-2018 12:51 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by PrawnSkunk (Post 4656186)
Synthlight

So you mean only the website owner ?

Also what has been done to communicate with him ?

Gravity Kitten 11-10-2018 12:53 PM

Re: Your passwords are not encrypted
 
the flashflashrevolution2.com domain isn't taken yet :thinking:

xXOpkillerXx 11-10-2018 12:56 PM

Re: Your passwords are not encrypted
 
Synth owns the website, but does he own the data ?
Are there public terms and conditions we can see regarding to what is intellectual property in this context ?

inDheart 11-10-2018 01:17 PM

Re: Your passwords are not encrypted
 
actual web security is legitimately too much to expect from this site, so the next best thing we have is social engineering

do what raeko said and have a password you don't use elsewhere and change it sometimes too

PrawnSkunk 11-10-2018 01:19 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by xXOpkillerXx (Post 4656187)
So you mean only the website owner ?

Also what has been done to communicate with him ?

We've been attempting to contact Synthlight almost every month since September 2015, over 3 years ago. He reappeared for 12 days in December 2017, to help fix a disk failure and setup a new development server, then vanished again leaving us very confused.

xXOpkillerXx 11-10-2018 01:20 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by PrawnSkunk (Post 4656192)
We've been attempting to contact Synthlight almost every month since September 2015, over 3 years ago. He reappeared for 12 days in December 2017, to help fix a disk failure and setup a new development server, then vanished again leaving us very confused.

By what means ? Email ? Phone ?

I'm asking so I don't suggest things that were already attempted many times

Charu 11-10-2018 01:28 PM

Re: Your passwords are not encrypted
 
Guys, here's a great idea.

Everyone's password should be "password" for www.flashflashrevolution.com

Bulletproof plan that has no backfiring consequences!!!!!!!!!!!!

kurisushadow 11-10-2018 01:37 PM

Re: Your passwords are not encrypted
 
So....punch a disk till it fails? lol. We are all spooky scary skeletons in the end>

dAnceguy117 11-10-2018 02:32 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by Charu (Post 4656195)
Guys, here's a great idea.

Everyone's password should be "password" for www.flashflashrevolution.com

Bulletproof plan that has no backfiring consequences!!!!!!!!!!!!

Legit Doctor

riktoi 11-10-2018 02:40 PM

Re: Your passwords are not encrypted
 
you could kinda brush this off as fearmongering but i don't think anyone cares enough about their ffr accounts to think of it as that

xXOpkillerXx 11-10-2018 02:45 PM

Re: Your passwords are not encrypted
 
Tbh anyone here saying it's no big deal is simply not affected by it and/or doesn't care about anyone else than themself for this matter.

That being said, it costs me nothing to try and get information to figure out possible solutions.

Gradiant 11-10-2018 02:45 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by xXOpkillerXx (Post 4656193)
By what means ? Email ? Phone ?

I'm asking so I don't suggest things that were already attempted many times

"So you guys say you've tried contacting him for 3 years? Have you tried contacting him?"

xXOpkillerXx 11-10-2018 02:52 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by Gradiant (Post 4656214)
"So you guys say you've tried contacting him for 3 years? Have you tried contacting him?"

"So you want to make this website more secure and have the owner actually do something or give actual rights to admins ? And you're being pushy about it ? I should make fun of this"

you do you.

What is needed for admins to have full access ? Domain Name ownership ? More ?

Travis_Flesher 11-10-2018 03:10 PM

Re: Your passwords are not encrypted
 
My password is 'password' on like 20 online games worth billions of GP and nothing has ever happened in over 20 years.

aperson 11-10-2018 03:14 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by xXOpkillerXx (Post 4656218)
"So you want to make this website more secure and have the owner actually do something or give actual rights to admins ? And you're being pushy about it ? I should make fun of this"

you do you.

What is needed for admins to have full access ? Domain Name ownership ? More ?

It's adorable watching you go through the same thing that every person who has maintained the site for the past 10 years has already went through

drizzleRomanceGirl 11-10-2018 03:22 PM

Re: Your passwords are not encrypted
 
lol it would be so funny if synthlight was actually viewing this thread

xXOpkillerXx 11-10-2018 03:23 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by drizzleRomanceGirl (Post 4656227)
lol it would be so funny if synthlight was actually viewing this thread

It really would, although a bit insulting too lmao

aperson ty for the support

xXOpkillerXx 11-10-2018 06:12 PM

Re: Your passwords are not encrypted
 
https://help.enom.com/hc/en-us

Is it not possible to call the registrar's help desk and complain that the registrant has been unreachable for a long time, which is problematic due to website security issues ?

aperson 11-10-2018 06:32 PM

Re: Your passwords are not encrypted
 
a domain registrar does not give a shit unless you're doing something like submitting an atrocious amount of spam, and even then enom probably does not give a shit.

xXOpkillerXx 11-10-2018 06:38 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by aperson (Post 4656254)
a domain registrar does not give a shit unless you're doing something like submitting an atrocious amount of spam, and even then enom probably does not give a shit.

Hmm that wouldn't surprise me indeed. I will still give it a shot anyway, unless admins are willing to do it or have already done it.

Synthlight 11-10-2018 07:11 PM

Re: Your passwords are not encrypted
 
After 4 years he still hasn't asked for the password to this account to be changed so he could use it. I doubt much effort goes into thinking about FFR.

- Velocity

Rapta 11-10-2018 07:13 PM

Re: Your passwords are not encrypted
 
"Last post by Synthlight"

Me: NO WAAAAAY

Post: -Velocity

Me: :(

xXOpkillerXx 11-10-2018 07:14 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by Synthlight (Post 4656256)
After 4 years he still hasn't asked for the password to this account to be changed so he could use it. I doubt much effort goes into thinking about FFR.

- Velocity

Yeah he doesn't give a shit it's no news, but it's probably not impossible to find a way to talk to him

devonin 11-10-2018 07:37 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by xXOpkillerXx (Post 4656258)
Yeah he doesn't give a shit it's no news, but it's probably not impossible to find a way to talk to him

You mean like, people who have what are his most recently known email address, social media accounts and phone number? People with theoretical communications access to Synth have been trying to use that access to actually speak to him for YEARS.

And if you think it's a matter of just like...having somebody who is actually here try to get all the data necessary to host the site somewhere else, that already exists and has for years. The problem is "Every single song in this game was provided by permission from the holders of the rights to FFR and Synthlight" and if we just made flashflashrevolution2.com, even outside concerns about ownership of the term FFR, every single song would have to come down until new permission could be reestablished from every single artist, many of whom no longer produce music/have findable represenation and so as far a I understand how the rights issues work, to stay on the safe side, all those songs would just be lost.

xXOpkillerXx 11-10-2018 07:59 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by devonin (Post 4656261)
You mean like, people who have what are his most recently known email address, social media accounts and phone number? People with theoretical communications access to Synth have been trying to use that access to actually speak to him for YEARS.

And if you think it's a matter of just like...having somebody who is actually here try to get all the data necessary to host the site somewhere else, that already exists and has for years. The problem is "Every single song in this game was provided by permission from the holders of the rights to FFR and Synthlight" and if we just made flashflashrevolution2.com, even outside concerns about ownership of the term FFR, every single song would have to come down until new permission could be reestablished from every single artist, many of whom no longer produce music/have findable represenation and so as far a I understand how the rights issues work, to stay on the safe side, all those songs would just be lost.

Yes indeed song permission is problematic for hosting somewhere else. Please just don't assume I think there is a trivial fix to this very old problem, I Really don't. However, it can't hurt for me and the community to know (or be reminded of) what has been attempted and what possibilities the staff have, without of course disclosing private information. So I appreciate that you specify what the problems are.

aperson 11-10-2018 08:27 PM

Re: Your passwords are not encrypted
 
Anyway, once you follow this train of thought long enough you end up at the inevitable question: Is the community of this site worth the security liabilities that reside in it? Would it be better to just pull the plug?

riktoi 11-10-2018 08:29 PM

Re: Your passwords are not encrypted
 
where will i get my hot charting news if not for ffr

xXOpkillerXx 11-10-2018 08:30 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by aperson (Post 4656266)
Anyway, once you follow this train of thought long enough you end up at the inevitable question: Is the community of this site worth the security liabilities that reside in it? Would it be better to just pull the plug?

It's been discussed, and my opinion on it is that a major change wouldn't "hurt" as the website is already pretty "hurt". I believe regulars would still come anyway, even if changes take downtime. Idk what others think about that though.

xXOpkillerXx 11-10-2018 08:31 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by riktoi (Post 4656267)
where will i get my hot charting news if not for ffr

I believe discord chat wouldn't have to be taken down if the site was on maintenance, thanks to the migration from prochat to discord.

V-Ormix 11-10-2018 08:45 PM

Re: Your passwords are not encrypted
 
i jus came here to type yee

Legit Doctor 11-10-2018 09:07 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by dAnceguy117 (Post 4656210)
Legit Doctor

You rang?

drizzleRomanceGirl 11-11-2018 12:14 AM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by Legit Doctor (Post 4656274)
You rang?

lol

devonin 11-11-2018 12:39 AM

Re: Your passwords are not encrypted
 
Once it's hosted somewhere else, Synth will no longer be paying for hosting, is another potential pitfall.

xXOpkillerXx 11-11-2018 12:50 AM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by devonin (Post 4656306)
Once it's hosted somewhere else, Synth will no longer be paying for hosting, is another potential pitfall.

Yeah I asked if anyone was willing to pay for it but really changing host just seems like a bad fix. If synth is willing to keep paying for this, maybe providing payments to upgrade the actual server would be sufficient (with him keeping ownership). But that needs communication yes, and it's a hard task I know.

devonin 11-11-2018 01:24 AM

Re: Your passwords are not encrypted
 
It just feels like some part of you is saying that the lack of communication is, at all, happening on our end, like we're not trying hard enough to get a hold of Synth and get him to do things.

xXOpkillerXx 11-11-2018 08:35 AM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by devonin (Post 4656313)
It just feels like some part of you is saying that the lack of communication is, at all, happening on our end, like we're not trying hard enough to get a hold of Synth and get him to do things.

Far from it dont worry.
I've talked to velo yesterday and he gave me pretty much all the information I need to be well informed of the situation (for example what was posted in the other thread; https not doable on current server settings/os).

It is absolutely Not my decision to take whether we should call synth or not despite him ignoring the admins. Cuz you know, I found his workplace easily and the admins have had his phone numbers for a while, so we could easily call from a number that he hasnt blocked. However, not knowing why he ignores the staff makes it a risk of harrassment, which I can totally understand. I personally would try it, but I wont push for it.

gold stinger 11-11-2018 08:47 AM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by xXOpkillerXx (Post 4656332)
I found his workplace easily and the admins have had his phone numbers for a while, so we could easily call from a number that he hasn't blocked. However, not knowing why he ignores the staff makes it a risk of harrassment, which I can totally understand. I personally would try it, but I wont push for it.

Has anyone on the FFR Staff or been on the FFR Staff when Synthlight began going inactive been told by Synthlight or someone representing Synthlight why they shouldn't contact or call him, or been told that the contact is considered harassment and to refrain from future contact?

If not, I would consider giving Synthlight a call. Considering this website costs money to keep up (despite very little on Synthlight's end for hosting), and takes up resources (disk space to manage data), I don't find it far fetched to try and contact him with any new information that could lead to actually reaching him. Considering the stance that it takes up money & resources.

My deduction of reasoning & 2 cents. Love ya no matter what choice you go with on this. I'm not exactly in a hurry for anything to change.

xXOpkillerXx 11-11-2018 08:54 AM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by gold stinger (Post 4656334)
Has anyone on the FFR Staff or been on the FFR Staff when Synthlight began going inactive been told by Synthlight or someone representing Synthlight why they shouldn't contact or call him, or been told that the contact is considered harassment and to refrain from future contact?

If not, I would consider giving Synthlight a call. Considering this website costs money to keep up (despite very little on Synthlight's end for hosting), and takes up resources (disk space to manage data), I don't find it far fetched to try and contact him with any new information that could lead to actually reaching him. Considering the stance that it takes up money & resources.

My deduction of reasoning & 2 cents. Love ya no matter what choice you go with on this. I'm not exactly in a hurry for anything to change.

Afaik with what Velocity told me, nobody knows why he is clearly ignoring calls.

I refuse as a simple user to call him personally and unless the admins decided to try and call from other numbers (which they dont seem to like), I will not pursue this communication goal.

Velocity 11-11-2018 01:02 PM

Re: Your passwords are not encrypted
 
Quote:

Originally Posted by xXOpkillerXx (Post 4656335)
Afaik with what Velocity told me, nobody knows why he is clearly ignoring calls.

I refuse as a simple user to call him personally and unless the admins decided to try and call from other numbers (which they dont seem to like), I will not pursue this communication goal.

It is entirely possible that after 16 years he simply doesn't want to be involved with FFR anymore but keeps it online since it doesn't really cost him any money or time. For all intents and purpose, if that's the decision he's made, then I'm not about to bother him for the 30th time.

Also another thing I remembered today, Multiplayer is locked to the server and IP, so we can't really change either of those.

rayword45 11-11-2018 01:04 PM

Re: Your passwords are not encrypted
 
Last time Synth came around I remember he literally came to re-enable profile downvotes then left again

xXOpkillerXx 11-11-2018 01:09 PM

Re: Your passwords are not encrypted
 
This thread may be closed then

TheSaxRunner05 11-11-2018 02:24 PM

Re: Your passwords are not encrypted
 
This is where we all go off and create "Fourthstyle"


All times are GMT -5. The time now is 05:58 PM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Copyright FlashFlashRevolution