security update

FC Domains · 05-02-2009, 11:05:53 AM

Quote:

Originally Posted by fish

Quite simply, in case your password has been compromised either through external sources or internal abuse by employees

If the password is compromised, what difference does it make if it was recently changed?

There seems no logic to it.

fish · 05-02-2009, 11:40:17 AM

Quote:

Originally Posted by FC Domains

If the password is compromised, what difference does it make if it was recently changed?

There seems no logic to it.

For example, someone had your password and they were sitting on it to utilise at a later date, meanwhile you change it thus rendering the (old) password useless.

Like with ID theft, card cloning, account jacking etc you ususally only know about it when something goes wrong. There is no infalible remedy of keeping security 100% tight. It makes sense however not to make it easy for anyone who has nefarious intent.

Fish

admin · 05-02-2009, 12:34:43 PM

Quote:

Originally Posted by vizzy

Hope NameDrive wasn't hacked.

And there is no e-mail for me either.

It's reported in the news that Namedrive suffered a password exposure hack for 1% of its users, hence the new measures and enforced password change.

jwm · 05-02-2009, 01:16:41 PM

Quote:

Originally Posted by NameDriver

Mally, if NameDrive change your password, it will always be completely randomised.

If a user changes their own name, it is up to them to choose something secure.

I, for one, know from services that I use that it may sometimes be irritating to have to change your password, however, I am aware that some ND users have not changed their NameDrive passwords for the 3.5 years that their accounts have been active.

Even changing it minimally by adding one or two numbers to the end is more secure than keeping the same password for ever.

I hope this explains our actions.

Ed

this realy is a poor show, no mention of account details being leaked then. The least you can do for customers is be upfront about an issue rather than try to gloss over the reason for the change

retired_member11 · 05-02-2009, 01:22:29 PM

All such sites should have "You last accessed this account.. (date and time).", and then the legitimate account holder might then know if someone hacked/ cracked in.

NameDriver · 05-02-2009, 01:56:46 PM

jwm, I wasn't glossing over the matter. In fact, I had already one hour previously to this post posted on ******* that we have had notice of a security issue and have taken swift action to close the issue.

My post to Mally was a reaction to his specific point.

We have always been upfront about any issues we have ever encountered on ND and are not going to start trying to brush things under the carpet now.

Any accounts we believe to have been affected were contacted directly by mail.

Ed

As to argonaut's comments. We are looking at such measures, both for users and for ourselves to monitor. However, I feel that if someone has accessed your account, then informing you of the fact is probably already too late, so we ensure it never gets to this point in the first place.

retired_member11 · 05-02-2009, 02:46:28 PM

Perhaps account holders should register an ip address (or several) for account access, and if another ip is detected the system then sends an email alert to the account holder.

NameDriver · 05-02-2009, 06:33:13 PM

Yes, we were thinking of something along those lines as well with a fixed IP for logging in.

Ed

retired_member11 · 05-02-2009, 06:45:50 PM

Great minds think alike........

05-02-2009, 01:56:46 PM	#16 (permalink)
NameDriver NameDrive Staff Join Date: Aug 2005 Posts: 729 No Classified Ratings Domain Trader Rating: (0% / 0)	jwm, I wasn't glossing over the matter. In fact, I had already one hour previously to this post posted on ******* that we have had notice of a security issue and have taken swift action to close the issue. My post to Mally was a reaction to his specific point. We have always been upfront about any issues we have ever encountered on ND and are not going to start trying to brush things under the carpet now. Any accounts we believe to have been affected were contacted directly by mail. Ed As to argonaut's comments. We are looking at such measures, both for users and for ourselves to monitor. However, I feel that if someone has accessed your account, then informing you of the fact is probably already too late, so we ensure it never gets to this point in the first place. __________________ Email: Craig@namedrive.com

05-02-2009, 06:33:13 PM	#18 (permalink)
NameDriver NameDrive Staff Join Date: Aug 2005 Posts: 729 No Classified Ratings Domain Trader Rating: (0% / 0)	Yes, we were thinking of something along those lines as well with a fixed IP for logging in. Ed __________________ Email: Craig@namedrive.com

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Domain Name Community	Replies	Last Post
IE7 Security Flaw	admin	General Board	4	17-12-2008 11:48:40 PM
Update: Security Expert, Hacker, Launch DNS Attack Code - eFluxMedia	RSS	Domain Name News	0	26-07-2008 06:59:21 PM
Revenue Update	NameDriver	NameDrive	0	06-05-2008 08:05:51 PM
MySql Select statement help please	admin	Website Design	15	05-07-2007 10:55:17 AM

05-02-2009, 01:22:29 PM	#15 (permalink)
retired_member11 Join Date: Mar 2005 Posts: 974 No Classified Ratings Domain Trader Rating: (100% / 1)	All such sites should have "You last accessed this account.. (date and time).", and then the legitimate account holder might then know if someone hacked/ cracked in.

05-02-2009, 02:46:28 PM	#17 (permalink)
retired_member11 Join Date: Mar 2005 Posts: 974 No Classified Ratings Domain Trader Rating: (100% / 1)	Perhaps account holders should register an ip address (or several) for account access, and if another ip is detected the system then sends an email alert to the account holder.

05-02-2009, 06:45:50 PM	#19 (permalink)
retired_member11 Join Date: Mar 2005 Posts: 974 No Classified Ratings Domain Trader Rating: (100% / 1)	Great minds think alike........