IDN Forums - Internationalized Domain Names  
Home | Advertise on idnforums | Premium Membership

Go Back   IDN Forums - Internationalized Domain Names > IDN Parking and Affiliate Programs > NameDrive

NameDrive For discussion of NameDrive's parking program. NameDrive offers an IDN compatible parking program to monetize your domains via PPC.
Click here for NameDrive Signup

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 4th February 2009, 07:31 PM
jose's Avatar
Veteran
 
Join Date: Jan 2006
Posts: 8,718
iTrader: (49)
Rep Power: 5408
jose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nice
Exclamation Namedrive hacked?!

Namedrive has changed my password without my knowledge!

Have yours also?

What's going on?!
__________________
Looking for the perfect, still free .com domain name, for your next endeavor? Ask me. $5 only. Here's my most recent, 101th story of success: CarRealtime.com
Reply With Quote
  #2 (permalink)  
Old 4th February 2009, 08:15 PM
Drewbert's Avatar
Administrator
 
Join Date: Feb 2006
Posts: 6,091
iTrader: (20)
Rep Power: 0
Drewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgy
Re: Namedrive hacked?!

Gaaaaa.

They've imposed 90 day password expiry.

Sheesh.

Fine for idiots that make their password at all their sites "harley", but for those that pick a difficult password that's a scrambled mix of letters and number, this is just a PITA.

If I have such a password, making me change it every 90 days does NOTHING to enhance my security.

They should have made this opt-out. This sort of thing really fucks me off.

Coming from a site that uses http instead of https for logged in customers and inserts a session ID in the URL? Puh-lease!!!!

A big fat -1 for NameDrive today.

Sedo, get your fucking act together for UTF8 support.
__________________
It's all jaded style to me.
Reply With Quote
  #3 (permalink)  
Old 4th February 2009, 09:22 PM
jose's Avatar
Veteran
 
Join Date: Jan 2006
Posts: 8,718
iTrader: (49)
Rep Power: 5408
jose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nice
Re: Namedrive hacked?!

Quote:
Originally Posted by Drewbert View Post
If I have such a password, making me change it every 90 days does NOTHING to enhance my security.
100% agree. 90 days pwds is so 90's.

Quote:
Originally Posted by Drewbert View Post
Coming from a site that uses http instead of https for logged in customers and inserts a session ID in the URL? Puh-lease!!!!
BINGO. Maybe that's the reason for the sudden and imposed pwd change...
__________________
Looking for the perfect, still free .com domain name, for your next endeavor? Ask me. $5 only. Here's my most recent, 101th story of success: CarRealtime.com
Reply With Quote
  #4 (permalink)  
Old 4th February 2009, 09:48 PM
bramiozo's Avatar
Administrator
 
Join Date: Sep 2005
Location: Haarlem
Posts: 2,251
iTrader: (30)
Rep Power: 922
bramiozo is on a distinguished roadbramiozo is on a distinguished roadbramiozo is on a distinguished roadbramiozo is on a distinguished roadbramiozo is on a distinguished roadbramiozo is on a distinguished road
Send a message via MSN to bramiozo Send a message via Skype™ to bramiozo
Re: Namedrive hacked?!

Sedo also put the session id in the url, at least some time ago, I remember one time when I followed a sedo link and I was directly logged in, obviously they didn't even bother to check the ip/browser...
Reply With Quote
  #5 (permalink)  
Old 4th February 2009, 10:20 PM
jose's Avatar
Veteran
 
Join Date: Jan 2006
Posts: 8,718
iTrader: (49)
Rep Power: 5408
jose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nice
Re: Namedrive hacked?!

Drewbert: plz reply to my PMs. Thanks...
__________________
Looking for the perfect, still free .com domain name, for your next endeavor? Ask me. $5 only. Here's my most recent, 101th story of success: CarRealtime.com
Reply With Quote
  #6 (permalink)  
Old 4th February 2009, 10:39 PM
Aidan_from_NameDrive's Avatar
Junior Member
 
Join Date: Aug 2008
Location: Köln, Germany
Posts: 24
iTrader: (0)
Rep Power: 400
Aidan_from_NameDrive is an unknown quantity at this point
Send a message via MSN to Aidan_from_NameDrive
Re: Namedrive hacked?!

Hi guys,

NameDrive made these changes in order to enhance security.

We were alerted of a possible security breach affecting less than 1% of our accounts, although we have no indication that any unauthrorised access was gained, we have reacted forcefully to ensure absolute security for your account.

Feel free to PM or mail me if you have any problems.

Thanks,

Aidan
Reply With Quote
  #7 (permalink)  
Old 4th February 2009, 10:56 PM
Drewbert's Avatar
Administrator
 
Join Date: Feb 2006
Posts: 6,091
iTrader: (20)
Rep Power: 0
Drewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgy
Re: Namedrive hacked?!

http://www.domainnamenews.com/ppc-industry/3884/3884
__________________
It's all jaded style to me.
Reply With Quote
  #8 (permalink)  
Old 4th February 2009, 11:45 PM
jose's Avatar
Veteran
 
Join Date: Jan 2006
Posts: 8,718
iTrader: (49)
Rep Power: 5408
jose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nice
Re: Namedrive hacked?!

So I was right from the beggining. Didn't get the mail thought, does this means I was not affected?!
__________________
Looking for the perfect, still free .com domain name, for your next endeavor? Ask me. $5 only. Here's my most recent, 101th story of success: CarRealtime.com
Reply With Quote
  #9 (permalink)  
Old 5th February 2009, 01:40 AM
Drewbert's Avatar
Administrator
 
Join Date: Feb 2006
Posts: 6,091
iTrader: (20)
Rep Power: 0
Drewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgy
Re: Namedrive hacked?!

I didn't get an email either.

Maybe this explains the vector?

http://www.theregister.co.uk/2009/02/04/phpbb_breach/
__________________
It's all jaded style to me.
Reply With Quote
  #10 (permalink)  
Old 5th February 2009, 12:48 PM
domainguru's Avatar
Senior Member
 
Join Date: Mar 2006
Posts: 3,835
iTrader: (14)
Rep Power: 2508
domainguru has a spectacular aura aboutdomainguru has a spectacular aura aboutdomainguru has a spectacular aura aboutdomainguru has a spectacular aura aboutdomainguru has a spectacular aura aboutdomainguru has a spectacular aura aboutdomainguru has a spectacular aura aboutdomainguru has a spectacular aura aboutdomainguru has a spectacular aura about
Re: Namedrive hacked?!

To be honest, what pisses me off is the lack of honesty. I went to my ND site account yesterday, and I couldn't log in, then read some message about having to now change passwords every 90 days. No mention of being hacked.

If you've been hacked, just let me know, either by email or on the website. Don't put up some bs message telling me I have to change my password every 90 days because I really really hate doing that.
Reply With Quote
  #11 (permalink)  
Old 6th February 2009, 12:05 AM
sunsei21's Avatar
Member
 
Join Date: Mar 2006
Location: Internet
Posts: 714
iTrader: (14)
Rep Power: 558
sunsei21 is an unknown quantity at this point
Send a message via AIM to sunsei21 Send a message via Skype™ to sunsei21
Re: Namedrive hacked?!

Please click one of the Quick Reply icons in the posts above to activate Quick Reply.
__________________
Reply With Quote
  #12 (permalink)  
Old 7th February 2009, 09:38 PM
jose's Avatar
Veteran
 
Join Date: Jan 2006
Posts: 8,718
iTrader: (49)
Rep Power: 5408
jose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nicejose is just really nice
Re: Namedrive hacked?!

As we are #1 for "Namedrive hacked" on Google, here's what I think happened:

I think ND DID NOT stored the pwds in plain text files and used hashes (salted or not).
But I also think ND DID NOT kept the db on a different server as it should have... only one port open, accessed only from the inside, allows pwd check/write but not read.

I think they most sure got the complete database of passwords.

So, why were only certain users affected?
Because those were the ones with passwords like "123456".

But that doens't mean you wont be affected on the future.
It's just a mater of how long will they kept running the rainbow tables on the db.

Now I ask ND: has the special set fake accounts&emails been used?
You had those, didn't you?
__________________
Looking for the perfect, still free .com domain name, for your next endeavor? Ask me. $5 only. Here's my most recent, 101th story of success: CarRealtime.com
Reply With Quote
  #13 (permalink)  
Old 8th February 2009, 07:34 AM
Drewbert's Avatar
Administrator
 
Join Date: Feb 2006
Posts: 6,091
iTrader: (20)
Rep Power: 0
Drewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgyDrewbert is a tad dodgy
Re: Namedrive hacked?!

Pooh sure loves his honeypot.
__________________
It's all jaded style to me.
Reply With Quote
  #14 (permalink)  
Old 8th February 2009, 09:36 AM
Rubber Duck's Avatar
Veteran
 
Join Date: Sep 2005
Location: Czech Republic (For those of you from USA = Chechnya)
Posts: 15,929
iTrader: (59)
Rep Power: 4501
Rubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura about
Re: Namedrive hacked?!

perhaps that explains why the new passwords run to about 3 pages. :D

Quote:
Originally Posted by jose View Post
As we are #1 for "Namedrive hacked" on Google, here's what I think happened:

I think ND DID NOT stored the pwds in plain text files and used hashes (salted or not).
But I also think ND DID NOT kept the db on a different server as it should have... only one port open, accessed only from the inside, allows pwd check/write but not read.

I think they most sure got the complete database of passwords.

So, why were only certain users affected?
Because those were the ones with passwords like "123456".

But that doens't mean you wont be affected on the future.
It's just a mater of how long will they kept running the rainbow tables on the db.

Now I ask ND: has the special set fake accounts&emails been used?
You had those, didn't you?
__________________
All offers to sell are void.
Reply With Quote
  #15 (permalink)  
Old 8th February 2009, 09:44 AM
Rubber Duck's Avatar
Veteran
 
Join Date: Sep 2005
Location: Czech Republic (For those of you from USA = Chechnya)
Posts: 15,929
iTrader: (59)
Rep Power: 4501
Rubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura about
Re: Namedrive hacked?!

Quote:
Originally Posted by Drewbert View Post
Pooh sure loves his honeypot.
I don't think Pooh is likely to turn out to be a Panda more likely a Grizzly.

Yeah, the bears are so bloody greedy that even the bit they didn't manage to monopolize they keep coming back and trying to steal!
__________________
All offers to sell are void.
Reply With Quote
  #16 (permalink)  
Old 8th February 2009, 11:38 PM
mdw's Avatar
mdw mdw is offline
Member
 
Join Date: Jul 2006
Location: upstairs
Posts: 838
iTrader: (24)
Rep Power: 564
mdw is an unknown quantity at this point
Re: Namedrive hacked?!

Quote:
Originally Posted by jose View Post
But I also think ND DID NOT kept the db on a different server as it should have... only one port open, accessed only from the inside, allows pwd check/write but not read.
So common though - anyone running a startup on a budget is guilty of this. Usually folks create a separate user for the DB, but often start out with a single empty box and put everything on it.

Quote:
Originally Posted by jose View Post
I think they most sure got the complete database of passwords.
Indeed - how on earth would someone only get 1% of the account info?

All the more reason to preach to folks to stop using the same password on all sites. SEE THE BORING POST: http://www.idnforums.com/forums/2108...passwords.html Big corporations are the worst. They get account info stolen by the millions, as opposed to namedrive's thousands of customers.

Yeah Drew it aggravates me too that I have to give up my strong password. But this kind of policy has been imposed on me often enough before where I have a strategy for it. Unfortunately this 90-day thing is commonplace in big companies. People there write down passwords and stick them under keyboards about every 3 months.
Reply With Quote
  #17 (permalink)  
Old 15th February 2009, 11:43 AM
Banned
 
Join Date: Feb 2009
Posts: 4
iTrader: (0)
Rep Power: 0
WildWoman is an unknown quantity at this point
Talking Re: Namedrive hacked?!

Namedrive c'est démodé un mauvais ton
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 11:34 AM.

Site Sponsors
Your ad here
buy t-shirt
מחיר הזהב

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.0
Copyright idnforums.com 2005

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54