Cruisers Forum
 


Join CruisersForum Today

Reply
 
Thread Tools Search this Thread Rate Thread Display Modes
Old 24-08-2019, 07:52   #1
Registered User
 
Delancey's Avatar

Join Date: Oct 2011
Location: Spain
Boat: Sunk by Irma
Posts: 3,569
CF Passwords Hacked?

Just a heads-up-

I’ve recently received a few junk emails that include my CF password in the title. Preview of the body says something like “your computer has been infected by my malw...”

While I used this simple password for a couple different things long ago, it has been used exclusively for CF for many, many years.

Here is useful link to help you figure out if your passwords have been hacked.

https://haveibeenpwned.com/Passwords

It checks the password you enter against the various hacked password lists available for purchase on the dark web.
__________________

Delancey is offline   Reply With Quote
Old 24-08-2019, 08:17   #2
Registered User
 
DeepFrz's Avatar

Cruisers Forum Supporter

Join Date: Mar 2006
Location: Winnipeg
Boat: None at this time
Posts: 8,461
Re: CF Passwords Hacked?

So you actually entered your passwords into that site? Wouldn't it be prudent just to change your password?
__________________

DeepFrz is offline   Reply With Quote
Old 24-08-2019, 08:29   #3
Registered User
 
Delancey's Avatar

Join Date: Oct 2011
Location: Spain
Boat: Sunk by Irma
Posts: 3,569
Re: CF Passwords Hacked?

You have probably been hacked and didn’t even know it.

The purpose of the site is to provide people a way to find out if they have been hacked in the past. Given the fact that some acknowledged data breaches have affect hundreds of millions of people, chances are you are one of them.

Give it a try. You might not like what you find out.

If you dig in there the site tells you specifically NOT to enter any current passwords you are using. It’s a legit site. Not a scam.

Of course change your password. I don’t really care about CF so never bothered changing the simple one I had been using.
Delancey is offline   Reply With Quote
Old 24-08-2019, 08:38   #4
Registered User
 
DeepFrz's Avatar

Cruisers Forum Supporter

Join Date: Mar 2006
Location: Winnipeg
Boat: None at this time
Posts: 8,461
Re: CF Passwords Hacked?

Okay. Great.

I noticed that Firefox has a notification that CF is not a secure site so it behooves us all not to use the CF password for anything else. Of course we shouldn't be using passwords or user names for more than one site anyway.

Hopefully CF will upgrade the site.
DeepFrz is offline   Reply With Quote
Old 24-08-2019, 08:39   #5
Registered User

Join Date: May 2011
Location: Lake Ont
Posts: 5,431
Re: CF Passwords Hacked?

Almost a year back, I received one of those extortion emails that happened to include one of my passwords. Fortunately, I use multiple passwords: hard ones that are never stored and are unique for each important site, and a simpler throwaway password I use for logging into sites with very low security implications - like CF.

The extortion email used the throwaway one, so I can't be sure what site it leaked out of. Anyway, I just made up a new throwaway password and changed it on all those low-consequence sites. From the OP's experience, maybe it was CF.

Moral - manage passwords carefully, and don't also use important passwords for trivial sites whose concern or need for security is low.

Lake-Effect is online now   Reply With Quote
Old 24-08-2019, 08:39   #6
Registered User

Join Date: Dec 2016
Posts: 6
Re: CF Passwords Hacked?

When you click that link, the request to https://haveibeenpwned.com/ may include the referer field, which indicates the last page the user was on. In this case cruisersforum.com. Providing your cruisersforum.com password at that point would be a bad idea. It's a legitimate service but don't provide any passwords that you currently use. Just change your password.
andrewparker is offline   Reply With Quote
Old 24-08-2019, 08:42   #7
Registered User

Join Date: Aug 2018
Posts: 363
Re: CF Passwords Hacked?

We would hope that CF do not store passwords in cleartext and that in tech terms, they are hashed and salted. Assuming they are, then the only way the 'bad guys" can get that password is to capture it as you are entering it - ie on your computer. That would mean your pc/laptop is infected and has an exploit on it.



If CF are storing passwords un-hashed, then all bets are off.
kevinof is online now   Reply With Quote
Old 24-08-2019, 08:48   #8
Registered User

Join Date: May 2011
Location: Lake Ont
Posts: 5,431
Re: CF Passwords Hacked?

Quote:
Originally Posted by kevinof View Post
We would hope that CF do not store passwords in cleartext and that in tech terms, they are hashed and salted. Assuming they are, then the only way the 'bad guys" can get that password is to capture it as you are entering it - ie on your computer. That would mean your pc/laptop is infected and has an exploit on it.

If CF are storing passwords un-hashed, then all bets are off.

It could also just be hacked wifi points if you log into CF while travelling, since CF isn't using SSL (https) . (No excuses CF, it should be secured)
Lake-Effect is online now   Reply With Quote
Old 24-08-2019, 09:01   #9
Registered User

Join Date: Jul 2019
Posts: 36
Re: CF Passwords Hacked?

Folks, if you are receiving that type of spam, change your passwords. Chances are you re-used an old one that was found in a dump online, and people are credential stuffing with them.



You can use https://haveibeenpwned.com/ to enter your email and/or your password to see if an email address you have used on sites before has been leaked, or your password has been found in a dump.



Please note that this does not mean cruisersforum has been hacked; although possible but I'd imagine the staff being aware and doing the responsible thing


Also it's perfectly safe to enter your email or password on HaveIBeenPwned - the site is ran by a rather famous security researcher as a free service to the internet community at large, and will only tell you if your email address has been found in data leaked through hacks of various sites.
benvanstaveren is offline   Reply With Quote
Old 24-08-2019, 09:02   #10
Registered User

Join Date: Jul 2019
Posts: 36
Re: CF Passwords Hacked?

Quote:
Originally Posted by andrewparker View Post
When you click that link, the request to https://haveibeenpwned.com/ may include the referer field, which indicates the last page the user was on. In this case cruisersforum.com. Providing your cruisersforum.com password at that point would be a bad idea. It's a legitimate service but don't provide any passwords that you currently use. Just change your password.

That's... a little paranoid. And I'm in IT security for a living so that's saying something (we're a paranoid lot by nature)
benvanstaveren is offline   Reply With Quote
Old 24-08-2019, 09:21   #11
Registered User

Join Date: Aug 2018
Posts: 363
Re: CF Passwords Hacked?

True. Just noticed that. Means browser connection is wide open. Not good CF.



Quote:
Originally Posted by Lake-Effect View Post
It could also just be hacked wifi points if you log into CF while travelling, since CF isn't using SSL (https) . (No excuses CF, it should be secured)
kevinof is online now   Reply With Quote
Old 24-08-2019, 16:04   #12
Senior Cruiser
 
StuM's Avatar

Cruisers Forum Supporter

Join Date: Nov 2013
Location: Port Moresby,Papua New Guinea
Boat: FP Belize Maestro 43 and OPB
Posts: 10,147
Re: CF Passwords Hacked?

Quote:
Originally Posted by Delancey View Post
Just a heads-up-

I’ve recently received a few junk emails that include my CF password in the title. Preview of the body says something like “your computer has been infected by my malw...”

While I used this simple password for a couple different things long ago, it has been used exclusively for CF for many, many years.

Those junk emails are prevalent on the internet and are using old compromised password lists. I'm aware of people receiving them who have not used the stated password for many years. That is likely to be the case here.
StuM is online now   Reply With Quote
Old 24-08-2019, 16:27   #13
Registered User

Join Date: Feb 2017
Location: Seattle, WA
Boat: Passport 41
Posts: 189
Re: CF Passwords Hacked?

CF is not https. Any secrets you send to it are obvious to anything between you and CF servers. Password managers are your friend.
kev_rm is offline   Reply With Quote
Old 25-08-2019, 07:15   #14
Registered User

Join Date: May 2011
Location: Lake Ont
Posts: 5,431
Re: CF Passwords Hacked?

Quote:
Originally Posted by kev_rm View Post
CF is not https. Any secrets you send to it are obvious to anything between you and CF servers. Password managers are your friend.

If a site's login page is not https, the password still travels in the clear, even if you have a pw manager.
Lake-Effect is online now   Reply With Quote
Old 25-08-2019, 07:53   #15
Registered User
 
DeepFrz's Avatar

Cruisers Forum Supporter

Join Date: Mar 2006
Location: Winnipeg
Boat: None at this time
Posts: 8,461
Re: CF Passwords Hacked?

Quote:
Originally Posted by Lake-Effect View Post
If a site's login page is not https, the password still travels in the clear, even if you have a pw manager.
True, however, a good password manager makes it easy to have separate passwords for each of the sites that you have to log in to. That way if your password for CF is hacked it doesn't lead anywhere other than your email address.
__________________

DeepFrz is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Passwords In A Paperless World maxingout General Sailing Forum 74 14-10-2017 13:43
Hacked Again capn_billl General Sailing Forum 13 12-12-2011 09:26
FYI - SailNet Hacked Yachts66 Off Topic Forum 21 08-09-2010 22:33

Advertise Here


All times are GMT -7. The time now is 06:14.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2020, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.