NOTICE SECURITY NOTICE - everybody read

I'd like to add that everyone from now on, DO NOT share addresses through PM.

It's very personal information and I highly suggest you exchange addresses through a PayPal note, or another method.
Once someone has your password you have no clue your account is being looked at.

 

But why was this posted shortly after the forum was warned of a Linux web exploit? You sure nothing got leaked, buddy?

 

You misunderstand, the only part I trust is ASSEMbler in this case, not the local ISP with their transparent proxy and censorship, not the agencies storing all internet data indefinitely. The reason to use TOR is not to hide who you are from ASSEMBler, but everyone else, and to reach blocked sites (eg. gbatemp.net was blocked for a while). As an added bonus, you get encryption (through to the exit node) without using broken HTTPS due to corrupt cert authorities.

 

The modern world scares me.

 

I don't know how the conversations are being stored in the database, but I have the feeling they are saved in plain text. If that's the case, if the database is compromised, all messages are out there regardless if those involved have your password or not. Perhaps @retro can clarify this matter, are the conversations saved in plain text?

 

So is that a yes? Or that another breach is having a noticeable impact here?

 

From what I've read/seen Asembler wasn't hacked but another site was.

To explain it simply for everybody site a.com is assembler and site b.com is a random site. On site a.com you use the same password as site b.com and site b.com was hacked. Hackers have now tried that password against site a.com which is here and having seen it works logged in.

In other words this is a password reuse attack. Meaning if you've used the same pass elsewhere and same username here then hackers are trying to login.

Hope the staff don't mind me explaining this.

 

I use password I really can't remember a second after I used them. So fuking complicated and looooong But that's how it's done

 

Sounds odd, Why would someone try to use credentials from elsewhere here on AG? Is it because of the facebook and twitter integration?

 

Hackers jump account to account looking for real information or anything of value to resell on the dark web.

With your address and full name they could put in a application for a credit card or something worse.

 

They could also just pickup a free phone book.

 

Many people are not in them aymore. I'm not, My mothers not.

They're stored in plaintext on XenForo and pretty much all forum scripts sadly. It lowers server load so they leave it plain.

 

They'd need DOB for that.

 

Very true but this isn't super hard to find. Many people display their date of birth on forums, social media or in some cases the goverment display it on the birth registery. Long as you have the name the rest is easy most of the time.

Why sometimes it's best to use fake info. But this doesn't apply in all cases as you do have to use real on some sites.

 

Which is why I don't use my real name on Facebook, even my mobile number isn't actually mine on there. Information is very easily found through social media.

 

Haha yeah. Why I use a fake name on facebook but if they ever moan I have proof it's kinda real

It's scary how easy this information is to find really.

 

If you get reported for a fake name, just make another account. It's really not worth sending very personal ID like driver's license for some website. Crazy.

 

Yeah Broman, I mean why would anyone do that.....

Ass Master Supreme

 

Are you sure it's not people connecting through Tor? A lot of people I know redirect their whole traffic through tor using either Tails or Tallow.
On an other note, I didn't know 2 factor authentication was implemented here, I just took the opportunity of setting it up on my account and adding the secret to my Yubikey

 

So basically, a VPN is not allowed?