serious problem with scoobynet software
#1
Have written to simon but got no answer yet, assume he is busy, so wondering if someone can shed some light on this.
I remember sometime back moray being "fired" as a moderator after a security leak in which someone posted on his behalf.
Today I received a thread activity notification on a thread I have never posted on, infact the content of the thread kinda shows that it wasnt me.
http://www.scoobynet.co.uk/bbs/threa...threadid=67666
It is clear to me that this was not malicious posting as a phone number and volunteered name dont make sense. Perhaps teh naem might give a clue as to how it happened.
Either way, surely this has serious security implications, so perhaps everyone should be on their guard. Had it not been for the thread activity notification, I never would have seen this.
I remember sometime back moray being "fired" as a moderator after a security leak in which someone posted on his behalf.
Today I received a thread activity notification on a thread I have never posted on, infact the content of the thread kinda shows that it wasnt me.
http://www.scoobynet.co.uk/bbs/threa...threadid=67666
It is clear to me that this was not malicious posting as a phone number and volunteered name dont make sense. Perhaps teh naem might give a clue as to how it happened.
Either way, surely this has serious security implications, so perhaps everyone should be on their guard. Had it not been for the thread activity notification, I never would have seen this.
#2
I should add, that it is impossible for anyone to have access to the machines I post from as both are private machines which were not available at the time "I" posted.
[Edited by Adam M - 1/28/2002 11:32:00 AM]
[Edited by Adam M - 1/28/2002 11:32:00 AM]
#4
Adam,
I noticed your post in that thread because I was after the speakers as well. I did think it was strange for the post to be signed by a Pet but put it down to somebody borrowing your account or a shared PC.
Very strange. I have some ideas on the problem but I wouldn't like to start rumours off.
Chris.
I noticed your post in that thread because I was after the speakers as well. I did think it was strange for the post to be signed by a Pet but put it down to somebody borrowing your account or a shared PC.
Very strange. I have some ideas on the problem but I wouldn't like to start rumours off.
Chris.
#5
Scooby Regular
iTrader: (3)
Join Date: Dec 1999
Location: UK
Posts: 13,274
Likes: 0
Received 0 Likes
on
0 Posts
Adam,
Did you 'top' this mail?
http://www.scoobynet.co.uk/bbs/threa...threadid=65801
Also, here's the mail address!
http://www.scoobynet.co.uk/bbs/profi...?MemberID=9981
Did you 'top' this mail?
http://www.scoobynet.co.uk/bbs/threa...threadid=65801
Also, here's the mail address!
http://www.scoobynet.co.uk/bbs/profi...?MemberID=9981
#6
no i didnt.
Am confused.
the only machine I have ever used apart from mine was the one at scoobysport for the customers to use, but I have not posted from there for some months and I was certain I deleted all cookies etc.
Really !
It does appear consistent as it was the same guy posting at teh same time of day. But surely he would have noticed each time it would have said thank you Adam M for posting.
[Edited by Adam M - 1/28/2002 12:19:52 PM]
Am confused.
the only machine I have ever used apart from mine was the one at scoobysport for the customers to use, but I have not posted from there for some months and I was certain I deleted all cookies etc.
Really !
It does appear consistent as it was the same guy posting at teh same time of day. But surely he would have noticed each time it would have said thank you Adam M for posting.
[Edited by Adam M - 1/28/2002 12:19:52 PM]
#7
Adam, do you know this Pete guy? I think he has your username/password (may be worth changing the latter). See this thread, which contains in the title 'Not from Adam':
http://www.scoobynet.co.uk/bbs/threa...ThreadID=67771
Edited to say I too have used the machine at Scoobysport, but again that was some months ago.
[Edited by carl - 1/28/2002 12:19:32 PM]
http://www.scoobynet.co.uk/bbs/threa...ThreadID=67771
Edited to say I too have used the machine at Scoobysport, but again that was some months ago.
[Edited by carl - 1/28/2002 12:19:32 PM]
Trending Topics
#9
I am guessing then that it is the machine at scoobysport, since when I rang them to check they siad there was a guy there using the machines at about that time of day, and he was having a 22B wing fitted to a green car. The fact that he appears to be selling a wing makes me think this must be it.
Phew, that puts my mind at rest, but I have changed my password anyway just incase.
maybe Moray had used the scoobysport computers too?
Phew, that puts my mind at rest, but I have changed my password anyway just incase.
maybe Moray had used the scoobysport computers too?
#10
No need to check.
Rang scoobysport and although they dont knwo his name, they confirmed a 22B wing being fitted that day to a green car. That matches everything he said in his for sale advert. I cant believe my details have remained ont that machine for so long, either that or he guessed my password, which frankly was possible.
I did write to him, but he hasnt replied. ut then its not as if it was some shady cheating going on, he revealed his name straight away. Can only presuem all is well in the land of scoobynet security.
Simon, ignore my email.
Rang scoobysport and although they dont knwo his name, they confirmed a 22B wing being fitted that day to a green car. That matches everything he said in his for sale advert. I cant believe my details have remained ont that machine for so long, either that or he guessed my password, which frankly was possible.
I did write to him, but he hasnt replied. ut then its not as if it was some shady cheating going on, he revealed his name straight away. Can only presuem all is well in the land of scoobynet security.
Simon, ignore my email.
#12
Scooby Regular
I realised some while back that the PC's at Scoobynet save your userid, so I had a bit of a tidy up after I posted there last - deleted 12,000 odd temp internet files - the PC seemed to run a bit quicker after that.....
#13
Hi All
Thanks for bringing this up Adam, and apologies for not getting back to you sooner.
It was indeed the scoobysport pc. Once again, I would like to re-state that jumping to the conclusion that this is a security hole (in the normal understanding of the term) is unfounded.
It HAS highlighted again though the need to have a log-out button, or more control over cookies. I promise to spend some time on this as an absolute priority, but in the mean time, it is also important to be vigilant yourself, in the same way as you would if you accessed an online banking or email account from a public machine. This does not mean that there shouldn't be more safeguards from the scoobynet software side.
I would also like to state that Moray has at NO TIME been "sacked" or anything even remotely similar. I have a lot of respect for Moray and am talking with him privately about this. I always reply within hours (usually minutes) of receiving his emails, but he is clearly busy so cannot always reply straight away.
I hope this clears things up. Thanks again.
Regards
Simon
Thanks for bringing this up Adam, and apologies for not getting back to you sooner.
It was indeed the scoobysport pc. Once again, I would like to re-state that jumping to the conclusion that this is a security hole (in the normal understanding of the term) is unfounded.
It HAS highlighted again though the need to have a log-out button, or more control over cookies. I promise to spend some time on this as an absolute priority, but in the mean time, it is also important to be vigilant yourself, in the same way as you would if you accessed an online banking or email account from a public machine. This does not mean that there shouldn't be more safeguards from the scoobynet software side.
I would also like to state that Moray has at NO TIME been "sacked" or anything even remotely similar. I have a lot of respect for Moray and am talking with him privately about this. I always reply within hours (usually minutes) of receiving his emails, but he is clearly busy so cannot always reply straight away.
I hope this clears things up. Thanks again.
Regards
Simon
#15
Simon,
Re : "I would also like to state that Moray has at NO TIME been "sacked" or anything even remotely similar. I have a lot of respect for Moray and am talking with him privately about this. I always reply within hours (usually minutes) of receiving his emails, but he is clearly busy so cannot always reply straight away"
As I understand it from your last email to me, you specifically told me that you are no longer interested in talking about this issue with me privately.
I have invested a lot of time over the last couple of years as a moderator on this board, this work was voluntary and I did it to help contribute to the subaru online community, not for any financial gain or other such reason. I have taken personal abuse from certain users, but that's part of the job and I enjoy contributing to the community as I feel I have gained much from it in the 3 or 4 years I have been involved with it (scoobynet 1 and 2).
The situation as of now is that you removed moderator priviledges from my account as a "security precaution", you then, eventually, told me that this was nothing to do with security and gave me a completely different reason which you have now refused to explain or discuss further in our offline conversation.
So for whatever the actual reason, you have removed me as a moderator and refused to explain why, even offline. So much for the "respect" you mentioned.
Moray
bbs.22b.com
Re : "I would also like to state that Moray has at NO TIME been "sacked" or anything even remotely similar. I have a lot of respect for Moray and am talking with him privately about this. I always reply within hours (usually minutes) of receiving his emails, but he is clearly busy so cannot always reply straight away"
As I understand it from your last email to me, you specifically told me that you are no longer interested in talking about this issue with me privately.
I have invested a lot of time over the last couple of years as a moderator on this board, this work was voluntary and I did it to help contribute to the subaru online community, not for any financial gain or other such reason. I have taken personal abuse from certain users, but that's part of the job and I enjoy contributing to the community as I feel I have gained much from it in the 3 or 4 years I have been involved with it (scoobynet 1 and 2).
The situation as of now is that you removed moderator priviledges from my account as a "security precaution", you then, eventually, told me that this was nothing to do with security and gave me a completely different reason which you have now refused to explain or discuss further in our offline conversation.
So for whatever the actual reason, you have removed me as a moderator and refused to explain why, even offline. So much for the "respect" you mentioned.
Moray
bbs.22b.com
#17
what a shame.
You should re-read your email. I will also point out, that at no time have *I* ever made public any of the things we have been discussing privately.
I have never publicly insulted or attacked you. You have mis-represented the private email I sent to you and I am deeply dissapointed. I was happy to continue discussing it with you as long as we weren't just going round in the same circles. I did not refuse to answer any questions about why your moderator privilages were switched off. Yet you have continually refused to be honest and up-front with me about the questions I was asking you.
A public bbs is not the place for discussions of this nature, as it is also not the place for discussions of matters as delicate as potential security breaches (in your specific case) and open and blunt condemnation (unwarranted I might add) of scoobynet when you are part of the team that is supporting it.
I wish you all the very best as always (as stated in my last email to you which has not received a reply, even though it is now clear you have read it) and feel free to reply to my email whenever you are ready to talk.
Enjoy life, it's not a practice.
All the best
Simon
You should re-read your email. I will also point out, that at no time have *I* ever made public any of the things we have been discussing privately.
I have never publicly insulted or attacked you. You have mis-represented the private email I sent to you and I am deeply dissapointed. I was happy to continue discussing it with you as long as we weren't just going round in the same circles. I did not refuse to answer any questions about why your moderator privilages were switched off. Yet you have continually refused to be honest and up-front with me about the questions I was asking you.
A public bbs is not the place for discussions of this nature, as it is also not the place for discussions of matters as delicate as potential security breaches (in your specific case) and open and blunt condemnation (unwarranted I might add) of scoobynet when you are part of the team that is supporting it.
I wish you all the very best as always (as stated in my last email to you which has not received a reply, even though it is now clear you have read it) and feel free to reply to my email whenever you are ready to talk.
Enjoy life, it's not a practice.
All the best
Simon
#19
Simon,
Re: "I have never publicly insulted or attacked you. You have mis-represented the private email I sent to you and I am deeply dissapointed. I was happy to continue discussing it with you as long as we weren't just going round in the same circles. I did not refuse to answer any questions about why your moderator privilages were switched off. Yet you have continually refused to be honest and up-front with me about the questions I was asking you."
You have publically accused me of dishonesty and mis-representation. The only way I can defend myself from your accusations is to publically post the content of the emails you have refered to. Do you have any reasonable objection to me doing this?
Moray
bbs.22b.com
Re: "I have never publicly insulted or attacked you. You have mis-represented the private email I sent to you and I am deeply dissapointed. I was happy to continue discussing it with you as long as we weren't just going round in the same circles. I did not refuse to answer any questions about why your moderator privilages were switched off. Yet you have continually refused to be honest and up-front with me about the questions I was asking you."
You have publically accused me of dishonesty and mis-representation. The only way I can defend myself from your accusations is to publically post the content of the emails you have refered to. Do you have any reasonable objection to me doing this?
Moray
bbs.22b.com
#22
Scooby Regular
Join Date: Aug 2000
Location: Where age and treachery reins over youthful exuberance
Posts: 5,275
Likes: 0
Received 0 Likes
on
0 Posts
Life's just too short for this. Please reconsider, Moray. What possible good can come of this?
Best regards,
Richard.
Best regards,
Richard.
#25
Hoppy,
Re "Life's just too short for this. Please reconsider, Moray. What possible good can come of this?"
How about clearing my name?
Regards,
Moray
bbs.22b.com
Re "Life's just too short for this. Please reconsider, Moray. What possible good can come of this?"
How about clearing my name?
Regards,
Moray
bbs.22b.com
#26
Scooby Regular
Join Date: Aug 2000
Location: Where age and treachery reins over youthful exuberance
Posts: 5,275
Likes: 0
Received 0 Likes
on
0 Posts
Your name's fine by me, mate, as a valued and positive contributor to ScoobyNet of long standing. Mistakes and misunderstandings happen. Whatever, a public forum is not the place to debate them. Resolve private matters privately.
Best wishes,
Richard.
Best wishes,
Richard.
#28
You should also remember that the copyright of an e-mail belongs to its sender (whereas the copyright of a letter belongs to its recipient). Therefore, you would not be within your rights to publicly post a private e-mail.
#30
It would seem that the misunderstanding/issue is between Simon and Moray - not sure further debate here is going to help....
On the orignal subject (Adam M's pahantom Posts) - I would certanly appreciate a log-out button which cleans up the cookies etc.
Deano
On the orignal subject (Adam M's pahantom Posts) - I would certanly appreciate a log-out button which cleans up the cookies etc.
Deano