Urgent attention all members!!!!!

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • dbhost
    Slow and steady
    • Apr 2008
    • 9209
    • League City, Texas
    • Ryobi BT3100

    Urgent attention all members!!!!!

    Chances are likely you have heard of the "heartbleed" openssl vulnerability. Our server was running an impacted version, and has since been patch

    We have patched the servers to the latest patch levels, and tested to insure that we are not impacted by this, or other known vulnerabilities, however we have no way of knowing if this vulnerability has been exploited on our data streams.

    As a protective measure, we request that all users immediately reset your passwords. If you used a common password for here, and other sites, make sure that the other sites are either fixed, or otherwise not impacted and change your passwords over at those sites as well...

    Thank you for your cooperation in this as we strive to maintain the site and respond to new security threats as quickly as possible.
    Please like and subscribe to my YouTube channel. Please check out and subscribe to my Workshop Blog.
  • cork58
    Established Member
    • Jan 2006
    • 365
    • Wasilla, AK, USA.
    • BT3000

    #2
    Could you explain how to change your password for those of us that can't find a place to do it and what to do if you don't remember what your current password is?

    Thanks
    Cork,

    Dare to dream and dare to fail.

    Comment

    • Stytooner
      Roll Tide RIP Lee
      • Dec 2002
      • 4301
      • Robertsdale, AL, USA.
      • BT3100

      #3
      You just go to the User CP up top. Then type in current password after clicking on the "Edit your Details" under the top heading of your Profile.

      Then just type in the new password twice and save settings below.
      Lee

      Comment

      • dbhost
        Slow and steady
        • Apr 2008
        • 9209
        • League City, Texas
        • Ryobi BT3100

        #4
        On the top Navigation bar, select User CP, then when you get to the User CP screen, the left row of boxes titled "Your Control Panel" will appear. The third box down should be the Settings & Options box, and the 3rd item should be Edit Email & Password.

        It will ask you for your current password once, and then enter the new password, enter it in the new password verification box and click save changes.
        Please like and subscribe to my YouTube channel. Please check out and subscribe to my Workshop Blog.

        Comment

        • TB Roye
          Veteran Member
          • Jan 2004
          • 2969
          • Sacramento, CA, USA.
          • BT3100

          #5
          Done it. This password thing is a challenge trying to keep in easy to remember is almost impossible. I pay my bills online so I am trying to come up with unique password for the financial stuff. I have something like a rolodex to keep all the passwords in so I can find them when needed. I have a copy that I take with me when traveling. I think the US giving up control of the domain names and the internet will cause some big problem with security. Putin will have a ball and he has Snowden to help him.

          On another note got a call from a unknown number yesterday threatening to file charges of Bank and Check Fraud against me and to notify my employer if I didn't contact them. This was the second time they called. It's very evident they know nothing about me as I retired 11 years ago and have no idea who I worked for, the CHP. I can give them the number of the Commissioner if they want.

          Tom

          Comment

          • Stytooner
            Roll Tide RIP Lee
            • Dec 2002
            • 4301
            • Robertsdale, AL, USA.
            • BT3100

            #6
            Scams and idiots are as rampant as always. I work under the assumption that everything is a scam and work my way back from there.
            Lee

            Comment

            • cork58
              Established Member
              • Jan 2006
              • 365
              • Wasilla, AK, USA.
              • BT3000

              #7
              Thanks for the help, done. Now to get the other sites done.
              Cork,

              Dare to dream and dare to fail.

              Comment

              • woodturner
                Veteran Member
                • Jun 2008
                • 2047
                • Western Pennsylvania
                • General, Sears 21829, BT3100

                #8
                Originally posted by TB Roye
                This password thing is a challenge trying to keep in easy to remember is almost impossible.
                A few ideas - used to work for places were combinations and passwords were critical and had to remember hundreds of them.

                1. Pick a phrase you can remember, typically something meaningful to you. Maybe a favorite line from a children's story, favorite bible verse, etc.
                2. Extract the same letter from each word in the phrase. For example, if "Mary had a lamb" was your phrase and you used the last letter, you would have ydab. Now change some letters to capitals in a sequence you can remember. For example, if we capitalize every other character, we get yDaB. This is our base phrase.
                3. Append a unique name associated with each site, such as the last letter before the .com, and separate it with an allowable punctuation character. For example, for bt3central.com, we could choose "l" and the ^, making the password l^yDaB. If we had used a longer phrase, this password would be very secure, but also easy to remember. We would use the same base phrase for all sites, the same algorithm to determine the prefix, and the same punctuation character - so all we have to remember is the same algorithm for every site and our same base phrase.

                The description sounds complicated, but it is really quite easy to remember and use. It's likely more secure than any written down password - papers can be lost or stolen, etc. If you want a paper reminder, though, you can still write down a hint or the first part of the password - since you know the phrase, you don't have to write down the whole password.
                --------------------------------------------------
                Electrical Engineer by day, Woodworker by night

                Comment

                • Stytooner
                  Roll Tide RIP Lee
                  • Dec 2002
                  • 4301
                  • Robertsdale, AL, USA.
                  • BT3100

                  #9
                  I use Norton 360 for my antivirus. I have had no trouble since I have been using it. It comes with a passwords vault. It captures the passwords when you make one or change it.
                  This allows you to use anything without having to remember anything. I know that is a lot of trust to put in software, but I have been using Norton for a long time and put my faith in it. Not been let down yet.
                  Lee

                  Comment

                  • radhak
                    Veteran Member
                    • Apr 2006
                    • 3058
                    • Miramar, FL
                    • Right Tilt 3HP Unisaw

                    #10
                    Originally posted by woodturner
                    A few ideas - used to work for places were combinations and passwords were critical and had to remember hundreds of them.

                    1. Pick a phrase you can remember, typically something meaningful to you. Maybe a favorite line from a children's story, favorite bible verse, etc.
                    2. Extract the same letter from each word in the phrase. For example, if "Mary had a lamb" was your phrase and you used the last letter, you would have ydab. Now change some letters to capitals in a sequence you can remember. For example, if we capitalize every other character, we get yDaB. This is our base phrase.
                    3. Append a unique name associated with each site, such as the last letter before the .com, and separate it with an allowable punctuation character. For example, for bt3central.com, we could choose "l" and the ^, making the password l^yDaB. If we had used a longer phrase, this password would be very secure, but also easy to remember. We would use the same base phrase for all sites, the same algorithm to determine the prefix, and the same punctuation character - so all we have to remember is the same algorithm for every site and our same base phrase.

                    The description sounds complicated, but it is really quite easy to remember and use. It's likely more secure than any written down password - papers can be lost or stolen, etc. If you want a paper reminder, though, you can still write down a hint or the first part of the password - since you know the phrase, you don't have to write down the whole password.
                    Excellent idea! I'm already using the same type of logic, but I use three letters from each website url, and I am using a part of my very long name as the base phrase. This has made my life so much easier, and my passwords safer. Best of all, I have shared this logic with my wife so we don't lock each other out in case of emergencies.

                    Now I like your idea of using specific letters from a longer sentence as the 'base phrase' even better. Thanks for sharing.
                    It is the mark of an educated mind to be able to entertain a thought without accepting it.
                    - Aristotle

                    Comment

                    • woodturner
                      Veteran Member
                      • Jun 2008
                      • 2047
                      • Western Pennsylvania
                      • General, Sears 21829, BT3100

                      #11
                      Originally posted by Stytooner
                      I use Norton 360 for my antivirus. I have had no trouble since I have been using it. It comes with a passwords vault. It captures the passwords when you make one or change it.
                      What security is used for the password vault? I wonder if it might have been affected by the Heartbleed vulnerability? Although Heartbleed is specific to SSL, the method of encryption is used in other applications. I'm not saying there are other vulnerabilities, just that it's possible, and I have not dug into the issue to determine whether other encryption standards are affected. In other words, I'm just asking the question or raising the issue, and don't know at this point if it is an issue or not.
                      --------------------------------------------------
                      Electrical Engineer by day, Woodworker by night

                      Comment

                      • cwsmith
                        Veteran Member
                        • Dec 2005
                        • 2737
                        • NY Southern Tier, USA.
                        • BT3100-1

                        #12
                        The bottom line is to never use the same password for more than one access point. About two years ago, I had the embarrassing situation where an organizational site that I belonged to was hacked, they got nothing more than e-mail addresses and the passwords used on the organizational site. But what happened was that the culprits simply went to my e-mail address and tried the same password there... and in my case that worked, as I had used the same password for about a half dozen sites.

                        While none of the other sites was hit (because that would have been difficult to address), it was enough that they got into my AOL account. They managed to then capture all the addressed in my top level address book and next thing I know all of those people were getting robo mailings from my address.

                        My son called me immediately that morning with a rather humorous, "Hey Dad, so you think I need to go buy some male enhancement pills?" Then explained what he had just received on his e-mail from my address!

                        I changed my password immediately, and then checked my outgoing mail log to find that more than thirty people had been sent varied mailings within the last half hour, all from my address. I immediatly sent explanations and apologies to all those people, but it was embarrassing. Fortunately almost everyone (including my attorney) thought this event rather funny... but I didn't.

                        Since then, I make it a point to use a different password for every site that I need to log in to. While I can remember most of them, there are those that I don't visit that often.

                        I now keep a log book, which on the surface seems rather stupid since all one has to do is steal my book and they have access to everything! On the other had, they'd have to break into the house, get past the alarm system, and then have time to rummage through the shop to find the log book. There's certainly a lot more "security" to that than other means I think.

                        I particularly don't trust programs that keep such login information for me. The way I look at it is, that if enough people are doing that, then all it would take would be for any culprit to get the same program and, at their leasure figure out the encryption and file location, in which case they would always know exactly where to look.

                        An advantage to a logbook, at least for me, is that I'm not as young as I used to be. There will be a time when I may well wake up and not remember a **** thing, or that I may not wake up at all. So my son or wife will at least know where to look to get my logbook and have all the necessary accesses.

                        CWS
                        Think it Through Before You Do!

                        Comment

                        • leehljp
                          Just me
                          • Dec 2002
                          • 8429
                          • Tunica, MS
                          • BT3000/3100

                          #13
                          It sure helps if you speak (and read/write) a foreign language, especially a character based language, and know the roman equivalent, that makes for a good password. Most of my PWs are based on character based sounds.

                          The name of a family that I knew well would make a great password, but it it too long for me to use: Ushirokajitani! Next make the "i" (s) into 1's. Capitalize the three major words that make it up and you have a good one.

                          I greatly dislike making "o" into "0" and vice versa. Other letter-number substitute are OK for me.
                          Hank Lee

                          Experience is what you get when you don't get what you wanted!

                          Comment

                          • Egar
                            Forum Newbie
                            • Mar 2014
                            • 7
                            • Minnesota
                            • Ryobi BT3000

                            #14
                            Another great option for password management is LastPass (https://lastpass.com). It is a free tool available as a download for most browsers. LastPass will sync your password vault between any browser or computer you set it up on. You can create your own passwords or have LastPass generate them for you. The tool then will offer to auto-fill your passwords for you when you visit a website.

                            There is a cloud component to this service, but LastPass does not store you passwords in the cloud. Your passwords are encrypted locally on you computer and the encrypted information is then shared between browsers/computers.

                            It definitely has simplified keeping track of my passwords and has allowed me to use more complex passwords for each site. I have about 120 sites in LastPass, each with a unique password. I would have never been able to do that without some type of tool to help.

                            Comment

                            • Stytooner
                              Roll Tide RIP Lee
                              • Dec 2002
                              • 4301
                              • Robertsdale, AL, USA.
                              • BT3100

                              #15
                              Originally posted by woodturner
                              What security is used for the password vault? I wonder if it might have been affected by the Heartbleed vulnerability? Although Heartbleed is specific to SSL, the method of encryption is used in other applications. I'm not saying there are other vulnerabilities, just that it's possible, and I have not dug into the issue to determine whether other encryption standards are affected. In other words, I'm just asking the question or raising the issue, and don't know at this point if it is an issue or not.
                              I have no clue what type of thing they use in prevention of such things, however that is what they do and if you have a nice fast computer, you will not see any slow down when using the current protections they offer. That was not the case just a few years back. It was a hog on system resources. I consider 360 a must for any of my computers that access the internet.
                              Lee

                              Comment

                              Working...