Coughdropaddict Posted December 7, 2015 Share Posted December 7, 2015 In response to post #31602535. IamEmerald wrote: I have recently had odd things happen with the Nexus site, but I don't know if they are in any way related to the potential breach. When I open links to random mods and categories, it will redirect me to an ad site, (This last happened a few days ago and I honestly cannot remember what the site was). It was similar to Adfly, there was a bar at the top, something along the lines of "Wait X more seconds before you will be redirected" Each time, I closed the tab before it loaded fully, to avoid popups that won't allow you to close the window itself.It was weird, and not something that has ever happened to me (Before a few days ago) when on the Nexus.I've had MalwareBytes block potentially malicious stuff several times while on the site too, but that stopped a while ago.If that helps, great! If not, oh well.Either way, thanks for the heads up!Good luck getting to the bottom of the issueI've had the same thing, but I had just assumed it was a normal ad. Link to comment Share on other sites More sharing options...
CrystalFragments Posted December 7, 2015 Share Posted December 7, 2015 In response to post #31602535. #31603450 is also a reply to the same post.IamEmerald wrote: I have recently had odd things happen with the Nexus site, but I don't know if they are in any way related to the potential breach. When I open links to random mods and categories, it will redirect me to an ad site, (This last happened a few days ago and I honestly cannot remember what the site was). It was similar to Adfly, there was a bar at the top, something along the lines of "Wait X more seconds before you will be redirected" Each time, I closed the tab before it loaded fully, to avoid popups that won't allow you to close the window itself.It was weird, and not something that has ever happened to me (Before a few days ago) when on the Nexus.I've had MalwareBytes block potentially malicious stuff several times while on the site too, but that stopped a while ago.If that helps, great! If not, oh well.Either way, thanks for the heads up!Good luck getting to the bottom of the issueCoughdropaddict wrote: I've had the same thing, but I had just assumed it was a normal ad.I have had my av going insane over the adds on this site a few weeks ago I had to engage my add blocker for the site. One of the adds kept telling me that I had a potential breach and that I should call a number. I wonder if that is related to this event. I wish I had reported it now. Link to comment Share on other sites More sharing options...
DuskDweller Posted December 7, 2015 Share Posted December 7, 2015 (edited) In response to post #31573580. #31574375, #31575725, #31576020, #31583240, #31585810 are all replies on the same post.Iamimpossibru wrote: And this is the precise reason why you should ALWAYS learn to manually alter files. Preaching NMM for convenience is bad practice. That is what leads to end user breaches, and complete disregard for web safety. I've encountered far too many mod authors and users alike pushing the miracles of NMM. No, just no. Learn to computer, or get off of one. EmeraldShadow wrote: Not exactly. Manually installing mods is a massive pain and becomes impossible when you get large mod lists. The answer is mod organizer, it has a "manual" install option which shows what files are being installed, and thankfully all files are kept separate from not only the skyrim folder but also each other, so you can drag and drop different installation-orders separately. I always check what's going into my game when using MO, so I would have caught this.morachi wrote: I'm sorry but no. I do this for a living and what you're saying is a fallacy.NMM is just a utility that automates a cumbersome and often complex set of moves and edits any which a mistake can cause the mod if not the program not to work.Following your logic we'd no longer use Group Policy to set user environments, we wouldn't use patch management to manage security updates or hell we wouldn't use anti-virus we would instead sift through the files one by one looking for vulnerabilities.I got news for you. Knowing how to mod isn't even remotely "learn to computer" and your thinking it is reminds me of folks who think knowing how to Facebook is somehow equivalent of being an IT professional...soulgamers wrote: I always Manually install my mods. cos I like to know where their going. I do make a backup of those places first tho. Yippy! . I'm a IT professional. would you credit that. CnKx wrote: You're acting like installing mods manually takes a lot of skill or something?NMM is just convenient to have and can save you a lot of time/trouble.So I don't understand why you're making it seem like you're amazing for installing mods manually with the "learn to computer" LOL.bowlesjd wrote: I'm curious what you think manually installed a compromised mod could possibly get you.Or is this a dunning-kruger thing, where you've convinced yourself you have come up with some magical method to protect yourself, because you don't know enough to know what the actual danger is.Well in this case, it's completely the other way around!If you manually install the mod you would think of putting the dsound.dll in the game's folder, where it *could* be executed by the game's exe thinking it's a legit directx dll.Since NMM won't install files in the game's root folder, that dll would end up harmless in the Data folder where nothing *should* try to access it. Edited December 7, 2015 by DuskDweller Link to comment Share on other sites More sharing options...
MeiWong1 Posted December 7, 2015 Share Posted December 7, 2015 im pretty spooked so i added some complex stuff onto my password and well my steam and nexus are so diffrent that they wont even guess that its me so yes guess my stuff the anonymouse hacker group known as 4chan P.S : plz dont you will see my search history and you might puke at the things i installed so for your own safety dont hack me 4chan <3 Link to comment Share on other sites More sharing options...
Oyxl Posted December 7, 2015 Share Posted December 7, 2015 In response to post #31602535. #31603450 is also a reply to the same post. IamEmerald wrote: I have recently had odd things happen with the Nexus site, but I don't know if they are in any way related to the potential breach.When I open links to random mods and categories, it will redirect me to an ad site, (This last happened a few days ago and I honestly cannot remember what the site was). It was similar to Adfly, there was a bar at the top, something along the lines of "Wait X more seconds before you will be redirected" Each time, I closed the tab before it loaded fully, to avoid popups that won't allow you to close the window itself.It was weird, and not something that has ever happened to me (Before a few days ago) when on the Nexus.I've had MalwareBytes block potentially malicious stuff several times while on the site too, but that stopped a while ago.If that helps, great! If not, oh well.Either way, thanks for the heads up!Good luck getting to the bottom of the issueCoughdropaddict wrote: I've had the same thing, but I had just assumed it was a normal ad.I have had my av going insane over the adds on this site a few weeks ago I had to engage my add blocker for the site. One of the adds kept telling me that I had a potential breach and that I should call a number. I wonder if that is related to this event. I wish I had reported it now. And this is why you use an adblocker, always. Yes it's going to hurt the revenue of ad-blocked websites, but ads are the easiest way to get yourself infected with malware, period. Ads don't even require permissions. Regardless of the fact that I would want to support a website, simply by generating 'hits/views', I definitely do not want to see ads, since they can and will eventually contain malware. Even working with 'trusted ad-sources', is not a way to circumvent this, because you only need a single bad advertisement and they can get to all your stuff. Link to comment Share on other sites More sharing options...
Deleted7440969User Posted December 7, 2015 Share Posted December 7, 2015 (edited) Dear Dark0ne, let me tell you that its possible to login into the nexus with two different passwords for the same account! i was following your heads up and have changed my PW yesterday to a new one, i've counter proofen it today with an other pc with a browser with the old password active for login, and i'm in, not to the forums but at the nexus-website. This is no critic, only a hint that there is something what should not be possible, especially if we all are following your advice to change our passwords. I've send a support request, but got no answer yet, i know you have alot of things todo, aquire some more people to get the things done, but please i beg you, act faster! Best wishes and good luckCeares. Edited December 7, 2015 by Guest Link to comment Share on other sites More sharing options...
phalen Posted December 7, 2015 Share Posted December 7, 2015 hi, you should check your certificates for the change/reset passwords pages. my chrome (mobile) blocked it saying that the pages are pretending to be nexus pages and are unsafe. i have no anti-virus software on my phone, in case you are wondering. Link to comment Share on other sites More sharing options...
Oyxl Posted December 7, 2015 Share Posted December 7, 2015 Dear Dark0ne, let me tell you that its possible to login into the nexus with two different passwords for the same account! i was following your heads up and have changed my PW yesterday to a new one, i've counter proofen it today with an other pc with a browser with the old password active for login, and i'm in, not to the forums but at the nexus-website. This is no critic, only a hint that there is something what should not be possible, especially if we all are following your advice to change our passwords. I've send a support request, but got no answer yet, i know you have a lot of things todo, aquire some more people to get the things done, but please i beg you, act faster! Best wishes and good luckCeares. Reported your post, to highlight it to the mods. Link to comment Share on other sites More sharing options...
MDeckman Posted December 7, 2015 Share Posted December 7, 2015 "I'm sorry for (potentially, at this point) breaking your trust in us. We'll continue working away at this to get a conclusive answer and, when we do, you'll be the first to know."" It's the fact that the nexus is so open about security and other issues is a reason why my trust in you is still high. Other corporations try to hide things like this and that burns bridges. Good luck with everything. Link to comment Share on other sites More sharing options...
MJR Posted December 7, 2015 Share Posted December 7, 2015 In response to post #31586835. #31595470, #31596950, #31597315, #31599105 are all replies on the same post.Krazeecain wrote: "If you've ever wondered why some sites ask you to have at least 1 number and one "special" character, this is why. It makes passwords a lot harder to crack (and yes, we'll implement these forced requirements soon, too). "NONONONO! Don't do this. This is a horrible practice and it needs to be eradicated. Using longer passwords made of random unrelated words is much more secure, and much easier for people to remember.https://xkcd.com/936/(Did I just cite a webcomic as a source? Yes. Yes I did.)umiluv wrote: I believe it's good to have a mix of both. I like to make small phrases using L33T to get the numbers in and add special characters as required. Then you have a phrase that's easy to remember AND you have the number and special character requirement as well.FredNotBob wrote: And any properly-programmed dictionary-based cracking system will chew through those 'random' words in a matter of -hours-.Use longer passwords, by all means, but don't assume that 'purplemonkeydishwasher' is going to be too hard for a computer to break.rhino74 wrote: create a type of mnemonic acronym from sentence.. like ..purple dishwashing monkey saw seven stars, can you believe it ! = PdMS7*cYbi!velinion wrote: It really depends on if you follow an obvious pattern in your number/character addition.There are about 10,000 common English words (Closer to 30,000 total, but most conversations and books stay within the common 10k) so if you use four words, as in the comic, you get 10000^4 possible options. This means, on average, brute force would have to check half those. ~= 5x10^15 If you use an 8 character password that is NOT dictionary based, you have 26 lower case letters, 26 upper case letters, 10 numbers, and about 30 easily typed ASCII punctuation marks ( !@#$%^&*()-_=+[{]};:'",<.>/?\| ) giving us 92^8 possibilities, half of which (on average) an attacker would need to try, giving us ~ 2.6x10^15 (about half as strong as the four words.)However, many people use longer passwords than this. My shortest passwords for unimportant sites are 8 characters, and tossing a couple extra characters in is relatively easy. Let's say we used a 10 character password, and again divide by two for the average guess: ~2,17x10^19, or about 5000x stronger than those four words.Now, I realize that you could, theoretically, add more words, but most sites (sadly) limit maximum password length fairly aggressively, usually somewhere between 10 and 20 characters (this is a terrible practice, but sadly a reality) which makes more than a 4-5 word password very difficult. For most sites, expanding the characters provides better security than using a sentence.This, very much this! If you absolutely must enforce password strength, make a password strength indicator that can also recognize that long passwords without numeric or special characters are strong. Don't simply require numeric and special characters. Eventually it will lead to passwords like p@ssw0rd, which doesn't really help much in the long run. I'm pretty sure even mynameisjohn is a much stronger password than p@ssw0rd, because 1337 speak mutations are quite common but AFAIK generating passwords from dictionaries of different languages is not so much. Link to comment Share on other sites More sharing options...
Recommended Posts