Zaldir Posted December 20, 2015 Share Posted December 20, 2015 In response to post #32176955. EArthurKIII wrote: Thx for the update, will be changing my password ASAP just to be on the safe side. What the heck.. Went and tried to make sure my email is updated and get sent to the nexus forums. Tried to update password and get sent also to nexus forums. Both my username and password is not recognized by nexus forums. @Dark0ne, seems unable to send a PM to you about my account, since it sends me to nexus forums where it does not take my current username and password. Question is Nexus Forums part of Nexus Mods or do need a new account just for the forums? ThxNexus forums is part of NexusMods, and it is on the forums you change your password/e-mail. Link to comment Share on other sites More sharing options...
slhwood Posted December 20, 2015 Share Posted December 20, 2015 thanks for the heads up, no news is bad news in this situ. Link to comment Share on other sites More sharing options...
cylers Posted December 21, 2015 Share Posted December 21, 2015 Thanks for the heads up, looking forward to the coming changes. Link to comment Share on other sites More sharing options...
Hecket Posted December 21, 2015 Share Posted December 21, 2015 Plenty of laws on plenty of different countries, require that you inform all users with a direct e-mail message to them to inform them that their personal data has been breached. This gives them the notice to change their passwords and prevent further harm. Majority of users are stupid users and reuse their passwords elsewhere. Considering it's an old leak; the damage has already been done. Posting a message on a board that only active people see is only going to autofallate you. Try telling it you 3.9 million people and see how they respond. That being said. You have failed to uphold basic security stringent practice and got popped thanks to a sql injection. In cybersec terms that's basic amateur hour. Following a basic course on sql injection could have prevented it. Then again installing IPBoard doesn't take a brain. I want the option to delete my account or you to remove me from the SQL tables. You have disabled the delete option for the user to have this ability from the IPBOARD software your running. Which says enough about your coding skills. Using humble brags that u got 4 million members, guess what, the overwhelming majority aren't active. You are basically running a honeypot and an attractive target for scriptkiddies and are even aiding them by not allowing removal. I can tell you that i have three 0days on IPboard. One through xml injection, one through brute forcing the an sql string to retrieve user data and a reflected cross site scripting method. As such it is a garentee it will happen again, and you won't even notice because your to stupid to look at server logs and put your trust in a s#*! CMS. Peace. Link to comment Share on other sites More sharing options...
nortalud Posted December 21, 2015 Share Posted December 21, 2015 In response to post #32287250. Hecket wrote: Plenty of laws on plenty of different countries, require that you inform all users with a direct e-mail message to them to inform them that their personal data has been breached. This gives them the notice to change their passwords and prevent further harm. Majority of users are stupid users and reuse their passwords elsewhere. Considering it's an old leak; the damage has already been done.Posting a message on a board that only active people see is only going to autofallate you. Try telling it you 3.9 million people and see how they respond.That being said. You have failed to uphold basic security stringent practice and got popped thanks to a sql injection. In cybersec terms that's basic amateur hour. Following a basic course on sql injection could have prevented it. Then again installing IPBoard doesn't take a brain.I want the option to delete my account or you to remove me from the SQL tables. You have disabled the delete option for the user to have this ability from the IPBOARD software your running. Which says enough about your coding skills. Using humble brags that u got 4 million members, guess what, the overwhelming majority aren't active. You are basically running a honeypot and an attractive target for scriptkiddies and are even aiding them by not allowing removal.I can tell you that i have three 0days on IPboard. One through xml injection, one through brute forcing the an sql string to retrieve user data and a reflected cross site scripting method.As such it is a garentee it will happen again, and you won't even notice because your to stupid to look at server logs and put your trust in a s#*! CMS.Peace.+1 internets for outstanding raginess+1 internets for citing "laws on plenty of different countries" in a vaguely threatening manner+1 internets for intentionally(?) misusing the the term "humblebrag"-1 internets for misspelling auto-fellate; if there's one detail you really ought to get right, it's this one Link to comment Share on other sites More sharing options...
nortalud Posted December 21, 2015 Share Posted December 21, 2015 In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675, #31736475, #31737125, #31745975, #31747430, #31762590, #31770575, #31770655, #31770875, #31775185, #31778925, #31779245, #31780640, #31785130, #31785185, #31786765, #31806700, #31808850, #31811630, #31817170, #31846715, #31849190, #31856815, #31866030, #31877395, #31877985, #31881445, #31885980, #31893710, #31897225, #31899965, #31901575, #31906245, #31910235, #31914830, #31930150, #31951615, #31978895, #31980730, #31990045, #31998065, #32076080, #32098525, #32104420, #32105645, #32132805 are all replies on the same post.rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve. Thank you for being the best you can be.Richard.JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.Lokie7 wrote: I second this, entirely. Well said.Netsplite wrote: ^ +1ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers. Inboundwhisper wrote: +1Inboundwhisper wrote: +1Aricole wrote: +1lordmanticore wrote: +1btgbullseye wrote: +1xenonblade wrote: +1AlexZander40 wrote: Well said. May the modding goodness continue.DFX2K9 wrote: Agreed. no matter who you are, and how much money you've got, you're going to get a breach at some point. At least you salted the passwords, and use a hashing algorithm..More then I can say for my local Library's system. A breach in THAT database would be catastrophic (note, it sends you your old password via email, that should give you an idea of how terrible it is)Legion563 wrote: +1.ExtremeMod911 wrote: Absolutely :) Domifax wrote: +1Bernt wrote: Totally agree :) Dragodian777 wrote: "Ditto"...well said.Saltamontes1980 wrote: +1I concur, thank you Dark0ne.dagstar132 wrote: good point well made. transparency in operation and intention is paramount.Thanks for sharing.DagJD777 wrote: +(1 X infinity) :)JD777 wrote: Sorry double post but no delete button. :(MTZGG wrote: Ad Victoriam.Mycu wrote: 100% agreed.Mindprobe24 wrote: +1, nice words dude ;)Jn_Panower wrote: +1 ! Stargazer2893 wrote: +1Erez747 wrote: +1 Couldn't have said it better myself. :)Slimysumocow wrote: Definitely +1 for the wonderful Dark0ne and the rest of the Nexus team! Thank you guys!EWM333 wrote: well said Richard, this is a great community. Thanks Robin for giving modders and gamers a way to play games on a higher levelMooseUpNorth wrote: Very well said. +1Bram1970 wrote: +1grimgagorim wrote: +1 well said, well saidTerafir wrote: I only signed up for this site about 3 weeks ago. So it made me a bit wary on what was going on. But, as everything was extremely clearly said and given, I have no concerns whatsoever about the security of the site.It's not often that things are spoken so clearly and honestly from any company.+1Arksum007 wrote: While I have not been a member before this year I have found that this site is great the constant updates are amazing and like everyone else is saying that being treated like a real person is a great benefit for me and makes me want to continue using this site for finding all my mods. thanks for the update and keep up the good work!padawanjedi wrote: +1shinru2004 wrote: +1 ^kev999 wrote: I second rickman. Well done, Team Nexus.zidders wrote: Well said. LogikBomb wrote: Hear, hearijc1927 wrote: Excellently put. +1conjior wrote: +1 as well! Treat people like people.Thanks again to the Nexus community and the Nexus team!I love this place! :)rimshot47 wrote: nice recap of a potentially ugly situation.. Not sure what provokes hackers to do this...Blake81 wrote: The Lulz.The ones doing this kind of stuff are usually Script Kiddies looking for a scrap of fame, or just for the wicked accomplishment of looking at these news and cackling while they wish they had a dastardly whiplash they could twirl.qqq122 wrote: +1thank you robin for all the informationMileniumman wrote: The same for me, my feelings exactly.Mileniummanseba1337 wrote: Damn right! +10Toft wrote: +1 and very well saidSimon (Toft)BlueGunk wrote: Well said.LaMuerte wrote: +1stalphyr wrote: +10,000,000 I agree SUMS it to the Max how I feel. If i where a Suspicious person I would think Rickman had Invaded my mind and took the words form my WEWEEEE Little Brain. But since he did post it 1st I will .......HEY Wait a Minute If he HAD Access to my WEWEEEE Brain he could have stopped me from Posting those EXACT Words .... Requires thinking ......Willl get back to you Later I think........Anywasy Great Job ALlWightMage wrote: Keep this post bumped to the top, mates! Says everything that needs to be said, and more!THANKS ROBIN! :Dbdasd5 wrote: Exactly! Keep up the good work.+1I'm not what I'd call an active "member" of the Nexus communicate, but I am a very active user of the Nexus sites, and therefore greatly appreciate transparency like this. Link to comment Share on other sites More sharing options...
margaretcurtains Posted December 22, 2015 Share Posted December 22, 2015 Many thanks for your hard word. This is a great idea. keeping up. and look forward to see more update. Link to comment Share on other sites More sharing options...
Deleted23213994User Posted December 22, 2015 Share Posted December 22, 2015 (edited) In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675, #31736475, #31737125, #31745975, #31747430, #31762590, #31770575, #31770655, #31770875, #31775185, #31778925, #31779245, #31780640, #31785130, #31785185, #31786765, #31806700, #31808850, #31811630, #31817170, #31846715, #31849190, #31856815, #31866030, #31877395, #31877985, #31881445, #31885980, #31893710, #31897225, #31899965, #31901575, #31906245, #31910235, #31914830, #31930150, #31951615, #31978895, #31980730, #31990045, #31998065, #32076080, #32098525, #32104420, #32105645, #32132805, #32291890 are all replies on the same post.rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve. Thank you for being the best you can be.Richard.JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.Lokie7 wrote: I second this, entirely. Well said.Netsplite wrote: ^ +1ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers. Inboundwhisper wrote: +1Inboundwhisper wrote: +1Aricole wrote: +1lordmanticore wrote: +1btgbullseye wrote: +1xenonblade wrote: +1AlexZander40 wrote: Well said. May the modding goodness continue.DFX2K9 wrote: Agreed. no matter who you are, and how much money you've got, you're going to get a breach at some point. At least you salted the passwords, and use a hashing algorithm..More then I can say for my local Library's system. A breach in THAT database would be catastrophic (note, it sends you your old password via email, that should give you an idea of how terrible it is)Legion563 wrote: +1.ExtremeMod911 wrote: Absolutely :) Domifax wrote: +1Bernt wrote: Totally agree :) Dragodian777 wrote: "Ditto"...well said.Saltamontes1980 wrote: +1I concur, thank you Dark0ne.dagstar132 wrote: good point well made. transparency in operation and intention is paramount.Thanks for sharing.DagJD777 wrote: +(1 X infinity) :)JD777 wrote: Sorry double post but no delete button. :(MTZGG wrote: Ad Victoriam.Mycu wrote: 100% agreed.Mindprobe24 wrote: +1, nice words dude ;)Jn_Panower wrote: +1 ! Stargazer2893 wrote: +1Erez747 wrote: +1 Couldn't have said it better myself. :)Slimysumocow wrote: Definitely +1 for the wonderful Dark0ne and the rest of the Nexus team! Thank you guys!EWM333 wrote: well said Richard, this is a great community. Thanks Robin for giving modders and gamers a way to play games on a higher levelMooseUpNorth wrote: Very well said. +1Bram1970 wrote: +1grimgagorim wrote: +1 well said, well saidTerafir wrote: I only signed up for this site about 3 weeks ago. So it made me a bit wary on what was going on. But, as everything was extremely clearly said and given, I have no concerns whatsoever about the security of the site.It's not often that things are spoken so clearly and honestly from any company.+1Arksum007 wrote: While I have not been a member before this year I have found that this site is great the constant updates are amazing and like everyone else is saying that being treated like a real person is a great benefit for me and makes me want to continue using this site for finding all my mods. thanks for the update and keep up the good work!padawanjedi wrote: +1shinru2004 wrote: +1 ^kev999 wrote: I second rickman. Well done, Team Nexus.zidders wrote: Well said. LogikBomb wrote: Hear, hearijc1927 wrote: Excellently put. +1conjior wrote: +1 as well! Treat people like people.Thanks again to the Nexus community and the Nexus team!I love this place! :)rimshot47 wrote: nice recap of a potentially ugly situation.. Not sure what provokes hackers to do this...Blake81 wrote: The Lulz.The ones doing this kind of stuff are usually Script Kiddies looking for a scrap of fame, or just for the wicked accomplishment of looking at these news and cackling while they wish they had a dastardly whiplash they could twirl.qqq122 wrote: +1thank you robin for all the informationMileniumman wrote: The same for me, my feelings exactly.Mileniummanseba1337 wrote: Damn right! +10Toft wrote: +1 and very well saidSimon (Toft)BlueGunk wrote: Well said.LaMuerte wrote: +1stalphyr wrote: +10,000,000 I agree SUMS it to the Max how I feel. If i where a Suspicious person I would think Rickman had Invaded my mind and took the words form my WEWEEEE Little Brain. But since he did post it 1st I will .......HEY Wait a Minute If he HAD Access to my WEWEEEE Brain he could have stopped me from Posting those EXACT Words .... Requires thinking ......Willl get back to you Later I think........Anywasy Great Job ALlWightMage wrote: Keep this post bumped to the top, mates! Says everything that needs to be said, and more!THANKS ROBIN! :Dbdasd5 wrote: Exactly! Keep up the good work.nortalud wrote: +1I'm not what I'd call an active "member" of the Nexus communicate, but I am a very active user of the Nexus sites, and therefore greatly appreciate transparency like this.- Edited December 22, 2015 by Guest Link to comment Share on other sites More sharing options...
SubNova91 Posted December 23, 2015 Share Posted December 23, 2015 (edited) Hey Guys, I was wondering if there is an update on the .dll file and if it's a virus or not? Haven't heard anything about it. Edited December 23, 2015 by SubNova91 Link to comment Share on other sites More sharing options...
XanatosVonFiction Posted December 23, 2015 Share Posted December 23, 2015 Hibby Squibby Link to comment Share on other sites More sharing options...
Recommended Posts