But it all begs the question – who’d actually want to hijack someone’s account?The flaw in this thinking is that Zach is looking for motive – what is there of value to an attacker on MMOC?The message seems to be that MMOC’s implementation should not be trusted to keep a secret and that it really wouldn’t be a big deal if they couldn’t, it would just result in “some funny posts”. What makes this whole situation all the more bizarre is that this isn’t v Bulletin’s site per se, it’s “chaud’s”: I don’t know what’s weirder – that chaud blames v Bulletin for the forum not using SSL or that v Bulletin tech support is making assertions about the privacy requirements of one particular implementation of their software!I got so confused about the whole thing that I asked for clarification: And that’s when everything went really, really quiet.Password Reset Status Some My SQL queries you can run to determine the current state of password resets on your member base’s v B user table. If you have table prefix set in v B also need to change FROM usergroup to FROM This reveals usergroupids 5 and 6 2.Replace mysqlusername with your database’s My SQL username and when prompted enter your My SQL username’s password and replace DBNAME with your v B database name. Next if you have determined the date your forum was initially hacked, you can look up how many of your users have already reset their passwords and how many have not.
Then there are also the discussions such as how to tell your mum that you’re a teenager dating a 30 year old.
We also know from many previous incidents that a lack of SSL can make it easy to gain access to someone else’s credentials during login or their authentication token during, well, basically any authenticated activity on the website.
It’s not just the NSA or the ISPs or the public wifi at the coffee shops, it’s things like the Wifi Pineapple as well.
The value, of course, is simply that it’s there and we should never underestimate the value of opportunisim.
But it’s more than just that and clearly when people use an online service, they have an expectation of privacy.