Comments on: Sonic Retro Account Security Still at Risk

By: Arrest Made, Criminal Charge Filed in TSSZ Hacking Probe | TSSZ News

Arrest Made, Criminal Charge Filed in TSSZ Hacking Probe | TSSZ News — Fri, 06 May 2011 16:08:58 +0000

[...] data from PoundStuff, with they and Retro allegedly parting ways, that peace was short lived when another warning in November claimed account security remained at risk. Though PoundStuff as a formal organization [...]

By: blueballs

blueballs — Tue, 03 Nov 2009 16:08:14 +0000

Yo Tristan, I’m really happy for you, I’mma let you finish but Sonic Boom is one of the best hacks of all time. One of the best hacks of all time!
…
Yeah, I sent a tip about that and I didn’t get a reply, yet you’d report on fangames and Megamix?

By: Tristan Oliver

Tristan Oliver — Tue, 03 Nov 2009 05:54:50 +0000

SS: Well, that was a one half-sentence edit.

That noted, it doesn’t sound like you guys are lifting the warning, or giving the all clear to user accounts, correct? Just because the web portal is gone doesn’t mean the people who defected there and potentially have the database no longer have bad intentions, and I think every Retro admin could agree with that sentiment. Better safe than sorry, right?

-T

By: Xkeeper

Xkeeper — Tue, 03 Nov 2009 04:35:23 +0000

Haha, ScarredSun. That implies Tristian has a shred of journalistic integrity.

By: Scarred Sun

Scarred Sun — Tue, 03 Nov 2009 04:26:47 +0000

Tristan, did you even bother to read the rest of that topic beyond the first post?

You know, the ones that explained that poundstuff folded?

And as such, there’s nothing to worry about? Or, as Ryuzaki said, they’re running rainbow tables on weak passwords?

For pete’s sake.

By: Tristan Oliver

Tristan Oliver — Tue, 03 Nov 2009 02:44:34 +0000

I’m not going to dispute the age of the story–what perplexed me was why the follow-up warning was issued now more than 3 months after the threat was a bit more imminent.

It does make me wonder if the tactics to crack the passwords are becoming a bit more aggressive than I or Ryuzaki may know.

-T

By: Ryuzaki

Ryuzaki — Tue, 03 Nov 2009 02:34:52 +0000

To clarify because of JOURNALISM, there’s no real risk unless you’re stupid enough to have an obvious password: “sonic” “shadow” admin” “abcde” “12345″ etc. The “hackers” are just using an old hash of the forum and running MD5 hashes for common passwords. Any matches, bam.

Solution: Don’t use stupid passwords. You’re just asking for trouble.

By: Shoryuken

Shoryuken — Tue, 03 Nov 2009 02:34:35 +0000

This is old stuff, sir.

By: Dark Qiviut

Dark Qiviut — Tue, 03 Nov 2009 01:51:40 +0000

I’m not a member of Retro, so my accounts will be safe. But if the server’s not providing enough security, I think the forum needs to move to another one, more that can better protect the passwords to further prevent those vendetta-crazed crooks from hacking the site.