rooshvforum.network is a fully functional forum: you can search, register, post new threads etc...
Old accounts are inaccessible: register a new one, or recover it when possible. x


Preventive Security Measures: Update your email and delete sensitive PMs
#26

Preventive Security Measures: Update your email and delete sensitive PMs

I'm gonna archive and flush some private messages.
Reply
#27

Preventive Security Measures: Update your email and delete sensitive PMs

Unfortunately you won't be able to get everything on here 100% clean, but on the bright side, the database is over 1 GB in size. If it does get hacked, which is unlikely, I highly doubt there will be the dozens of people working full time to pick apart 19,000 members. Due to the size of the membership, I don't have the resources/time to examine everyone's account with a microscope. There will be inherent risk in being a part of a counterculture movement, but steps have been made to make the risk to you less likely than getting hit by a car.

Quote: (09-03-2015 01:31 PM)HeyPete Wrote:  

Damn, I forgot my password. Is there a way to retrieve it? Every thing I try requires my (forgotten) password.

You can PM me with the password you want.

Quote: (09-03-2015 01:39 PM)NilNisiOptimum Wrote:  

So if I put in the request to change my email already, what would the next step be to change the email?

Repeat the procedure when I give the green light.

Quote: (09-03-2015 01:55 PM)Akula Wrote:  

I did a Google search for my email (which doesn't have my name) I'm using and nothing came up. Assume it's ok to keep it?

Yeah you're okay.
Reply
#28

Preventive Security Measures: Update your email and delete sensitive PMs

Quote: (09-03-2015 06:26 PM)The Beast1 Wrote:  

How safe is the credit card processor used for the boosters club?

Paypal is one of the most secure websites on the internet.
Reply
#29

Preventive Security Measures: Update your email and delete sensitive PMs

Roosh, I'd recommend getting a good database admin to consult on how to best maintain privacy for members and clean out data that doesn't need to be kept if this hasn't been done already. E.g. pruning private messages older than X amount of time, cleaning IP addresses of users active more than X years, etc. Just throwing some ideas at the wall.
Reply
#30

Preventive Security Measures: Update your email and delete sensitive PMs

Wow Roosh congratulations. You have pissed off this SJW to the point that they are coming at you with all they got. It's like reaching the final boss in game and it comes back even worst ready to attack.

Guys let's fight this people side by side with the philosopher of our time!
Reply
#31

Preventive Security Measures: Update your email and delete sensitive PMs

Phantom this isn't even their final form.

For us, it is a vaccine.

If you're going to try, go all the way. There is no other feeling like that. You will be alone with the gods, and the nights will flame with fire. You will ride life straight to perfect laughter. It's the only good fight there is.

Disable "Click here to Continue"

My Testosterone Adventure: Part I | Part II | Part III | Part IV | Part V

Quote:Quote:
if it happened to you it’s your fault, I got no sympathy and I don’t believe your version of events.
Reply
#32

Preventive Security Measures: Update your email and delete sensitive PMs

Quote: (09-03-2015 07:15 PM)Phatom Wrote:  

Wow Roosh congratulations. You have pissed off this SJW to the point that they are coming at you with all they got. It's like reaching the final boss in game and it comes back even worst ready to attack.

Guys let's fight this people side by side with the philosopher of our time!

First they laugh at you, then they attack you, then you win.

You have a solid set of values Roosh. Keep up the good work. They won't be able to win.
Reply
#33

Preventive Security Measures: Update your email and delete sensitive PMs

A few thoughts -

I don't know who handles the data storage for this board, whether it is the board provider or if they outsource, but you might want to ask them about their policies for data encryption, both at rest and in transit.

Providers nowadays should be storing the data on encrypted servers. This shouldn't cause any heartburn for legitimate member access, but as the world witnessed with the AM dump, it can get ugly the minute there is a breach. If the disk or at least sections containing sensitive data were encrypted, the damage done would be minimized. AM was at least smart enough to use encryption on their credit card numbers. Unfortunately that wasn't the biggest business risk facing their firm and they ignored the rest of the data, leaving it in plain text.

As far as individual accounts, I assume the password capabilities of the provider are robust, and members are not allowed to set ridiculously easy to crack passwords or ones that are too short, etc. This is just asking for trouble, guys.

Finally, for DDoS prevention, that kind of thing can get expensive, but some of the best out there nowadays comes from Verisign. I assume they are reviewing their options in light of recent events.

Good luck.
Reply
#34

Preventive Security Measures: Update your email and delete sensitive PMs

I don't understand why you still keep all forums readable to non-members. In my opinion at least Game + Newbie forum would deserve to be private for logged in visitors only. There are probably more visitors of that category at the moment which are here with malicious intents, than legit users.
Reply
#35

Preventive Security Measures: Update your email and delete sensitive PMs

The only problem with member restricted areas is that anyone could just create an account and then go in to those areas, defeating the purpose.
Reply
#36

Preventive Security Measures: Update your email and delete sensitive PMs

Server email is now working. If you recently put in an email change for your account, you will have to repeat the step if you don't receive an email in the next hour.
Reply
#37

Preventive Security Measures: Update your email and delete sensitive PMs

Quote: (09-04-2015 07:54 AM)britchard Wrote:  

The only problem with member restricted areas is that anyone could just create an account and then go in to those areas, defeating the purpose.

Only the most persistent would do that. Why do you think webmasters spend so much time on conversions.

And even if everyone registers, visitor suddenly becomes identifiable and you can manipulate with it (eg. ban). And you will say that they can ban evade. They can, but again only the most persistent would do that. And from those would who would do that, majority of them would expose themselves sooner or later (I'm saying this from first hand experience; they would either use similar usernames, emails, you catch them by their writting style, etc).

When I registered, registrations were only opened on the 1st of the month (don't know if that's still the case). How many people do you think would actually remember for 30 days (or less) that they need to register to this forum in a matter of 24 hours just to read some stuff they hate?


Quote: (09-03-2015 10:03 PM)SlickyBoy Wrote:  

A few thoughts -

I don't know who handles the data storage for this board, whether it is the board provider or if they outsource, but you might want to ask them about their policies for data encryption, both at rest and in transit.

Providers nowadays should be storing the data on encrypted servers. This shouldn't cause any heartburn for legitimate member access, but as the world witnessed with the AM dump, it can get ugly the minute there is a breach. If the disk or at least sections containing sensitive data were encrypted, the damage done would be minimized. AM was at least smart enough to use encryption on their credit card numbers. Unfortunately that wasn't the biggest business risk facing their firm and they ignored the rest of the data, leaving it in plain text.

As far as individual accounts, I assume the password capabilities of the provider are robust, and members are not allowed to set ridiculously easy to crack passwords or ones that are too short, etc. This is just asking for trouble, guys.

Finally, for DDoS prevention, that kind of thing can get expensive, but some of the best out there nowadays comes from Verisign. I assume they are reviewing their options in light of recent events.

Good luck.
Encryption of the data on the disc doesn't not really matter because nobody will actually go to the datacenter and psychically steal the hard drive. They will either use exploit in forum software, get file access to the server (and get database details) or simply find out password of an member that has administrator privilegies.
Reply
#38

Preventive Security Measures: Update your email and delete sensitive PMs

Quote: (09-04-2015 08:41 AM)Dkby Wrote:  

Quote: (09-04-2015 07:54 AM)britchard Wrote:  

The only problem with member restricted areas is that anyone could just create an account and then go in to those areas, defeating the purpose.

Only the most persistent would do that. Why do you think webmasters spend so much time on conversions.

And even if everyone registers, visitor suddenly becomes identifiable and you can manipulate with it (eg. ban). And you will say that they can ban evade. They can, but again only the most persistent would do that. And from those would who would do that, majority of them would expose themselves sooner or later (I'm saying this from first hand experience; they would either use similar usernames, emails, you catch them by their writting style, etc).

When I registered, registrations were only opened on the 1st of the month (don't know if that's still the case). How many people do you think would actually remember for 30 days (or less) that they need to register to this forum in a matter of 24 hours just to read some stuff they hate?


Quote: (09-03-2015 10:03 PM)SlickyBoy Wrote:  

A few thoughts -

I don't know who handles the data storage for this board, whether it is the board provider or if they outsource, but you might want to ask them about their policies for data encryption, both at rest and in transit.

Providers nowadays should be storing the data on encrypted servers. This shouldn't cause any heartburn for legitimate member access, but as the world witnessed with the AM dump, it can get ugly the minute there is a breach. If the disk or at least sections containing sensitive data were encrypted, the damage done would be minimized. AM was at least smart enough to use encryption on their credit card numbers. Unfortunately that wasn't the biggest business risk facing their firm and they ignored the rest of the data, leaving it in plain text.

As far as individual accounts, I assume the password capabilities of the provider are robust, and members are not allowed to set ridiculously easy to crack passwords or ones that are too short, etc. This is just asking for trouble, guys.

Finally, for DDoS prevention, that kind of thing can get expensive, but some of the best out there nowadays comes from Verisign. I assume they are reviewing their options in light of recent events.

Good luck.
Encryption of the data on the disc doesn't not really matter because nobody will actually go to the datacenter and psychically steal the hard drive. They will either use exploit in forum software, get file access to the server (and get database details) or simply find out password of an member that has administrator privilegies.


Quote: (09-04-2015 08:11 AM)Roosh Wrote:  

Server email is now working. If you recently put in an email change for your account, you will have to repeat the step if you don't receive an email in the next hour.
Thanks for the notice. Changing my email [Image: smile.gif]
Reply
#39

Preventive Security Measures: Update your email and delete sensitive PMs

I know Roosh mentioned you shouldn't have issues with your phone number being out there but that's not quite true anymore either.

Yes guys, you should be wary. Continue reading.

It's extremely important to restrict and limit your account and privacy settings on any of your Google+ accounts (or hotmail/other) which often connect to all your gmail contacts if you have linked any gmail accounts to googleplus. Contacts can show up for anyone you have ever emailed, called, texted, IM'd, or had your number in their phone. Take a look: https://www.google.com/contacts

As has been mentioned on a few other threads, people are finding their one night stands, exes, friends, co-workers, guys they've communicated with or met from the forum, on facebook, linkedin, etc. Because the moment you correspond with someone via text or an email linked to these platforms they can see your information with the right technical knowledge or even by accident. This means it's absolutely critical to remove this information from all of these other sites. Gmail, linkedin, and facebook for example now are sending emails and notifications to people as "recommended friends" or "contacts." Even if you were the only one with their information in your phone/email, now they are "reverse matching" people. Scary stuff indeed.

Anyone with your phone number can search you on google contacts and find out your full name, school you went to, workplace, and anything else you might have listed on any google+ account linked to your phone number.

The easy way fix this this is to delete/disable your google+ account. I've done this with the account associated my personal email.

If you don't want to do that, go into the Google+ privacy settings and delete all the personal information you can and restrict access. You can leave the phone recovery option on and that won't compromise anything. You should also edit your "profile" and remove any personal information there (twitter feeds, facebook, websites, blogs, schools, workplace, placed you've lived, birthday, etc.). Trust me, it's all there out in public if you ever added any information and didn't set the proper strict privacy restrictions.

Same for facebook, linkedin, etc. Any of these applications or platforms you've entered your phone number as "profile or account information" can be traced back to you, or at the very least, have you show up in your contacts (or those who have your number or email in theirs). Linkedin has a link under "Account and Settings" called "Manage who can discover you by your phone number »" - Click that to restrict to only 1st connections (people you've already added) instead of "anyone." Even WhatsApp will pull certain information from facebook and gmail/google+ should you have that information available. You don't even have to have them added, they just need your phone number as one of their contacts.

Just be sure to always keep your personal and internet lives separate as other have mentioned and you will avoid 99.9% of these security issues.

Well, until Skynet goes live.

[Image: giphy.gif]

Vice-Captain - #TeamWaitAndSee
Reply
#40

Preventive Security Measures: Update your email and delete sensitive PMs

Anyone else get the email to work?

It's either slow as fuck or not working at all.

"Despite their numbers, their pussyness means I was barely hurt. 2 black eyes and a cut nose, no big deal. I could sense the fear in them so as they were walking I chased them down and told them to "go home". They all left like little girls." - Revelations 21:4
Reply
#41

Preventive Security Measures: Update your email and delete sensitive PMs

Quote: (09-04-2015 11:26 AM)Apollo Wrote:  

Anyone else get the email to work?

It's either slow as fuck or not working at all.

Check your spam folder. System is not showing any errors.
Reply
#42

Preventive Security Measures: Update your email and delete sensitive PMs

Quote: (09-04-2015 11:26 AM)Apollo Wrote:  

Anyone else get the email to work?

It's either slow as fuck or not working at all.

Hasn't worked for me either.
Reply
#43

Preventive Security Measures: Update your email and delete sensitive PMs

I have tried at least 10 different email addresses, nothing is working. From the most obscure (temp emails) to the most well known. (yahoo/gmail)

"Despite their numbers, their pussyness means I was barely hurt. 2 black eyes and a cut nose, no big deal. I could sense the fear in them so as they were walking I chased them down and told them to "go home". They all left like little girls." - Revelations 21:4
Reply
#44

Preventive Security Measures: Update your email and delete sensitive PMs

Ditto on the email. Checked spam folder, no dice.
Reply
#45

Preventive Security Measures: Update your email and delete sensitive PMs

Has anyone successfully received an email today?

I just tested it and got two separate emails, one to gmail and the other to yahoo. Both came nearly instantly.
Reply
#46

Preventive Security Measures: Update your email and delete sensitive PMs

I created a new gmail account, and received the validation email in my inbox. Looks good.
Reply
#47

Preventive Security Measures: Update your email and delete sensitive PMs

"If the recipient is still unable to locate your message, they may need to lower the spam filters or create rules to receive messages from your Gmail address."

Create a filter for [email protected] and try again.
Reply
#48

Preventive Security Measures: Update your email and delete sensitive PMs

Quote:Quote:

Encryption of the data on the disc doesn't not really matter because nobody will actually go to the datacenter and psychically steal the hard drive. They will either use exploit in forum software, get file access to the server (and get database details) or simply find out password of an member that has administrator privilegies.

Encrypting the disc versus the data are two different things. Encrypting the credit card data on AM helped them, but it wasn't enough since nothing else was encrypted.

If it's possible for this forum to encrypt sensitive info like phone numbers and email addresses, that's an option worth considering. And administrator accounts especially should have passwords that are as airtight as possible.
Reply
#49

Preventive Security Measures: Update your email and delete sensitive PMs

Changed my email, did a filter for it, still am not seeing an email from [email protected]
Reply
#50

Preventive Security Measures: Update your email and delete sensitive PMs

Surprisingly, I got an email. When I clicked the link for the email it said something like, authorization mismatch. Then it gave the option to enter an activation code and that didn't work either.

Went back to step one and changed the email address again...and no longer getting emails, even after filter is set.

"Despite their numbers, their pussyness means I was barely hurt. 2 black eyes and a cut nose, no big deal. I could sense the fear in them so as they were walking I chased them down and told them to "go home". They all left like little girls." - Revelations 21:4
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)