13:14 Forced change of passwords on the site or care about my safety or freelance ru broken? | |
| Just a few days ago received a letter from the popular in his area of ??the site of the Free-Lance free-lance.ru about this content: "Dear XXX! Administration of Free-lance.ru conducts an annual change of passwords, this preventive measure will protect your account from unauthorized access by third parties. Your old password in your entire security has been changed automatically. To change the password to the new need to link LINK ». My first thought: "Where's a button to tell Google about phishing?", But something stops. Look through the headlines, links. It seems to be honest, leads wherever necessary. Or they base increases, and they are quiet, not planned as follows rassylochku started ... So tell me about website usability guru you've decided to follow in the footsteps webmoney and in a panic to make decisions for psevdobezopasnosti paranoid? Or maybe life was broken? Inside - a pair of speculation and rhetorical question. UPD: there was intrigue Why should I change the password, Kojima successfully used for several years at several similar sites? Question hour:What are you willing to go for the safety of users? Donate hundreds of accounts of careless users and block them, examining each situation individually and restore access to written complaints or once in N time getting people to change passwords and perform acts of caring about the users? Maybe somebody you led off base?A few points that are in this situation make you think.
Well, there are going to people who have little understanding of web technologies. And if it was the site of needlework, for example? All would be in terror assailed Google to report spam, phishing. And we would have a safe, kind, service, but have lost people who think that their accounts were taken away. When (if?) You have taken away the base, have the courage to admit it, your users will understand. And if you remain silent in a rag, will only make things worse for everyone. UPD1: Readers report that now comes a letter with the password immediately after trying to login to the site (good). Difference between authorization and a letter - less than a minute. Mode "panic" mode was changed to "caution". The opinion of the reader: this is not hacking attempt, but simply ill-considered actions of the administration. UPD2: recalled that last year, has already made a general change of passwords in connection with a DDoS-attack. Now it vzapravdashnaya tradition. Where is the popcorn?UPD3: Unknown persons have denied rumors that they broke. UPD4: In twitter commented that the brains of the base, after all, flowed and the evening will put a post on the same topic. "Flowed their base. In the evening, add a sandbox article about it. " We can not wait! UPD5: developers and information security have come to this day offers of cooperation: "Good afternoon! Write to you with your profile on the site Free-lance.ru. Our company's continued cooperation requires a web programmer for scripting, optimizes the enterprise ... " For Fun: sn offer as many as 20 thousand a month. UPD6: Here it is, the reason for the annual care of us!Found an article from WildZero: A hole in the free-lance.ru. Caught the same them, thoughtful! Remark: original article contained no references to the hero for the day, but once it is gone, here are the coordinates of all lines, inserted into the content. | |
|
| |
| Total comments: 0 | |