Ravelry free patterns-FYI
06-05-2011, 12:56 PM
#11
Senior Member
Join Date: May 2010
Location: Central Florida
Posts: 701
Originally Posted by pdcakm
Originally Posted by kathome
What am I missing here? If Ravelry has already been hacked, what is the point of changing your password? That is, if the "hackers" already have your password, and you use that same password for other sites, shouldn't you be warned to change the password for only those other places?
I couldn't care less if someone can see the patterns that I view on a free site, it's the ones such as banks, bills, etc.
Am I making sense here?
I couldn't care less if someone can see the patterns that I view on a free site, it's the ones such as banks, bills, etc.
Am I making sense here?
never go directly to the site from the warning email. go directly to the site from your address line.
This is a lengthy process of changing my password(s) on all of the sites I visit if it's tracked by email address. We're talking many hours. For instance, my password on this very site is the same as Ravelry.
06-05-2011, 01:17 PM
#12
Senior Member
Join Date: Jul 2010
Location: california
Posts: 932
Originally Posted by kathome
Originally Posted by pdcakm
Originally Posted by kathome
What am I missing here? If Ravelry has already been hacked, what is the point of changing your password? That is, if the "hackers" already have your password, and you use that same password for other sites, shouldn't you be warned to change the password for only those other places?
I couldn't care less if someone can see the patterns that I view on a free site, it's the ones such as banks, bills, etc.
Am I making sense here?
I couldn't care less if someone can see the patterns that I view on a free site, it's the ones such as banks, bills, etc.
Am I making sense here?
never go directly to the site from the warning email. go directly to the site from your address line.
This is a lengthy process of changing my password(s) on all of the sites I visit if it's tracked by email address. We're talking many hours. For instance, my password on this very site is the same as Ravelry.
as always, the honest citizen has to pay to protect themselves from the dishonest creeps. i am so frustrated with these people.
be careful what you say about personal business on any site as anyone might be watching and listening.
06-05-2011, 02:12 PM
#15
Senior Member
Join Date: Mar 2009
Location: Alachua, Florida
Posts: 678
I didn't receive an email from them (it was sent to my old email address). I went directly to Ravelry after reading your post. This is what is on their home page after I logged in:
Important information: Security Breach
An attacker recently managed to break in to one of our secondary servers. Once inside, they were able to access user names and encrypted passwords.
We think that it is best to be overly cautious and we are requiring you to change your password on Ravelry. We suggest that you also change your password on any other sites where you've used the same or similar password.
The passwords that the attacker was able to access were encrypted and your password is most likely safe. We are being cautious because modern password cracking technology is very sophisticated and given enough time and money or resources, the attacker could potentially recover some of the passwords.
No financial information or other sensitive information was accessed: we do not collect or store this type of data. Patterns for sale are stored securely and they were not viewed or downloaded and private correspondence (messaging between users) was not accessed either.
Please take this opportunity to set up different passwords for different sites. There are several good "password manager" applications that can help you keep track of your passwords.
We are deeply sorry that this has happened. We care very much about all of you and we never want something like this to happen again. If you have any questions or concerns at all, please post in this forum thread or email Sarah at [email protected].
How did this happen?
An attacker tried various methods to gain access to our servers. While most of these methods were unsuccessful, the attacker did eventually find a weak link, and was able to compromise the system that ran our blog. Once they had access to this system they were able to access other data that resided on the on the same server.
How will you make sure that something like this doesn't happen again?
First, and probably most importantly, we are working with an information security consulting firm that will help us audit and test our current and future systems. We are a tiny company with a small staff and only one engineer/programmer but we still take security very seriously. Having outside help will be a double-check that helps us catch mistakes before they become problems.
Secondly, we are reviewing all of the software we use to run our systems, and eliminating everything we can to reduce our exposure to attackers. As an example, the software we used to run our blog was not only completely re-installed, it was also moved to a separate web host to limit exposure in the future. We are also using new technologies to help detect and automatically block certain types of attacks
Finally, we are doing as much as possible to limit the exposure of data should a breach occur. All sensitive data in our databases is protected with strong encryption, and we are working to identify any areas where data could leak from our systems.
This has been a really frustrating and upsetting experience but the silver lining is that we are in a better position to make sure that your information is safe. We want you to have confidence that we are doing everything we can to make sure that your Ravelry is positive and safe. Thank you so much your patience and understanding as we work through this.
----- me again
Once you change your password, if you logout and go back in, that message no longer appears. I found the thread where they were talking about it. And yes, they are sending out emails alerting people to the breach.
Important information: Security Breach
An attacker recently managed to break in to one of our secondary servers. Once inside, they were able to access user names and encrypted passwords.
We think that it is best to be overly cautious and we are requiring you to change your password on Ravelry. We suggest that you also change your password on any other sites where you've used the same or similar password.
The passwords that the attacker was able to access were encrypted and your password is most likely safe. We are being cautious because modern password cracking technology is very sophisticated and given enough time and money or resources, the attacker could potentially recover some of the passwords.
No financial information or other sensitive information was accessed: we do not collect or store this type of data. Patterns for sale are stored securely and they were not viewed or downloaded and private correspondence (messaging between users) was not accessed either.
Please take this opportunity to set up different passwords for different sites. There are several good "password manager" applications that can help you keep track of your passwords.
We are deeply sorry that this has happened. We care very much about all of you and we never want something like this to happen again. If you have any questions or concerns at all, please post in this forum thread or email Sarah at [email protected].
How did this happen?
An attacker tried various methods to gain access to our servers. While most of these methods were unsuccessful, the attacker did eventually find a weak link, and was able to compromise the system that ran our blog. Once they had access to this system they were able to access other data that resided on the on the same server.
How will you make sure that something like this doesn't happen again?
First, and probably most importantly, we are working with an information security consulting firm that will help us audit and test our current and future systems. We are a tiny company with a small staff and only one engineer/programmer but we still take security very seriously. Having outside help will be a double-check that helps us catch mistakes before they become problems.
Secondly, we are reviewing all of the software we use to run our systems, and eliminating everything we can to reduce our exposure to attackers. As an example, the software we used to run our blog was not only completely re-installed, it was also moved to a separate web host to limit exposure in the future. We are also using new technologies to help detect and automatically block certain types of attacks
Finally, we are doing as much as possible to limit the exposure of data should a breach occur. All sensitive data in our databases is protected with strong encryption, and we are working to identify any areas where data could leak from our systems.
This has been a really frustrating and upsetting experience but the silver lining is that we are in a better position to make sure that your information is safe. We want you to have confidence that we are doing everything we can to make sure that your Ravelry is positive and safe. Thank you so much your patience and understanding as we work through this.
----- me again
Once you change your password, if you logout and go back in, that message no longer appears. I found the thread where they were talking about it. And yes, they are sending out emails alerting people to the breach.
06-06-2011, 04:05 PM
#17
Senior Member
Join Date: May 2010
Location: Central Florida
Posts: 701
OK - - my son designs virtual memory systems WORLDWIDE (companies like Chase Morgan Bank, Bank of America, the NFL, New York City, Travelocity, etc. I asked the question about the need to change my passwords and here is his reply:
" There was a centralized datacenter that was hacked from what I understand and they really don't know what was taken or obtained so it's more of a proactive e-mail in case your password has been compromised. Hard to tell if its necessary or not. I would cover the big ones like your credit card site / eBay / etc. Basically anything that has your credit card info accessible."
I ALWAYS trust what my son says. He is not just a typical kid (he's 31 years old) who is computer savy. He is the real deal and certified in stuff that I don't pretend to understand.
So a word to the wise.
" There was a centralized datacenter that was hacked from what I understand and they really don't know what was taken or obtained so it's more of a proactive e-mail in case your password has been compromised. Hard to tell if its necessary or not. I would cover the big ones like your credit card site / eBay / etc. Basically anything that has your credit card info accessible."
I ALWAYS trust what my son says. He is not just a typical kid (he's 31 years old) who is computer savy. He is the real deal and certified in stuff that I don't pretend to understand.
So a word to the wise.
Thread
Thread Starter
Forum
Replies
Last Post
craftybear
Links and Resources
12
08-30-2011 07:20 PM
craftybear
Links and Resources
3
07-18-2011 03:08 AM
craftybear
Links and Resources
13
05-08-2011 01:56 AM
