Was a past-tense as wcg technicians and admin dealt with this. The case was resolved by wcg, a dictionary password attack, probably limited to those the hacker saw as having larger contribution and low attendance, at wcg forums. It brought to light that weak passwords are not advised, even in volunteer computing once there arose a monetary value.

The problem is that there seems to be no system limit for the number of invalid passwords someone can enter. This is a gaping security hole that should be plugged by instituting "best industry practices" - to use the words of Jhindo.

How is it 'best practices' when someone can mount a dictionary attack and the user is never notified of multiple invalid passwords?

Rather we have to rely on the staff monitoring such attempts. Well forgive me if I don't have a lot faith in that approach.

Thought my ears were burning.

The issue/problem is resolved.

Curious though I can't find the original thread. Looks like it's been deleted.

I don't really consider what jhindo said as constituting a resolution if there are no automated means for protecting accounts such as notifying users after xx number of password attempts. This is a pretty basic security measure so if they can't even manage to implement that, how can you have any faith in whatever other so-called security measures have been implemented?

This is typical of WCG's response to all of our concerns. If it hadn't been for the survey over a year ago, we never would have seen any changes at all and everyone who frequents this forum knows that.

Beyond that fact, we should keep in mind that any number of issues like upgrading the forum software where never even mentioned in the survey and as far as I can recall, we were never asked for input in terms of what the survey should cover.

This is also typical of WCG. Rather than trying to engage with the community, being capable of taking and responding to constructive criticism, they would rather make decisions in secret, impose them on us and then expect us to thank them for their lack of consideration.

Only ONE computer trying to hack and using a dictionary password attack. If a person gets hacked from a DPA they should get hacked for having such a dumb password.

As a Admin I see this hacking and password problem everyday and not just from ONE computer.

So please don't say "until Ripple came along"

I know I am new to WCG, but everything I was seeing from RippleLabs was good for WCG and research. I see this as a major loss of computing power for research. They were on the move to be #1 on all Team Statistics, and they just started 11/08/2013. They need to be back in a new way.

Ok I am done, sorry for the rant.