fitze: I agree. The word was just starting to get out when Ripple killed Computing for Good. Of course my "conspiracy theory" on this is that WCG didn't want to take the responsibility for accounts getting hacked, especially since they know as well as we do that people re-use passwords and a hacked account on WCG could lead to other more serious breaches for those people. So from WCG's perspective as well as the 85% of people here who never participated in the XRP giveaway, I'm sure the attitude is 'good riddance.'

As an admin at other sites though, perhaps you could explain to the staff at WCG just how easy it is to institute a policy of notifying people when multiple invalid password attempts have been made. I'm sure they would like us to believe it would require too much effort for them to provide this elemental form of account security. Perhaps you can convince them otherwise.

twilyth:

I ran a very old script, so I don't know if this is correct.

It looks like WCG is:

IBM Canada, I think near Toronto. Hosted by AT&T, Running Linux with IBM HTTP Server, Apache, Apache Jakarta,Java Servlet, vaScript, jQuery, CSS, RSS and Doctype is HTML5.

So if this is close to what they are running they can notifying people when multiple invalid password attempts with a email. The code is availible free using Open Source Software code, but why do it, if the person like I said is that stupid with a bad password they should be hacked.

twilyth, the post after you from jhindo said it was a brute force attack (old school) the log files will show that and the alarms should have gone off. They should have put monkey in the middle code for a quick stop of brute force attack, but it was just ONE person :-).

Thank you for the good laugh "Perhaps you can convince them otherwise" You do not tell IBM what to do, they tell you what to do.

jhindo:

Good forward motion implementing additional security measures.

So it was a old school brute force dictionary attack from ONE person, now that is good security laugh, ONE PERSON!

I say it was someone/group that did not like Rippple Labs because RL would soon be #1 on all Team Statistics in less then one year! They did research in months what other teams are taking years to do for research and the other teams don't like it!.

Also your log files should show the IP address of the brute force and you should know who it was! don't you think?

Later, going to the Pub to buy some fish and chips and pay with my Ripples, will let me? :-)

HELL NO!

Sadly, it's true. I started in 1999 with SETI, moved to United Devices/Grid/WCG in 2003, and used the same password, and I've never had an issue. It was a simple password, as I wasn't really bothered if someone did compromise it, it wasn't worth anything anyway.

Ripple arrived, and a Ripple member had a go at my account, and was successful. Fortunately I checked the team forum, and our resident Stat-Meister alerted me to the fact my team had changed. I obviously changed it back.

So, after 14 years Ripple arrive, someone from Team Ripple cracks my account and you don't want me to say "until Ripple came along"? Sorry, the facts dictate otherwise.

Thank you for the update and notification.