Funnerific Posted August 28, 2014 Share Posted August 28, 2014 Wait, what? I'm not quite sure what you're talking about... Oh you know, threats on the internet, the usual. It's not limited to Steam. The people behind the service can't do anything about it until after the fact, obviously. Quote Link to comment Share on other sites More sharing options...
Albedo Posted August 28, 2014 Share Posted August 28, 2014 Speaking of threats, the feminist community is propably trying to piss of gamers as well - they are petitioning Steam to completely shut down it's services for a whole hour as a form of protest against their oppresive behaviour. I agree sending rape and death threats is an awful thing to do, but why should the worldwide community take responsibility for what was done by a bunch of people? I find that particular way of thinking no different from previous commitments of those guys. That was news to me, do you have any sources? And is this in response to those fake-ass death threats Anita Sarkeesian got? (No, seriously, read the twits... No way a man wrote them.) Quote Link to comment Share on other sites More sharing options...
madvanced Posted August 28, 2014 Share Posted August 28, 2014 I don't even have words to describe how I feel about this... Quote Link to comment Share on other sites More sharing options...
Decay Posted August 28, 2014 Share Posted August 28, 2014 That was news to me, do you have any sources? And is this in response to those fake-ass death threats Anita Sarkeesian got? (No, seriously, read the twits... No way a man wrote them.) lmao dude I've seen feminists get shat on in way worse ways than that from actual people who were actually out of their mind. I have zero trouble believing that was real. Of course, I also think the person who wrote them was spineless and wouldn't ever follow through on anything. The thing is that there are crazy people on both sides of the issue like the people who hacked the fine young capitalists indiegogo, and that the whole thing is a clusterfuck I refuse to interact with. It also has practically nothing to do with anything here so maybe we shouldn't get too far off topic. Quote Link to comment Share on other sites More sharing options...
Albedo Posted August 28, 2014 Share Posted August 28, 2014 lmao dude I've seen feminists get shat on in way worse ways than that from actual people who were actually out of their mind. I have zero trouble believing that was real. Of course, I also think the person who wrote them was spineless and wouldn't ever follow through on anything. The thing is that there are crazy people on both sides of the issue like the people who hacked the fine young capitalists indiegogo, and that the whole thing is a clusterfuck I refuse to interact with. It also has practically nothing to do with anything here so maybe we shouldn't get too far off topic. No, thing is, she's controversial, I get that, and I can totally believe that she gets death threats and all sort of shit. It's just that, death threats from a brand new twitter account, and with threats that look written by a woman (Seriously, would a man threaten to "drink blood off your cunt"? Any man? Is giving oral sex to a woman a male fantasy? News to me) just in the wake of the Zoe Quinn thing? Nah. But yes, you're right, this is going way off topic. Quote Link to comment Share on other sites More sharing options...
InvertMouse Posted August 29, 2014 Share Posted August 29, 2014 Dang, seems like this stuff has been happening a lot lately (>-<). Hopefully anyone with an account with MG is doing okay. Quote Link to comment Share on other sites More sharing options...
sanahtlig Posted August 29, 2014 Share Posted August 29, 2014 I checked the database dump. All they appear to have gotten were usernames, e-mail addresses, and password hashes. Some people's e-mail addresses may contain their real name, so that may be irritating to some. The passwords do not appear to have been decoded. I also use LastPass. I guess I might as well start the arduous task of changing all my passwords to be unique on the hundreds of sites I have accounts at. Quote Link to comment Share on other sites More sharing options...
Decay Posted August 29, 2014 Share Posted August 29, 2014 I checked the database dump. All they appear to have gotten were usernames, e-mail addresses, and password hashes. Some people's e-mail addresses may contain their real name, so that may be irritating to some. The passwords do not appear to have been decoded. I also use LastPass. I guess I might as well start the arduous task of changing all my passwords to be unique on the hundreds of sites I have accounts at. LastPass notifies you when you're using a shared password. Instead of remembering every single site I have an account on and changing them all at once, I just changed my password each time I logged into a site and that notice popped up. The way I figure it, any site that uses a shared password anymore is barely ever visited by me and I don't care if the account gets compromised. Quote Link to comment Share on other sites More sharing options...
Narcosis Posted August 29, 2014 Share Posted August 29, 2014 That was news to me, do you have any sources? And is this in response to those fake-ass death threats Anita Sarkeesian got? (No, seriously, read the twits... No way a man wrote them.) You can find it here. To be honest, this isn't even serious enough. Quote Link to comment Share on other sites More sharing options...
Zakamutt Posted August 29, 2014 Share Posted August 29, 2014 Still haven't getten the famed MG mail about the compromise. I wonder if the others were fakes or something. Quote Link to comment Share on other sites More sharing options...
hotsauce2000 Posted August 29, 2014 Share Posted August 29, 2014 Still haven't getten the famed MG mail about the compromise. I wonder if the others were fakes or something. A lot of people haven't gotten it - me included. It's not a fake, though. Quote Link to comment Share on other sites More sharing options...
sanahtlig Posted August 29, 2014 Share Posted August 29, 2014 Someone claiming to be the hacker has apologized for the attack on the official forums, claiming he thought MG was promoting child pornography. http://forums.mangagamer.org/viewtopic.php?f=3&t=348&start=15#p9801 Quote Link to comment Share on other sites More sharing options...
havoc Posted August 29, 2014 Share Posted August 29, 2014 Someone claiming to be the hacker has apologized for the attack on the official forums, claiming he thought MG was promoting child pornography. http://forums.mangagamer.org/viewtopic.php?f=3&t=348&start=15#p9801 Lol if it actually is him, he is a bigger moron than i thought and impulsive to boot. so let us do a guessing game for his (mental) age. My guess mental age 15, real age 45 year old brain dead. Quote Link to comment Share on other sites More sharing options...
sanahtlig Posted August 29, 2014 Share Posted August 29, 2014 A lone vigilante hacker not doing so for profit is likely to be someone with a lot of time on their hands motivated by the sort of naive idealism common among youth. It's actually fairly likely the hacker is college-age or younger. Quote Link to comment Share on other sites More sharing options...
Zenophilious Posted August 29, 2014 Share Posted August 29, 2014 Someone claiming to be the hacker has apologized for the attack on the official forums, claiming he thought MG was promoting child pornography. http://forums.mangagamer.org/viewtopic.php?f=3&t=348&start=15#p9801 What an idiot. If you're going to do something like that, you should never admit that you were the one that did it, unless you have some need for attention or want to get some new cop buddies. Kinda sad that he didn't even do any research on Manga Gamer beforehand, either. The guy who's claiming to have done it has a twitter here. His Twitter account has now been suspended. Genius probably didn't realize that Twitter legally has to turn over every bit of info they have about a suspected criminal if the cops give them a warrant. Methinks he's boned. Quote Link to comment Share on other sites More sharing options...
Narcosis Posted August 29, 2014 Share Posted August 29, 2014 I'm literally squirming with laughter. Quote Link to comment Share on other sites More sharing options...
havoc Posted August 29, 2014 Share Posted August 29, 2014 What can i say . . . . You reap what you sow. Quote Link to comment Share on other sites More sharing options...
Kenshin_sama Posted August 29, 2014 Share Posted August 29, 2014 I had a feeling this guy was a dumbass from the way he wrote on twitter, but I didn't think he'd be this bad. Not sure how severe the punishment for cyber crimes are, but he better learn from it. Quote Link to comment Share on other sites More sharing options...
Zenophilious Posted August 29, 2014 Share Posted August 29, 2014 I had a feeling this guy was a dumbass from the way he wrote on twitter, but I didn't think he'd be this bad. Not sure how severe the punishment for cyber crimes are, but he better learn from it. I think it generally depends on what country the hacker is in and what exact crime they committed. Don't know much about cyberlaw, I've only heard it briefly mentioned. Now, if he's from a different country than the victims and is somehow extradited, which I doubt will happen, things might get very bad for him. Quote Link to comment Share on other sites More sharing options...
sanahtlig Posted September 5, 2014 Share Posted September 5, 2014 Dear MangaGamer Customers At this time, we would like to announce that full security measures have been implemented on our site. Last Thursday, our site was hacked and email addresses, nick names, and encrypted passwords may have been leaked. The SQL injection vulnerability that allowed this attack was patched up almost immediately, and in the week since then, we have reviewed our site for various other security holes, and fixes have been made to prevent another incident like this from happening. For your security, and to mark the end of this security update, your password has been automatically generated on our end. Your new password is Since this password is temporary, please update your password from your My Account page. (Your new password must include both alphanumeric characters and symbols) Once again, we apologize for the inconvenience this has caused, and we hope that you will continue to support us in our endeavors to bring great visual novels to the west. Best Regards, MangaGamer Staff Quote Link to comment Share on other sites More sharing options...
Nayleen Posted September 5, 2014 Share Posted September 5, 2014 Can you clarify something for me? Encryption hopefully doesn't mean what I hope they mean. Encryption is reversible, e.g. you can get the original value back from an encrypted one. Hashing would be what you want to do for passwords, using a proper, modern, secure algorithm (I heard something about them using unsalted md5 hashes before - inadequate). Emails could be encrypted, although there's little value to it. And, depending on how they're used around the site, even those could be hashed instead. Quote Link to comment Share on other sites More sharing options...
sanahtlig Posted September 5, 2014 Share Posted September 5, 2014 They've said previously the passwords that were leaked were encrypted, when they were actually hashed (as you surmised, using unsalted MD5). My guess is the spokesperson isn't technically inclined enough to understand the difference. I have requested clarification however. The e-mail address is used to send e-mails to customers, so I doubt it can be hashed. Nayleen 1 Quote Link to comment Share on other sites More sharing options...
Decay Posted September 5, 2014 Share Posted September 5, 2014 Hashing can be a form of encryption when using it to obfuscate passwords. The problem is that it was a really simple hash algorithm (md5) and the hashes weren't salted. So while it wasn't exactly strong encryption, it's still encryption. Using something like SHA-2 and salting it would be a whole lot better. Quote Link to comment Share on other sites More sharing options...
sanahtlig Posted September 5, 2014 Share Posted September 5, 2014 Hashing is not a form of encryption, though many refer to it as such. Encryption is reversible (intended to be decoded to reveal the original message). Hashes are irreversible. Both encryption and cryptographic hashes are forms of cryptography. Though the average user probably doesn't care about the difference, the difference has practical implications. http://danielmiessler.com/study/encoding_encryption_hashing/ Storing an encrypted password is sort of like setting a login password on a laptop, with a sticky note on the monitor proclaiming what the password is. Sure, it'll stop some forms of attack, but it won't stop the type of attack it really needs to stop: some stranger swiping your laptop and logging in as you. Nayleen 1 Quote Link to comment Share on other sites More sharing options...
Nayleen Posted September 5, 2014 Share Posted September 5, 2014 Thanks for pointing it out, the common definition and understanding is kind of wishy-washy unfortunately. I'm looking forward to MG's reply since it's kind of important moving forward to know if personal information, especially passwords, are safe. Personally I'd refrain from ordering from them if proper measures aren't taken, just out of sheer principle. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.