Edge Posted May 23, 2006 Author Report Share Posted May 23, 2006 I'd rather have that WM instead of the money Sorry mate but can't help you out with that either I don't have one lol Link to comment Share on other sites More sharing options...
Edge Posted May 23, 2006 Author Report Share Posted May 23, 2006 I won't be happy until we discover who it was Believe me neither will I. Link to comment Share on other sites More sharing options...
slay Posted May 23, 2006 Report Share Posted May 23, 2006 were your pp&trc&email password the same? if not, you might have a keylogger on your computer! Link to comment Share on other sites More sharing options...
Edge Posted May 23, 2006 Author Report Share Posted May 23, 2006 were your pp&trc&email password the same? if not, you might have a keylogger on your computer! I am currently investigating as to how my password was compromised, howevr I do not have a trojan or keylogger. I am working with an investigator in this regard. The email used was made up, and not mine. Link to comment Share on other sites More sharing options...
Tikerz Posted May 23, 2006 Report Share Posted May 23, 2006 So can PGP I have an update for you guys I have been told that If yI submit more details than you can possibly imagine about myself then pp will reset my password and I can help you all get your money back. I have been informed that impending withdrawels from my account have been overturned and all money is now back in the PP account. Chris That is great news Chris! Thanks! Link to comment Share on other sites More sharing options...
Edge Posted May 23, 2006 Author Report Share Posted May 23, 2006 That is great news Chris! Thanks! No problem mate I have to send a Passport and DL to PP and some other info then I will regain access and get this [censored] storm sorted. YOU WILL get you money back. Chris Link to comment Share on other sites More sharing options...
ryyannon Posted May 23, 2006 Report Share Posted May 23, 2006 Very good news indeed! Link to comment Share on other sites More sharing options...
leitztozeiss Posted May 23, 2006 Report Share Posted May 23, 2006 I think RWG and TRC should also force the seller to take a picture of the watch with a paper, with current date and RWG/RWI/TRC on it. I agree. Seems to work well at the DS. Link to comment Share on other sites More sharing options...
Edge Posted May 23, 2006 Author Report Share Posted May 23, 2006 UPDATE!!! pp HAVE ASSURED ME HAT ALL THE BUYERS WILL RECEIVE A FULL REFUND!!!!! I will not be receiving a credit for my £467 loss as the hackers sent it to another account as payment for omething and pp will not acknowledge my claim for retribution as it was a payment from one account to another and the seller has indicated that the item has been sent with some tracking details so I cannot be refunded as pp's policy on NON-Ebay items is merely to insure arrival of the goods and not the condition or description of said goods. Shower of [censored] if you ask me, they won't gimme my money back and w=knowing my luck i'll get a [censored] brick sent it the mail. I have to add that a deal done with Cib)rgman for the 1680 dial WILL be upheld and the dial has been shipped, despite the fact that I don't have access to the funds he sent me. I now KNOW that NO users will lose out in this, which was my main concern. Chris Link to comment Share on other sites More sharing options...
Pugwash Posted May 23, 2006 Report Share Posted May 23, 2006 The passwords for IPB are not stored in the DB in Plain text and are virtually impossible to hack (Not gonna say impossible, but never heard of anyone able to crack the hash) Really? Passwords aren't that hard... Link to comment Share on other sites More sharing options...
Admin Posted May 23, 2006 Report Share Posted May 23, 2006 Really? Passwords aren't that hard... The passwords on this forum and TRC as MD5 encrypted. It's not impossible to decrypt these passwords, but it is VERY hard and takes a looooong time. A more general concern, from a security standpoint, is that people tend to choose "weak" passwords. May I suggest this link and you can go ahead and test your password; http://www.microsoft.com/athome/security/p...rd_checker.mspx There is also a lot of useful information on how to create secure passwords and other password related info. Thomas Link to comment Share on other sites More sharing options...
cwai02 Posted May 23, 2006 Report Share Posted May 23, 2006 (edited) http://www.microsoft.com/athome/security/p...rd_checker.mspx I just checked. I have 4 sets of passwords: Public forums: Weak, but easy to remember. something like 564534* Email: Medium. something like asdfgh1000 Bank/CC: Strong. something like Md#gt69O*0d pp/Ebay: Another set of strong password, like Md#gt69O*0d I took 2 Encryption/Decryption courses when I was in college. Nothing is 100% safe. the professor actually taught us to hack MD5, SHA0, SHA1...it was a nightmare to me... Edited May 23, 2006 by cwai02 Link to comment Share on other sites More sharing options...
Richard Tracy Posted May 23, 2006 Report Share Posted May 23, 2006 These public forums, where so many can look in, but we can't see out is nerve racking ! Good news about the ending though Edge.. we are here to help, all you need do, is hold out your hand ! Link to comment Share on other sites More sharing options...
slay Posted May 23, 2006 Report Share Posted May 23, 2006 UPDATE!!! pp HAVE ASSURED ME HAT ALL THE BUYERS WILL RECEIVE A FULL REFUND!!!!! I will not be receiving a credit for my £467 loss as the hackers sent it to another account as payment for omething and pp will not acknowledge my claim for retribution as it was a payment from one account to another and the seller has indicated that the item has been sent with some tracking details so I cannot be refunded as pp's policy on NON-Ebay items is merely to insure arrival of the goods and not the condition or description of said goods. Shower of [censored] if you ask me, they won't gimme my money back and w=knowing my luck i'll get a [censored] brick sent it the mail. I have to add that a deal done with Cib)rgman for the 1680 dial WILL be upheld and the dial has been shipped, despite the fact that I don't have access to the funds he sent me. I now KNOW that NO users will lose out in this, which was my main concern. Chris That is not correct. pp was not honest with you there. I asked about the tracking number and what happens if they just sent false/bogus tracking number. The woman told me, that they will make 10000% sure that a Package IS delivered to my door step and that they CAN do that. IF you recieve anything unknown, dont accept it, dont sign anything. And tell pp you never recieved anything. So DONT give your money up. Also tell them, it was NOT your IP who made that transaction. [censored] at them as much as you can, and they will sort things out. If they dont, threaten them with a lawyer. If you need one, I can ask my mother to file a complaint against pp for you, because she is a lawyer! She wont charge you anything and the least you can do is try! THREATEN THREATEN THREATEN! it has worked sooo many times for me! Link to comment Share on other sites More sharing options...
Pugwash Posted May 23, 2006 Report Share Posted May 23, 2006 The passwords on this forum and TRC as MD5 encrypted. It's not impossible to decrypt these passwords, but it is VERY hard and takes a looooong time. If you have a few GB of pre-hashed words, you don't need to try every password in the DB, you can just check against all the hashes for the low-hanging fruit. If you have a botnet, this takes under a week. Link to comment Share on other sites More sharing options...
slay Posted May 23, 2006 Report Share Posted May 23, 2006 i doubt anyone went thorugh all the trouble and did that..! Link to comment Share on other sites More sharing options...
Watchmeister Posted May 23, 2006 Report Share Posted May 23, 2006 Edge - So sorry for you're problems. All of our worst nightmare. Kudos to you for ensuring that you're customers are taken care of first. I hope you can find a way to get you're money back. Link to comment Share on other sites More sharing options...
Highflyingclive Posted May 23, 2006 Report Share Posted May 23, 2006 (edited) Edge - I hope it comes together... The trouble with strong passwords - a mixture of uppercase, lowercase and numerals - is that they can be a bugger to remember. So just choose your favourite motorbike - model, maker and cylinder capacity, i.e: ZX5Kawasaki900cc There you go... a very strong, yet memorable password. Hope that this may help someone, sometime. Edit to add: Don't pick a motobike that you actually own, or have owned. Use the name of the one that you dream of owning... or wish you had owned when you were but a youth... like 1000ccAriel4Square This system probably works with cars, boats, aeroplanes, and for all I know, fishing rods, too. Edited May 23, 2006 by Highflyingclive Link to comment Share on other sites More sharing options...
Pugwash Posted May 23, 2006 Report Share Posted May 23, 2006 The trouble with strong passwords - a mixture of uppercase, lowercase and numerals - is that they can be a bugger to remember. The one I tell users (I'm a sysadmin in my dayjob) is a favourite song or book title. Like for instance, a shakespeare reader would have something like "IsIknwIass" for "In Sooth, I know not why I am so sad ..." or "Da4e4e4e" for a Bond fan. The more obscure the better, but you'll never forget it. Once you have your non-dictionary password, you can harden it up with a few numbers and symbols thus: "&tm@tbs34" ... and it turned into a ballroom blitz (Ballroom blitz, ballroom blitz). Link to comment Share on other sites More sharing options...
Edge Posted May 23, 2006 Author Report Share Posted May 23, 2006 I don't understand how my password was cracked. It is a 10 chracter pass with numbers letters and non printable characters, would take millions of years to crack with a PW cracker, and I don't have any spyware, this has to be someone on the fora.....which saddens me greatly. All will be retributed, I have guarantees. I have spoken to my lawyer and to pp and they are working on a solution but pp are standing stong and will not return my cash as of yet. My family lawyer is a well known QC here so his firm are taking care of it, if he can't sort it noone can. Chris Link to comment Share on other sites More sharing options...
Thor Posted May 23, 2006 Report Share Posted May 23, 2006 I don't understand how my password was cracked. It is a 10 chracter pass with numbers letters and non printable characters, would take millions of years to crack with a PW cracker, and I don't have any spyware, this has to be someone on the fora.....which saddens me greatly. All will be retributed, I have guarantees. I have spoken to my lawyer and to paypal and they are working on a solution but paypal are standing stong and will not return my cash as of yet. My family lawyer is a well known QC here so his firm are taking care of it, if he can't sort it noone can. Chris Maybe same person who hackes RWG-1... hope you finally get the whole money back... Link to comment Share on other sites More sharing options...
Pugwash Posted May 23, 2006 Report Share Posted May 23, 2006 I don't understand how my password was cracked. It is a 10 chracter pass with numbers letters and non printable characters, would take millions of years to crack with a PW cracker, and I don't have any spyware, this has to be someone on the fora.....which saddens me greatly. This makes me wonder if the old site encrypted the passwords at all... unless of course you logged in after the hackers controlled the site. A password sniffer would be trivial to add. That has just become my most likely suggestion. Once the site was compromised, the hackers added a bit of bespoke PHP to the login page. Every login/pass would then be emailed/posted/whatever any time anyone logged in. Too damned easy. Link to comment Share on other sites More sharing options...
ubiquitous Posted May 23, 2006 Report Share Posted May 23, 2006 Man, Chris! That's some [censored] news. Glad to hear that some of the transactions are being addressed by PP, but being out £400 blows If I can help out, please let me know! As an aside... What's the best way to check your computer for key loggers? With all this talk of compromised PW's, I'd like to know what to look out for as a precautionary! Link to comment Share on other sites More sharing options...
Edge Posted May 23, 2006 Author Report Share Posted May 23, 2006 This makes me wonder if the old site encrypted the passwords at all... unless of course you logged in after the hackers controlled the site. A password sniffer would be trivial to add. That has just become my most likely suggestion. Once the site was compromised, the hackers added a bit of bespoke PHP to the login page. Every login/pass would then be emailed/posted/whatever any time anyone logged in. Too damned easy. I tried to login 3 times after Hacker control to see WTF was happening with "Blade" and the bashing that was going on.......that could be it??? Chris Link to comment Share on other sites More sharing options...
Edge Posted May 23, 2006 Author Report Share Posted May 23, 2006 Man, Chris! That's some [censored] news. Glad to hear that some of the transactions are being addressed by PP, but being out £400 blows If I can help out, please let me know! As an aside... What's the best way to check your computer for key loggers? With all this talk of compromised PW's, I'd like to know what to look out for as a precautionary! Thanks for the offer mate much appreciated, I will just have to put my upcoming projects and purchases on the backburner for now. Thanks to everyone for the support and kind words. Try using an anti virus scan as well as AdAware and Spybot, which are both free, there are also some good scans available online but be carefull not all are as altruistic as they seem. Chris Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now