NOTICE -- please read this
Thread Starter
Administrator
Joined: Oct 2000
Posts: 20,274
Likes: 4
From: Toronto, Canada
Hi all,
There is a post in off topic about egghead.com getting their customer database piked. This is important because I want to remind you all of an important safety tip:
Do not use your s2000Online.com password for anything other than S2000Online.com. If the password you use here is also used elsewhere, change it!
I take pride in the idea that the site is reasonably secure. But I have to warn you that secure means different things to different people. To me it means that unauthorized people can't get in and change anything they shouldn't, potentially disrupting the site and it's data. It does not mean that people can't come in an get data they shouldn't, at least to a lesser degree anyway. I cannot guarantee that someone cannot get in and download the member database or that they won't be able to discover your password if they do. It's unlikely, but sheet happens.
So please, for your own sakes, make sure that if it does happen the data they get is useless elsewhere.
Thanks for your time,
c3
There is a post in off topic about egghead.com getting their customer database piked. This is important because I want to remind you all of an important safety tip:
Do not use your s2000Online.com password for anything other than S2000Online.com. If the password you use here is also used elsewhere, change it!
I take pride in the idea that the site is reasonably secure. But I have to warn you that secure means different things to different people. To me it means that unauthorized people can't get in and change anything they shouldn't, potentially disrupting the site and it's data. It does not mean that people can't come in an get data they shouldn't, at least to a lesser degree anyway. I cannot guarantee that someone cannot get in and download the member database or that they won't be able to discover your password if they do. It's unlikely, but sheet happens.
So please, for your own sakes, make sure that if it does happen the data they get is useless elsewhere.
Thanks for your time,
c3
Registered User
Joined: Oct 2000
Posts: 612
Likes: 0
From: Stockholm
cthree, have to ask, do you have any indication this has happened here, or is this just a general precaution? Please tell us if you have seen something fishy, if so some people might want to change their passwords in other places too. Thanks.
Thread Starter
Administrator
Joined: Oct 2000
Posts: 20,274
Likes: 4
From: Toronto, Canada
Originally posted by BassMan:
cthree, have to ask, do you have any indication this has happened here, or is this just a general precaution? Please tell us if you have seen something fishy, if so some people might want to change their passwords in other places too. Thanks.
cthree, have to ask, do you have any indication this has happened here, or is this just a general precaution? Please tell us if you have seen something fishy, if so some people might want to change their passwords in other places too. Thanks.
I should also add that this applies to other places on the web you may visit with registration. They probably are not secure channels so don't send a valuable password, like the one you use to access your bank account, over them.
[This message has been edited by cthree (edited December 23, 2000).]
Trending Topics
Thread Starter
Administrator
Joined: Oct 2000
Posts: 20,274
Likes: 4
From: Toronto, Canada
Transacting online can be very safe as long as you don't get sloppy. Unfortunately the Internet doesn't come with an instruction manual. It's a good idea to maintain several passwords, low security for sites that don't know anything about you, medium security for sites that know a bit about you but not enough to hurt you like your address and phone number, high security for sites that take your credit card info and top security for really important stuff like banking.
S2KO only asks for a name you make up and a password. It's low security. Also remember that you are not responsible for CC fraud but it can be a hastle. It's not just the Internet you need to be concerned about. How many on you have punched in an account number over the phone? How 'bout at work? You do know that the phone systems record the numbers you dial in a log don't you. I'm far more concerned about telephone transactions than online ones.
S2KO only asks for a name you make up and a password. It's low security. Also remember that you are not responsible for CC fraud but it can be a hastle. It's not just the Internet you need to be concerned about. How many on you have punched in an account number over the phone? How 'bout at work? You do know that the phone systems record the numbers you dial in a log don't you. I'm far more concerned about telephone transactions than online ones.
Former Sponsor
Joined: Oct 2000
Posts: 9,081
Likes: 0
And how many people have you heard repeating your credit card details out aloud over the phone in what could be an office full of people? Then there's the ones who take your details and process them later meaning they could be lying around the place ..on a desk..wherever. The struggling waiter...the list goes on.
I'm inclined to agree with cthree that the 'Net is a pretty safe medium. I use it to pay all my bills, transfer money between accounts etc. I use a card that has only a couple of thousand dollars limit on it and always check my statements. Just commonsense precautions.
I'm inclined to agree with cthree that the 'Net is a pretty safe medium. I use it to pay all my bills, transfer money between accounts etc. I use a card that has only a couple of thousand dollars limit on it and always check my statements. Just commonsense precautions.
Registered User
Joined: Oct 2000
Posts: 6,936
Likes: 2
From: Austin
a few tips:
Passwords: make your passwords cryptic. Avoid dictionary type of words, things that mean anything. Think of case-sensitive passwords, that change. For instance, I remember a password for one of our boxes at work was: NsS&sdJR! - it translates to Netscape Sucks and So does JRun!
In other words, think of a sentence, something besides birthdays or phrases like "9000rpms", siblings, children names, come up with a phrase that *YOU* can remember, and then cut it up and abbriviate it in your own way. That is the best way to create passwords IMO.
Credit Card Transactions: Always make sure that if you submit credit cards over the net that the site is secure. How can you tell? The adress will say HTTPS instead of HTTP. HTTPS - is http secure protocol. It comes in 40 and 128 bit encryption schemes. If you submit any form, via email (without private PGP keys, but that's another story), and lets say its only via HTTP, then I can just stick up a packet sniffer and I'll be able to read everything in plain text. Its VERY IMPORTANT to watch out for non-https submissions.
Keep in mind, with both of these precautions, it does not guarantee that your information is secure. For instance, some places, like etoys.com has sold all of their customer information and customer preferences out, and egghead.com has been breached by a cracker (not a hacker - hackers are the ethical ones, crackers are the mallicious ones).
Don't be paraniod, just be careful. Hope these suggestions help out.
Passwords: make your passwords cryptic. Avoid dictionary type of words, things that mean anything. Think of case-sensitive passwords, that change. For instance, I remember a password for one of our boxes at work was: NsS&sdJR! - it translates to Netscape Sucks and So does JRun!
In other words, think of a sentence, something besides birthdays or phrases like "9000rpms", siblings, children names, come up with a phrase that *YOU* can remember, and then cut it up and abbriviate it in your own way. That is the best way to create passwords IMO.
Credit Card Transactions: Always make sure that if you submit credit cards over the net that the site is secure. How can you tell? The adress will say HTTPS instead of HTTP. HTTPS - is http secure protocol. It comes in 40 and 128 bit encryption schemes. If you submit any form, via email (without private PGP keys, but that's another story), and lets say its only via HTTP, then I can just stick up a packet sniffer and I'll be able to read everything in plain text. Its VERY IMPORTANT to watch out for non-https submissions.
Keep in mind, with both of these precautions, it does not guarantee that your information is secure. For instance, some places, like etoys.com has sold all of their customer information and customer preferences out, and egghead.com has been breached by a cracker (not a hacker - hackers are the ethical ones, crackers are the mallicious ones).
Don't be paraniod, just be careful. Hope these suggestions help out.
Thread
Thread Starter
Forum
Replies
Last Post