kKaltUuwait did UGC just casually tell us that ALL passwords could have been compromised because they didn't bother to store them correctly?
There is no casual tone in the previous post. We are well aware of the seriousness of the situation. Despite team leader passwords being auto-generated by default, we strongly recommend that users that changed the auto-generated password to a custom one, if used by other services, change it immediately.
UGC's login process was going to be changed during this off-season. However, our developers have been actively working on its new implementation since yesterday afternoon.
There is no point for us in minimizing the consequences this might lead to or mentioning other companies with similar practices. This is a serious situation and as for any breach, affected users should take precautionary measures immediately.
[quote=kKaltUu]wait did UGC just casually tell us that ALL passwords could have been compromised because they didn't bother to store them correctly?[/quote]
There is no casual tone in the previous post. We are well aware of the seriousness of the situation. Despite team leader passwords being auto-generated by default, we strongly recommend that users that changed the auto-generated password to a custom one, if used by other services, change it immediately.
UGC's login process was going to be changed during this off-season. However, our developers have been actively working on its new implementation since yesterday afternoon.
There is no point for us in minimizing the consequences this might lead to or mentioning other companies with similar practices. This is a serious situation and as for any breach, affected users should take precautionary measures immediately.
Might just be me but making it just a post in a thread titled "ayy scam smh" rather than a new topic and signing off with Have a good evening is pretty casual
Might just be me but making it just a post in a thread titled "ayy scam smh" rather than a new topic and signing off with [i]Have a good evening[/i] is pretty casual
Plus the fact that there is almost no notice on the UGC site worries me.
Just a small news post with no mention of leaked passwords
Hello Players! We have temporarily disabled logins due to technical issues in the website. For all players playing matches tonight, if you want to report your match scores, please login through STEAM and post your scores in match comms.
Make a blog post about it, inform everyone that could be affected and force password changes to all users. See twitch.tv's actions with their recent DB compromise. Please don't just sit around and let players use the known unsafe login/storage methods.
Just be proactive with it and put the users' safety in front of all other things. It's a community league for christs sake
Plus the fact that there is almost no notice on the UGC site worries me.
Just a small news post with no mention of leaked passwords
[quote]Hello Players! We have temporarily disabled logins due to technical issues in the website. For all players playing matches tonight, if you want to report your match scores, please login through STEAM and post your scores in match comms.[/quote]
Make a blog post about it, inform everyone that [b]could[/b] be affected and [b]force[/b] password changes to all users. See twitch.tv's actions with their recent DB compromise. Please don't just sit around and let players use the known unsafe login/storage methods.
Just be proactive with it and put the users' safety in front of all other things. It's a community league for christs sake
lol. inexcusable.
ugc, what a joke
lol. inexcusable.
ugc, what a joke
Bucakelol. inexcusable.
ugc, what a joke
Because you know how to lead a TF2 and Dota 2 league huh?
[quote=Bucake]lol. inexcusable.
ugc, what a joke[/quote]
Because you know how to lead a TF2 and Dota 2 league huh?
i don't. but what does that matter? because i am not trying to do it.
and clearly neither do they. at least, not properly.
there are fundamentals you can't allow yourself to mess up.
i don't. but what does that matter? because i am not trying to do it.
and clearly neither do they. at least, not properly.
there are fundamentals you can't allow yourself to mess up.
HerganBucakelol. inexcusable.
ugc, what a joke
Because you know how to lead a TF2 and Dota 2 league huh?
You don't need to know how to lead anything.
You just have to know basic design rules and somewhat care about safety to know storing passwords in plain text is not acceptable.
Especially when the league tries to dismiss it as something minor.
[quote=Hergan][quote=Bucake]lol. inexcusable.
ugc, what a joke[/quote]
Because you know how to lead a TF2 and Dota 2 league huh?[/quote]
You don't need to know how to lead anything.
You just have to know basic design rules and somewhat care about safety to know storing passwords in plain text is not acceptable.
Especially when the league tries to dismiss it as something minor.
kKaltUuMake a blog post about it, inform everyone that could be affected and force password changes to all users. See twitch.tv's actions with their recent DB compromise. Please don't just sit around and let players use the known unsafe login/storage methods.
I'm not sure to understand the second part of your message. All users will be forced to change their password, whether they were using the auto-generated password or changed it to a custom one.
Our developers have been hard at work since the breach this afternoon and are currently implementing additional security measures to the Website. Among other things, passwords have been invalidated and leaders will be required to input a new password upon their next login.
The recommended password change is if you were using a similar password on other services that UGC has no access to (Email, Youtube, Twitch, etc.). Regarding your first point, a mass email to all leaders and a news post were sent this morning (coincidentally around the time of your post). Yesterday, the statement was sent on all our media platforms (Twitter, Facebook, Steam Announcement, Forums).
[quote=kKaltUu]Make a blog post about it, inform everyone that [b]could[/b] be affected and [b]force[/b] password changes to all users. See twitch.tv's actions with their recent DB compromise. Please don't just sit around and let players use the known unsafe login/storage methods.[/quote]
I'm not sure to understand the second part of your message. All users will be forced to change their password, whether they were using the auto-generated password or changed it to a custom one.
[quote]Our developers have been hard at work since the breach this afternoon and are currently implementing additional security measures to the Website. [b]Among other things, passwords have been invalidated and leaders will be required to input a new password upon their next login.[/b][/quote]
The recommended password change is if you were using a similar password on other services that UGC has no access to (Email, Youtube, Twitch, etc.). Regarding your first point, a mass email to all leaders and a news post were sent this morning (coincidentally around the time of your post). Yesterday, the statement was sent on all our media platforms (Twitter, Facebook, Steam Announcement, Forums).
The fact that anyone with access to the admin panel (script kiddie or otherwise) has access to unhashed passwords is pretty terrifying. I almost changed my randomly generated password of my UGC account to one of my normal passwords a while back, and now I'm really glad I didn't.
The fact that anyone with access to the admin panel (script kiddie or otherwise) has access to unhashed passwords is pretty terrifying. I almost changed my randomly generated password of my UGC account to one of my normal passwords a while back, and now I'm really glad I didn't.
Additionally, the new login system will use hashed passwords, in addition to salting.
gg ugc; good thing I never changed the auto-genned one
Can't even think of any common software packages that don't hash or at least encrypt; even shitty web forum software from the early 2000s did an unsalted MD5 hash
Literally the only reason to store plaintext passwords is as a deliberate choice by a rouge database admin so they can try the passwords on people's email addresses
[quote]Additionally, the new login system will use hashed passwords, in addition to salting.[/quote]
gg ugc; good thing I never changed the auto-genned one
Can't even think of any common software packages that don't hash or at least encrypt; even shitty web forum software from the early 2000s did an unsalted MD5 hash
Literally the only reason to store plaintext passwords is as a deliberate choice by a rouge database admin so they can try the passwords on people's email addresses
I don't know which option is more terrifying, that ugc developers were incompetent or that they were malicious.
I don't know which option is more terrifying, that ugc developers were incompetent or that they were malicious.
<3 LastPass, saving the day all the time.
<3 LastPass, saving the day all the time.
I made a post explaining that, when Loops was an admin like 2 1/2 years ago, he complained about passwords being stored in plaintext, and when he brought it up Fornaught (head UGC admin) got really angry at him and told him not to tell anyone.
Shortly after I posted about this fact I was rewarded with a fun little treat:
http://i.imgur.com/ELrySXF.png
Never change, UGC!
I made a post explaining that, when Loops was an admin like 2 1/2 years ago, he complained about passwords being stored in plaintext, and when he brought it up Fornaught (head UGC admin) got really angry at him and told him not to tell anyone.
Shortly after I posted about this fact I was rewarded with a fun little treat:
http://i.imgur.com/ELrySXF.png
Never change, UGC!
mustardoverlordI made a post explaining that, when Loops was an admin like 2 1/2 years ago, he complained about passwords being stored in plaintext, and when he brought it up Fornaught (head UGC admin) got really angry at him and told him not to tell anyone.
Never change, UGC!
You were banned from the forums for personal insults toward admins, not for posting a chatlog talking about our security measures. You're skewing the facts here, mustard.
[quote=mustardoverlord]I made a post explaining that, when Loops was an admin like 2 1/2 years ago, he complained about passwords being stored in plaintext, and when he brought it up Fornaught (head UGC admin) got really angry at him and told him not to tell anyone.
Never change, UGC![/quote]
You were banned from the forums for[i] personal insults toward admins[/i], not for posting a chatlog talking about our security measures. You're skewing the facts here, mustard.
thank god all 3,217,806 spy mains want to scam us
thank god all 3,217,806 spy mains want to scam us
mustardoverlordI made a post explaining that, when Loops was an admin like 2 1/2 years ago, he complained about passwords being stored in plaintext, and when he brought it up Fornaught (head UGC admin) got really angry at him and told him not to tell anyone.
Shortly after I posted about this fact I was rewarded with a fun little treat:
http://i.imgur.com/ELrySXF.png
Never change, UGC!
you probably got banned because you're a neckbeard idiot
[quote=mustardoverlord]I made a post explaining that, when Loops was an admin like 2 1/2 years ago, he complained about passwords being stored in plaintext, and when he brought it up Fornaught (head UGC admin) got really angry at him and told him not to tell anyone.
Shortly after I posted about this fact I was rewarded with a fun little treat:
http://i.imgur.com/ELrySXF.png
Never change, UGC![/quote]
you probably got banned because you're a neckbeard idiot
smobomustardoverlordI made a post explaining that, when Loops was an admin like 2 1/2 years ago, he complained about passwords being stored in plaintext, and when he brought it up Fornaught (head UGC admin) got really angry at him and told him not to tell anyone.
Never change, UGC!
You were banned from the forums for personal insults toward admins, not for posting a chatlog talking about our security measures. You're skewing the facts here, mustard.
Three things:
1) Yeah, I'm really skewing all the facts I've been given.
Let me remind you:
"Reason for ban: Fuck off"
Really a lot of facts given to me about my ban for me to skew right there!
2) In no way did I do anything close to a personal insult towards an admin. I believe you're referring to when I said (and I'm paraphrasing here because I cannot get access to my actual post now, funny how that works eh?): "This happened when infinite was in charge, which isn't surprising because he was incompetent in every area relating to UGC." I'm pretty sure that critiquing an admin's performance as an admin isn't a personal attack, it's what literally makes a community league a community league.
What UGC doesn't seem to realize, and I might sound a little vain here but fuck it, is that it needs people like me. Every grassroots type organization needs a few loose cannon rabble rousers to keep the management in check. If ETF2L went around banning fraac, Kaneco, ond kaja, and the #FREEBAUD circlejerk, how dyou think that would reflect on them?
Plus, it's pretty ironic considering how infinite was pretty fucking prone to personal attacks when he was an admin (calling m4risa a "he" on purpose on numerous occasions, attempting to make fun of my looks when he looks like shoenice, etc.)
3) Even if I did personally insult an admin, which I didn't, who gives a fuck? Do you guys really ban people for personal insults towards admins?? Do you realize how boneheaded that is??? I mean I assumed that, when things like this happened, it was individual salty admins banning people they don't like without enough of a check on their power. Are you telling me that it's actual policy???
Can you imagine if, every time people insulted enigma for his appearance (which has happened here before), or mana for banning people willy-nilly from the tftv stream and riding the dicks of the invite players he namedrops constantly, or wait wasn't slin an admin at some point? Imagine if everyone making fun of mr. slin on a personal level got banned. This forum would be pretty fuckin empty indeed.
If you guys had some sort of strict rule system attempting to cut out all language construed to be offensive that would be one thing, but considering the admin in question who I apparently personally attacked is a vile human being who yelled at anyone who criticized the league that he stumbled into with no idea how to run, I feel like this should be a two way street.
Cheers,
mustard
P.S. Notice how every time someone becomes an admin, they immediately go from understanding that the UGC admins look like clowns to the rest of us, to drinking the koolaid and trying to justify all the ridiculous practices? Pretty funny how that works!
[quote=smobo][quote=mustardoverlord]I made a post explaining that, when Loops was an admin like 2 1/2 years ago, he complained about passwords being stored in plaintext, and when he brought it up Fornaught (head UGC admin) got really angry at him and told him not to tell anyone.
Never change, UGC![/quote]
You were banned from the forums for[i] personal insults toward admins[/i], not for posting a chatlog talking about our security measures. You're skewing the facts here, mustard.[/quote]
Three things:
1) Yeah, I'm really skewing all the facts I've been given.
Let me remind you:
"Reason for ban: Fuck off"
Really a lot of facts given to me about my ban for me to skew right there!
2) In no way did I do anything close to a personal insult towards an admin. I believe you're referring to when I said (and I'm paraphrasing here because I cannot get access to my actual post now, funny how that works eh?): "This happened when infinite was in charge, which isn't surprising because he was incompetent in every area relating to UGC." I'm pretty sure that critiquing an admin's performance as an admin isn't a personal attack, it's what literally makes a community league a community league.
What UGC doesn't seem to realize, and I might sound a little vain here but fuck it, is that it needs people like me. Every grassroots type organization needs a few loose cannon rabble rousers to keep the management in check. If ETF2L went around banning fraac, Kaneco, ond kaja, and the #FREEBAUD circlejerk, how dyou think that would reflect on them?
Plus, it's pretty ironic considering how infinite was pretty fucking prone to personal attacks when he was an admin (calling m4risa a "he" on purpose on numerous occasions, attempting to make fun of my looks when he looks like shoenice, etc.)
3) Even if I did personally insult an admin, which I didn't, who gives a fuck? Do you guys really ban people for personal insults towards admins?? Do you realize how boneheaded that is??? I mean I assumed that, when things like this happened, it was individual salty admins banning people they don't like without enough of a check on their power. Are you telling me that it's actual policy???
Can you imagine if, every time people insulted enigma for his appearance (which has happened here before), or mana for banning people willy-nilly from the tftv stream and riding the dicks of the invite players he namedrops constantly, or wait wasn't slin an admin at some point? Imagine if everyone making fun of mr. slin on a personal level got banned. This forum would be pretty fuckin empty indeed.
If you guys had some sort of strict rule system attempting to cut out all language construed to be offensive that would be one thing, but considering the admin in question who I apparently personally attacked is a vile human being who yelled at anyone who criticized the league that he stumbled into with no idea how to run, I feel like this should be a two way street.
Cheers,
mustard
P.S. Notice how every time someone becomes an admin, they immediately go from understanding that the UGC admins look like clowns to the rest of us, to drinking the koolaid and trying to justify all the ridiculous practices? Pretty funny how that works!
alfamustardoverlordI made a post explaining that, when Loops was an admin like 2 1/2 years ago, he complained about passwords being stored in plaintext, and when he brought it up Fornaught (head UGC admin) got really angry at him and told him not to tell anyone.
Shortly after I posted about this fact I was rewarded with a fun little treat:
http://i.imgur.com/ELrySXF.png
Never change, UGC!
you probably got banned because you're a neckbeard idiot
you will get plusfragged because you are an invite player and people don't like me but
a) I am much smarter than you will ever be and you are one of the least likeable human beings I have ever had the displeasure of running into on the internet
b) you inadvertently are proving my point, because if I had said something comparable to this on the UGC forum apparently I'd be banned, at least if it was an admin
[quote=alfa][quote=mustardoverlord]I made a post explaining that, when Loops was an admin like 2 1/2 years ago, he complained about passwords being stored in plaintext, and when he brought it up Fornaught (head UGC admin) got really angry at him and told him not to tell anyone.
Shortly after I posted about this fact I was rewarded with a fun little treat:
http://i.imgur.com/ELrySXF.png
Never change, UGC![/quote]
you probably got banned because you're a neckbeard idiot[/quote]
you will get plusfragged because you are an invite player and people don't like me but
a) I am much smarter than you will ever be and you are one of the least likeable human beings I have ever had the displeasure of running into on the internet
b) you inadvertently are proving my point, because if I had said something comparable to this on the UGC forum apparently I'd be banned, at least if it was an admin
if you are so smart then how come you are trash at this game, a sexist and no one likes you?
you're a waste of a human being
Edit: Who the fuck even says "I'm much smart than x", that just proves you're dumber than a rock.
if you are so smart then how come you are trash at this game, a sexist and no one likes you?
you're a waste of a human being
Edit: Who the fuck even says "I'm much smart than x", that just proves you're dumber than a rock.
alfaif you are so smart then how come you are trash at this game, a sexist and no one likes you?
you're a waste of a human being
I'm not even gonna touch the trash at this game part other than to say that I've had the luxury of being the best player on a bunch of shitty teams, while you have been by far the worst player on a good team for years
I'll admit that I did not see the sexist thing coming, mostly because that's the stupidest thing I've heard in a while
This isn't the mustardoverlord defense/hugbox thread so I don't feel like posting a long rant about peoples' opinion of me in this shit community of 14 year olds but get me in mumble one day and I'll prolly rant about it for you
P.S. When was the last time you actually contributed to a discussion in a meaningful way?
P.P.S. Didn't you literally have to switch what continent you played on because people in EU found you so unbearable in pickups?
alfaEdit: Who the fuck even says "I'm much smart than x", that just proves you're dumber than a rock.
P.P.P.S. You're right, I would look pretty dumb if I said "I'm much smart than x", too bad I know how to use a comparative adjective because I am not 5 years old.
[quote=alfa]if you are so smart then how come you are trash at this game, a sexist and no one likes you?
you're a waste of a human being[/quote]
I'm not even gonna touch the trash at this game part other than to say that I've had the luxury of being the best player on a bunch of shitty teams, while you have been by far the worst player on a good team for years
I'll admit that I did not see the sexist thing coming, mostly because that's the stupidest thing I've heard in a while
This isn't the mustardoverlord defense/hugbox thread so I don't feel like posting a long rant about peoples' opinion of me in this shit community of 14 year olds but get me in mumble one day and I'll prolly rant about it for you
P.S. When was the last time you actually contributed to a discussion in a meaningful way?
P.P.S. Didn't you literally have to switch what continent you played on because people in EU found you so unbearable in pickups?
[quote=alfa]
Edit: Who the fuck even says "I'm much smart than x", that just proves you're dumber than a rock.[/quote]
P.P.P.S. You're right, I would look pretty dumb if I said "I'm much smart than x", too bad I know how to use a comparative adjective because I am not 5 years old.
damn alfa did mustard pee in your corn flakes
whats good lol
damn alfa did mustard pee in your corn flakes
whats good lol
By the way, anyone else reading alfa's posts in a sort of monosyllabic grunt? It's the best way to truly appreciate them
By the way, anyone else reading alfa's posts in a sort of monosyllabic grunt? It's the best way to truly appreciate them
kevdamn alfa did mustard pee in your corn flakes
whats good lol
Don't be too hard on alfa, most of the uninformed troglodytes who disagree with my abrasive but almost always correct opinions simply rely on the convenience of the minus frag button, alfa's only mistake was to be overconfident enough that he thought he could express his disagreement out loud without looking like a dumbass.
[quote=kev]damn alfa did mustard pee in your corn flakes
whats good lol[/quote]
Don't be too hard on alfa, most of the uninformed troglodytes who disagree with my abrasive but almost always correct opinions simply rely on the convenience of the minus frag button, alfa's only mistake was to be overconfident enough that he thought he could express his disagreement out loud without looking like a dumbass.
Here are the chatlogs(deleted) posted on the ugcforums by mustardoverlord. "My name is Day" is loops, former UGC admin.
2:40 PM - My name is Day: I TOLD EVERYONE
2:41 PM - My name is Day: THAT THEY STORED YOUR PASSWORDS LIKE THIS
2:41 PM - My name is Day: AND THEY GOT MAD AT ME AND CHANGED NOTHING
4:22 PM - mustardoverlord: is my post accurate
4:22 PM - mustardoverlord: in saying
4:22 PM - mustardoverlord: that I can blame infinite
4:22 PM - mustardoverlord: for this
4:22 PM - mustardoverlord: like everything else
4:22 PM - My name is Day: Actually it's Forn's fault
4:22 PM - My name is Day: He programmed the website
4:22 PM - My name is Day: And after multiple overhauls
4:22 PM - My name is Day: He didn't change it
4:22 PM - mustardoverlord: forn is old and senile
4:22 PM - mustardoverlord: his son is his caretaker now
4:23 PM - mustardoverlord: so if his son dropped the ball
4:23 PM - mustardoverlord: im gonna blame him
4:23 PM - My name is Day: And was also the one who got pissed
4:23 PM - My name is Day: When I posted about it
Here are the chatlogs(deleted) posted on the ugcforums by mustardoverlord. "My name is Day" is loops, former UGC admin.
[quote]2:40 PM - My name is Day: I TOLD EVERYONE
2:41 PM - My name is Day: THAT THEY STORED YOUR PASSWORDS LIKE THIS
2:41 PM - My name is Day: AND THEY GOT MAD AT ME AND CHANGED NOTHING
[/quote]
[quote]
4:22 PM - mustardoverlord: is my post accurate
4:22 PM - mustardoverlord: in saying
4:22 PM - mustardoverlord: that I can blame infinite
4:22 PM - mustardoverlord: for this
4:22 PM - mustardoverlord: like everything else
4:22 PM - My name is Day: Actually it's Forn's fault
4:22 PM - My name is Day: He programmed the website
4:22 PM - My name is Day: And after multiple overhauls
4:22 PM - My name is Day: He didn't change it
4:22 PM - mustardoverlord: forn is old and senile
4:22 PM - mustardoverlord: his son is his caretaker now
4:23 PM - mustardoverlord: so if his son dropped the ball
4:23 PM - mustardoverlord: im gonna blame him
4:23 PM - My name is Day: And was also the one who got pissed
4:23 PM - My name is Day: When I posted about it
[/quote]
mustardoverlordCan you imagine if, every time people insulted enigma for his appearance (which has happened here before), or mana for banning people willy-nilly from the tftv stream and riding the dicks of the invite players he namedrops constantly, or wait wasn't slin an admin at some point? Imagine if everyone making fun of mr. slin on a personal level got banned. This forum would be pretty fuckin empty indeed.
I agree with your post, but you could use better examples. People do get banned for insulting enigma pretty much at all (so don't do it), nor have I modded a stream in a long time (and when I did, I only used default timeouts). Just because I attend LAN in person doesn't mean I'm sucking their dicks (and I don't, I hate that shit; what happened to being friendly for the sake of being friendly?).
The forums nowadays have less of that kind of stuff. So, I agree with what you're saying in principle (and we try to have as much free speech as we reasonably can), but your hypothetical is pretty shitty.
[quote=mustardoverlord]Can you imagine if, every time people insulted enigma for his appearance (which has happened here before), or mana for banning people willy-nilly from the tftv stream and riding the dicks of the invite players he namedrops constantly, or wait wasn't slin an admin at some point? Imagine if everyone making fun of mr. slin on a personal level got banned. This forum would be pretty fuckin empty indeed.[/quote]
I agree with your post, but you could use better examples. People do get banned for insulting enigma pretty much at all (so don't do it), nor have I modded a stream in a long time (and when I did, I only used default timeouts). Just because I attend LAN in person doesn't mean I'm sucking their dicks (and I don't, I hate that shit; what happened to being friendly for the sake of being friendly?).
The forums nowadays have less of that kind of stuff. So, I agree with what you're saying in principle (and we try to have as much free speech as we reasonably can), but your hypothetical is pretty shitty.
Mana is my favorite tf.tv administrator
Mana is my favorite tf.tv administrator
rip mustard i'll never forget (T^T)7
rip mustard i'll never forget (T^T)7
Here's one of the posts I made back in late 2012, foretelling this tragedy:
http://forums.steampowered.com/forums/showthread.php?t=2993799
I'm going back to my MMO catgirl simulator now; I'll be back when someone replaces all the advertisements on their site with my dick pic.
Here's one of the posts I made back in late 2012, foretelling this tragedy:
http://forums.steampowered.com/forums/showthread.php?t=2993799
I'm going back to my MMO catgirl simulator now; I'll be back when someone replaces all the advertisements on their site with my dick pic.
LittleWith how much mustardoverlord talks, something intelligent has to leave his mouth at some point. Statistically speaking of course.
nice alt soap
[quote=Little]With how much mustardoverlord talks, something intelligent has to leave his mouth at some point. Statistically speaking of course.[/quote]
nice alt soap