Welcome to Inkbunny...
Allowed ratings
To view member-only content, create an account. ( Hide )
Inkbunny

Incoming security update - make sure your email is current

Hi everyone,

There is a site security update we're about to roll out that will increase the strength of our session IDs.

This update will be run in the next day or two and we will announce a new site version once it is complete.

The update makes it much harder for attackers to simply guess valid session IDs, as we move from 4-bit MD5 (eg: 9e107d9d372bb6826bd81d3542a419d6) to 6-bit SHA-512 (eg: UX8ScxaAoJI2i9WvhUSrHw6vVzJFkCZ3-4vsbiRmA,kylJ4C0DY5qT0T5sGmPX2Ixyiimn0Yn-,QKxVqIzE4T2).

These crazy looking IDs are something you don't normally see but they are stored in cookies that your browser receives and sends after you log in, as a way of identifying your valid login session.

The side effect of this change is that all currently logged in sessions will be reset, so you will need to log in again after we run the update.

As long as you know your password (or your browser knows it) then you just need to log in as per normal after the update and there should be no issues.

Please make sure your email address is valid and up to date as recorded in your Account Settings. This way, if you have any login issues, you can simply reset your password via the Forgot Password option on the Login Screen. This requires a valid email address connected to your account to work.

As the maximum session age is 1 month, all users have to log in at most every 4 weeks anyway, but we figured it's still best to give you all a heads-up!

If anyone has issues after the security update and can't log in, please email us at admin@inkbunny.net

Thanks

Inkbunny
Viewed: 361 times
Added: 11 years, 6 months ago
Site News Item: yes
Commenting Locked
 
Catwheezle
11 years, 6 months ago
Thanks for looking after us. I really appreciate the work you put into keeping us safe, and I'm sure I'm far from the only one :)
Alfador
11 years, 6 months ago
Awesome!! =^_^= *huggles*
garuru
11 years, 6 months ago
Allrighty !
LupineAssassin
11 years, 6 months ago
Thanks!
awakenji
11 years, 6 months ago
I welcome this change.  Thanks for the information.
MaDrow
11 years, 6 months ago
In b4 new server needed due huge system resources use increasement thanks to the hashing |=(;3
zakdavis
11 years, 6 months ago
The countdown timer is nice because it tells me exactly how much time till the update. Thanx IB
Tycloud
11 years, 6 months ago
And you still did not include an optional birthday icon for the users!
fluffdance
11 years, 6 months ago
Is it possible to embed this hash key into the browser to prevent primary login hijack susceptibility?
Skash
11 years, 6 months ago
well, a more secure way of reducing hijack would be to have the development team whip up a program that generates a pgp through a random hash and stores it on your computer, and have the browser app only turn on when you visit IB's secure site then it will post the pgp with other data to login and in return listens for a token that it stores.

but when it comes to your I.P. lockin on the website, I would suggest you use it if you feel you need to add security, I myself have my account locked so that only a small percentage of Australian's can login, locking out 90% (or more) of the internet.

there are many ways to increase security, but at the end of the day, there needs to be a good balance between simplicity, maintenance, expandable, user friendly interface.

if it all goes wrong, then it can be just as bad as EA's DRM coupled with Trymedia and Sony's copy protection along with Steam, splash on a 3rd party random generated code from your mobile and you got a clusterfuck that needs a manual just to login, and on TOP of that would be a 10 minute session timeout.

imagine someone making damage if that was done, let alone them trying to figure out how he can enter his victims password without needing 2 hours reading up on the security they installed lol.

but all in all, Inkbunny, I see that you have security under control.
that leaves myself to assume the answer of "do you save passwords as plain text?" to be a solid "FUCK NO!"
Skash
11 years, 6 months ago
funny how this website, that earns less than a small credit union has more security in mind than the top banks in Australia, and many banks across the globe, and you have been established for just a few years, compared to over 100 years,

Kinda makes me want to setup a bank account here lol
HashTagHeel24
11 years, 5 months ago
Just so you know Firefox users can't log in. Tried everything and nothing worked using IE. Sucks as it's my preferred browser. Oh well it was a good run.
New Comment:
Move reply box to top
Log in or create an account to comment.