There is a site security update we're about to roll out that will increase the strength of our session IDs.
This update will be run in the next day or two and we will announce a new site version once it is complete.
The update makes it much harder for attackers to simply guess valid session IDs, as we move from 4-bit MD5 (eg: 9e107d9d372bb6826bd81d3542a419d6) to 6-bit SHA-512 (eg: UX8ScxaAoJI2i9WvhUSrHw6vVzJFkCZ3-4vsbiRmA,kylJ4C0DY5qT0T5sGmPX2Ixyiimn0Yn-,QKxVqIzE4T2).
These crazy looking IDs are something you don't normally see but they are stored in cookies that your browser receives and sends after you log in, as a way of identifying your valid login session.
The side effect of this change is that all currently logged in sessions will be reset, so you will need to log in again after we run the update.
As long as you know your password (or your browser knows it) then you just need to log in as per normal after the update and there should be no issues.
Please make sure your email address is valid and up to date as recorded in your Account Settings. This way, if you have any login issues, you can simply reset your password via the Forgot Password option on the Login Screen. This requires a valid email address connected to your account to work.
As the maximum session age is 1 month, all users have to log in at most every 4 weeks anyway, but we figured it's still best to give you all a heads-up!
If anyone has issues after the security update and can't log in, please email us at admin@inkbunny.net
well, a more secure way of reducing hijack would be to have the development team whip up a program that generates a pgp through a random hash and stores it on your computer, and have the browser app only turn on when you visit IB's secure site then it will post the pgp with other data to login and in return listens for a token that it stores.
but when it comes to your I.P. lockin on the website, I would suggest you use it if you feel you need to add security, I myself have my account locked so that only a small percentage of Australian's can login, locking out 90% (or more) of the internet.
there are many ways to increase security, but at the end of the day, there needs to be a good balance between simplicity, maintenance, expandable, user friendly interface.
if it all goes wrong, then it can be just as bad as EA's DRM coupled with Trymedia and Sony's copy protection along with Steam, splash on a 3rd party random generated code from your mobile and you got a clusterfuck that needs a manual just to login, and on TOP of that would be a 10 minute session timeout.
imagine someone making damage if that was done, let alone them trying to figure out how he can enter his victims password without needing 2 hours reading up on the security they installed lol.
but all in all, Inkbunny, I see that you have security under control. that leaves myself to assume the answer of "do you save passwords as plain text?" to be a solid "FUCK NO!"
well, a more secure way of reducing hijack would be to have the development team whip up a program t
funny how this website, that earns less than a small credit union has more security in mind than the top banks in Australia, and many banks across the globe, and you have been established for just a few years, compared to over 100 years,
Kinda makes me want to setup a bank account here lol
funny how this website, that earns less than a small credit union has more security in mind than the
Just so you know Firefox users can't log in. Tried everything and nothing worked using IE. Sucks as it's my preferred browser. Oh well it was a good run.
Just so you know Firefox users can't log in. Tried everything and nothing worked using IE. Sucks as
