That really wasn't well handled was it MNHQ?

[ASorcererIsAWizardSquared]

Yes, this is a telling off.

Your communication over the Calm Down Jeffrey incident was atrocious.

I find it shocking that you can be sat there, posting to us that all is well and under control when we can see, in front of our very own eyes, that someone was hacking MNHQ posts and editing them, and also posting under posters names and editing other posts as well as deregging and banning other users who insulted them.

The response from you was seriously lacking, on top of your coquettish rubbish about not putting 50p in the meter when you went down over night.

Its not on.

You have a duty to your posters when these things are happening to keep us all informed, we're not stupid and we deserve to be treated with a little more respect. Not fobbed off with half truths and blatant lies.

I agree. This kind of grandstanding is kind of embarrassing.

My observation on how MNHQ handled The Jeffrey Incident is that there's no point having an alternative info source through the Twitter feed, pointing users towards it in the OP about the outage and then not using it. I know not everyone uses or likes Twitter, but if there are problems with the main site - including Jeffrey editing posts willy nilly - then it's time to make best use of the other channels for information.

Like making them cutting heads off a Hydra?

I am one of those who did pay to use MN back in the day, just for the record. CAT and selling boards!

Thanks very much for explaining Sarah. May I ask if you use PGP?

If so have you seen this - this is the guy who mentions dadsec in previous tweets and afaik he is pretty good at that sort of stuff.

I have no fucking idea what a 'secret key' might be but if he's got one then getting stuff in plain text won't have fazed him.

We all paid for CAT. That's not the same thing.

I'm not trying to accuse that particular guy of anything - sorry not being clear - I mean if the weirdo who hacked us has the 'key' this guy mentions then maybe he can access stuff.

No idea what all the dadsec stuff is all about though.

It's not PGP, it would be a hash function FlightAttendant.

Oh good. Ignore my posts then! Thanks A&B.

afaik mine was the first account to be hacked, after I said on the other thread that I didn't believe they had any details given the way they were crowing about having "so much data,"

tbh I think that mn hq were going to be damned if they did, damned if they didn't, in terms of details they provided. Also I think that the way people essentially just used it as entertainment was far more amusing and gained a far better result than if this had been turned into some kind of panic over the site having been hacked.

Ultimately though, if people don't want their details compromised then it is probably best not to put those details on to websites that realistically don't need them, because most sites will be subject to a breach at some point. Carphone warehouse for instance was breached only a couple of weeks ago and hackers have obtained credit card and other personal details. So by comparison access to a few usernames is really not that impressive if you're going to hack a website....

I just want to say I have read the gpg man page mentioned in that tweet. (I even got paid for it, as I was at work.)

And although it's not relevant - with encryption programs like pgp and gpg (they're basically different versions of the same thing) - a user creates a pair of keys. There's the private one, which you never share with anyone else ever, and the public one. You can give other people your public key. They can give you their public key. You can encrypt a file with your own and other people's keys. They can then unlock the file, because the pgp program will be able to match it to your private key, to know it's you. If the file hasn't been encrypted for your key, you can't unlock it and read it.

There is obviously a lot more to it than this, and as mentioned, it's not relevant to this anyway.

Hash functions are basically a way of indexing data, so it speeds up look up times. They can also be used as a way of encrypting stuff, because although it makes it quicker to look things up in one direction, it's a lot harder to work backwards.

I have colleagues who go to security conferences for fun... I don't. So if this isn't making sense - well, it's not really important for this anyway, and it's Friday night, and I'm not at work, nor on-call, and I don't have to be feeling more coherent just now.

I think that it was basically handled ok but quicker reassurance on whether our passwords were compromised would have been nicer.

exLtEveDallas A fucking men!! Well said!

Ebear, that's fascinating. Thank you for explaining the differences.

I think people are forgetting that at one point Jeffrey had access to admin accounts. Therefore, at least for that period if HQ had been posting messages he could (and did) simply amend them. They could only have avoided that by shutting down completely, which would probably have brought forth even louder complaints.

Icimoi - which is why they should have been using channels like Twitter to get information out too / instead of on the site, IMHO. I know it's easy with hindsight and in a crisis it's easy to miss the obvious, but if you post a message saying "check Twitter for an update" then don't do as you have said, it does add to the general impression of headless chicken-ness

I'm on the "chill, people" side of things.

When MN shut down one New Year, there were so many howls and claims that people might harm themselves if they didn't have access to MN (yes, really), that the modus operandi of MNHQ is probably to do nothing which would disrupt the site too much.

CloserToFiftyThanTwenty They suggested that that was because they didn't want to repetitively draw attention to the second rate hacker. Not because they didn't want to keep us updated.

It certainly does, Maryz - but better late than never?

Crikey, I only read the first bit of Skully's post and it didn't seem that offensive (hadn't clicked through on it) - did she get offensive after saying that the OP was owed an apology?