Day: December 23, 2010

Web based Chat Rooms

I know there are a lot of us who use YIM, AIM, or some other program to chat with this person or that. I admit they are useful for getting to know some one better. But there are times you want to talk to more than one at a time. I know there are some who say used IRC, but that involves installing A IRC client. But that is best left for those who like
such things. Me I like just heading in to a Chat Room spending sometime there and getting off when I know it’s time to do so.

AIM Chat Rooms
Avoid them like they at filled with viruses which they are. The last time I was in one, my anti virus software kept on giving warnings every few seconds. And that is no lie, it is the truth.

Atari Age Forum chat room

Atari Age
I have been a member of the Atari Age Forum since 2003, and it’s a great site for gamers, a good place to hang out and if you want to sell off some old gaming gear, or have a tough computer question it can’t be beat. But there chat room is all but dead. Hardly anyone uses it, the most I ever seen on there is 4, but most of the time it’s empty. Although monitored, and adult language is not allowed I swear you could talk about everything and anything else and no one would notice.

Gallifrey Base Chat room

Gallifrey Base
Although Gallifrey Base is a Doctor Who forum, in there chat room any topic is open to discussion. In fact the only limits are language and revealing too much about the latest Doctor Who adventure. This is the chat room I regularly hang out in, as I always have a good time with those like me who hang out there.

Yiffy International
They have Ychat, more than a few members use this chat room, but not enough.

If your either a member of the Fur affinity forums or just visit the main site regularly. You know they have been having major problems. At first they said it was just an upgrade problem but they finally admitted the real problem.

This is taken right from their blog.

December 2010 Hacking
By now, many of you know that Fur Affinity was attacked on Thursday, December 16th 2010. Attackers were able to compromise the admin system using an XSS exploit in the trouble ticketing system to gain control of an admin account. We pulled the website offline, and closed the hole that lead to the initial attack, but not before the intruder was able to illegally compromise the private notes of 41 users (including admins and staff) and the vandalism of several galleries. Regrettably, the leeching of notes occurred before the hacker made his presence known on the site, and we were not able to stop it.

At no point were user passwords or the site database compromised.

After closing the initial hole that the intruder was using to compromise the site, they then attacked an admin’s e-mail, managing to compromise their email account to perform a password reset. With the new password, they were able to get back into the site and into the forums. At the same time, another attack was launched on a second admin, compromising a long-abandoned account they had which was setup as an e-mail fallback for their main account. In both instances, the attackers were able to gain access back into the system, causing scattered vandalism.

We were able to flush the attacker out of the system through multiple wipes of cookies and active login sessions (which some of you may have noticed when your account were logged out).

After Yak revised and recoded the security side of the admin panel, the attackers then launched a distributed denial of service (DDOS) attack against FA as a final measure. Working with our host, we were able to block the attack and restore services to the site. While we had initially suspected potential issues due to the 1.2 million Gawker passwords that were leaked (which had affected some regular users on the site), we want to clarify that the Gawker leaks WERE NOT an issue with the FA intrusion.

Galleries which were wiped are in the process of being restored, and we are working to strengthen and improve security. We have also removed the ability for certain admins to view notes. We will be bringing in additional coding help to perform security audits and improve upon the site’s platform, as we do take security seriously. We regret that this happened, and ultimately the blame for this lay with us for letting the hole slip through the cracks. That said, it does not excuse the intruders for their actions, and we are working with law enforcement to pursue the issue.

On behalf of the entire staff of FA we apologize for what happened. We make no excuses for what happened.

—————————-

If you have questions, please feel free to ask, we will update the thread with a Q/A. Keep responses civil, and honest. There has been enough drama over this, and we want to work towards peaceful resolution.

EDIT: Had the date wrong in the initial attacks. My apologies. The initial incident happened on Thursday, not Friday.