The corollary to Kerchoff's principle, Shannon's maxim, e.g. assume "the enemy knows the system," still holds.This attack looks like the modern incarnation of industrial espionage.
...or at least it holds to an extent.First of all, thanks for the update! But in all honesty you shouldn't be surprised that people are pissed.
You and I, and anyone with related knowledge all know, that FA needs to be rewritten from scratch, because no matter how well you fix it up, it is still castle built of recycled cardboard and plastic bags, reinforced with duct tape.
well in the mean time if anyone wants to chat, both my steam and skype are scorcher836. go ahead and add me if you'd like. i dont mind meeting new furs.
Anyone who is interested in a chat group to talk and discuss their feelings or want to meet new friends, add me on skype @ tenaki1995 :3
I'm getting nervous about what is happening. I was planning on transferring/copying my submissions over to InkBunny yesterday and then I see this happen.
I'm also assuming there is still no ETA yet?
As of a few hours ago, there hasn't been one. I've been refreshing a lot of pages, including FA itself and there's still no news. Best to keep waiting here and checking r/furry, as the official statement over there is stickied too.I'm getting nervous about what is happening. I was planning on transferring/copying my submissions over to InkBunny yesterday and then I see this happen.
I'm also assuming there is still no ETA yet?
FA fixed it 5 May. Alternative site (and apparently "much better than FA") Weasyl did... 3 May. So just a 2 day difference, and still the month inbetween people find so bad.I'm honestly kind of sad to see that FA's sys admins didn't patch CVE-2016-3714 before it was too late... it's been known for weeks now...
Well, now you've secured your house from theft, it burns down.indeed last year my house got broken into now my house is heavily secured
i only hope FA admins learn from this
Congrats, you've generated a single-point-of-failure. If that fails... EVERYTHING falls appart. Generally I don't really consider that the best of security measures. You don't either giving 2P-Authentication afterwards.You should not be remembering passwords. You should be using a password manager like KeePass to generate a unique password for every website. Then you have a master key that opens your database of passwords.
I really HATE Steam mobile authenticator with a pure passion. Aside from being REQUIRED (why? I have no smartphone) it's entire goal was to remove the single-point-of-failure... and instead they just shifted it to the mobile device, which are less secure than desktops by definition. So much fail. Not to mention to overrun all that they give you a single deactivation code which creates a new easy access point into your account, so the entire stuff is pointless to the extreme security wise.*shudders* no offences but i HATE the two step locking function its really messy and my phone can't take on any more apps i was lucky enough to install Steam mobile app at the least i don't need more
Since I only have around 3 followers and 5+ submissions, I won't be in much of a stink, but I understand how people would feel if they were on the site for a long time and had to start over.You guys really think that FA will have to start all over? So we lose all our watchers, submissions and all the hard work we did? You really truely believe FA can afford that kind of downfall??
I know that now for next time. At least I still have a good chunk of my uploads on InkBunny, but not by much. I can probably go off of what I have on there to update my Weasyl and other places. If only they also had a transfer program like InkBunny does.And this is why you make your own backups. At least 3 different storage mediums if you really don't want to loose it.
Since as far as I can tell no one in this thread mentioned it: this caught the attention of InfoSec Taylor Swift:
Edit: this is too precious:
This is upsetting to hear. I wish people would leave the furry community alone and just let us be us.It was brought to our attention last night (May 16) that someone had obtained a copy of Fur Affinity's source code via the recent “ImageTragick” exploit in the ImageMagick library (a common server-side image processing software). This exploit was patched earlier in this month, but not before a malicious user was able to download a copy of our source code, and later actively distributed it via USB drives at a convention.
We managed to get a hold of one of the USB drives and started to analyze what was distributed. While we were investigating, somebody launched a second attack against the site using information gleaned from the source code.
This attack targeted the site’s database by deleting user information, submissions, and watches. It was stopped before any further damage could be done. Other information such as journals, notes, passwords, and personal information was not affected. We're currently in the process of doing a security audit on the existing code and closing any loopholes which may be accessible from the source code.
We are also working to restore the deleted data. Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack.
We apologize for the inconvenience to the community, and are working to rectify the issues. If anyone has any knowledge/evidence as to who perpetrated the attack, or who was distributing the USB drives containing FA’s source code, please privately contact Dragoneer on Twitter (@Dragoneer) or via email at email@example.com.
We are working to restore FA as quickly as we can, but want to make sure we take proper steps to prevent any further issues. We will keep the community updated on our progress.
This is a photo of one of the USB drives distributed with FA’s source code. If you have any information on who was distributing these drives please let us know by contacting us as mentioned above.
To be exact, Tor is the name of the deep web network. You need to download Tor Browser in order to access it.You're supposed to download a program called "tor" and use it in order to go onto the deep web. It's basically the layer of the internet below the "seen" internet, like ".net" and ".com" with a lot of red-rooms and things like that, where you use bitcoins to pay for things. You can get things like drugs and stuff like that on it. It's where all of the really unnerving parts of the internet are.
I really hope my ref would been saved, It's older than 6 days, and i put it in Furaffinity on last year. I hope i could get access to my ref sheet again as I don't have it on computer anymore, atleast can't find itIm not really that worried because they said its backed up at least so il probably just lose a few favorites. But i still hope people who make moneh from furafffinity survive this
This is upsetting to hear. I wish people would leave the furry community alone and just let us be us.