Habbox DOT com ~ Site

[Chippiewill]

Matt's loyal to the fansite and Matt's secure, it's fair on his part if he doesn't want/feels like he should be given that level of access, but I'm still sticking to my opinion that he should have it nontheless.

I agree that Matt is certainly trustworthy enough. But as a programmer you should be aware that taking unnecessary and un-useful security risks just because it shouldn't be an issue is a bad idea.

[jasey]

@jasey - Passwords, e-mails, user names... It may not seem like much, but when the Playstation Network was compromised, the usernames, passwords and e-mails could of been used to gain entry elsewhere. In this case, someone could have their username linked to their Playstation Account (which many do) and through some magic find out how to gain entry and so forth. It's unlikely, but possible. I'm not finding it that big a deal, and I wouldn't say the people here at Habbox are either - they seem to be handling it quite well given the limitations - no drama, just honesty and swift handling of the event. They seem quite annoyed that Namecheap were so careless, and rightly so

Right. First off, compare the size of Habbox's userbase and the PSN userbase. Huge difference. Like, such a huge difference that Habbox is wiped off of the map in comparison. Secondly, anyone who is stupid enough in 2012 to put anything sensitive or exploitable on to a site like Habbox is careless or ignorant. I do agree that it is important to protect the information of your userbase, but really? This is not as big of a deal as people are making it out to be. This is Habbox and I am still waiting to see any serious damage from this evil act by a terrible hacker besides chips on the egos of those who manage the site. I can't stress that enough.

[xxMATTGxx]

Right. First off, compare the size of Habbox's userbase and the PSN userbase. Huge difference. Like, such a huge difference that Habbox is wiped off of the map in comparison. Secondly, anyone who is stupid enough in 2012 to put anything sensitive or exploitable on to a site like Habbox is careless or ignorant. I do agree that it is important to protect the information of your userbase, but really? This is not as big of a deal as people are making it out to be. This is Habbox and I am still waiting to see any serious damage from this evil act by a terrible hacker besides chips on the egos of those who manage the site. I can't stress that enough.

There is still around 9000 accounts on Habbox.com, that is still a big number. And yes there is still people around in 2012 who isn't an expert in security and may not know how to protect themselves fully. We still have to deal with those users regardless if we like to or not.

[Recursion]

No, I wouldn't be worried about any of my personal information being leaked from Habbox's database because I am not stupid enough to put anything sensitive in to the hands of some volunteer teens who wish they had a tech job that wasn't based out of their bedroom. The things Habbox has in its database on me are so silly that I would post them publicly if I had a reason to. The database leaking would not hurt me at all and it wouldn't hurt anyone else either unless they are thick and don't protect themselves online. This isn't a decade ago — people have been warned everywhere. So, err, yeah — you can cancel that bet if the bookie will let you because I do fear you would be losing a few quid.

I'm glad you learned something from working on Habbox in the past but it is clear that you are above analysing the details of this weak attempt at stealing information from the site besides, as I said already, for the sake of nostalgia. Even if it is because you have a soft spot in your heart for Habbox, you can cut the drama without losing credibility. Some of the "tech" users' posts in this thread border on hysteria. I'm thrilled you are pleased with the size of your ego as well. I am glad you got to see Habbox grow. So did I and so did many other people on the forum, right from the start.

Would you be willing to bet any of the money you were going to place on me caring about my info in Habbox's database on how obvious it is that the site as a whole is far past its apex and is now swirling down the sink?

Well, unfortunately for you, there are many users who do trust us and who do wish their information to be kept private wherever possible, which is something we'd like to keep that way. Thankfully, I can't take any offence to your post because actually, I (as does iAdam and others) do have a day job, which is technical and I worked my way into because I am a "techie" and must at least have a clue what I'm doing, which is obviously more than can be said for some people around here. In terms of personal information, passwords and the like, the same problems exist today as they did a decade ago... humans aren't perfect, we're naturally lazy and like to use the same password for many different services.

I'd like to know how this is for the sake of nostalgia, the site is still active (in fact one of the most active Habbo fansites) and over the years a very large community of people who never have done (or no longer do) play Habbo has formed who wish to continue being a part of the Habbox community (one of which, is me). Any "breach" (I use quotes, you seem to like those) is serious, no matter how much information has been stolen and we do take them seriously, as should everyone, which is exactly why we'll be forcing password resets across the entire Habbox.com website.

Habbox aside, you may not take something like this seriously, but fortunately for the world there are people who do and make massive amounts of money doing it and your argument is fundamentally flawed.

[Chippiewill]

There is still around 9000 accounts on Habbox.com, that is still a big number. And yes there is still people around in 2012 who isn't an expert in security and may not know how to protect themselves fully. We still have to deal with those users regardless if we like to or not.

I REGRET NOTHING!!!!!!!!!!

Edited by Martin (Forum Super Moderator): Please do not make off topic posts

[Hecktix]

I agree that Matt is certainly trustworthy enough. But as a programmer you should be aware that taking unnecessary and un-useful security risks just because it shouldn't be an issue is a bad idea.

If not Matt then give it to someone else, like Recursion who is the only person other than Jin and Sierk to be granted access to Habbox's servers since ---MAD--- and that's only happened very recently. If that had happened much earlier, many problems could have been solved. There needs to be someone who has full access to everything, who is trustworthy and not one of the twenty-something owners who have little interest in being online and are simply not able to be immediately available.

[scottish]

In regards of the site not being back up, there is good reason and this explains it:

Wait, so it took over 24 hours to get sierk to change the DNS...

cba reading the other idiots posts.

[jasey]

Erm hi there. I do actually work a tech job and I'm helping out habbox at the same time.

Just my two pence now... Would you rather us not investigate it at all? because from what you're saying you're actually criticising us for doing what we're meant to do. We only know it was a feeble attempt at gaining information because we looked into it. Recursion spent the best part of a day looking into it actually. It's good that you've not put any sensitive data into the database because we haven't really asked you for any. Good to know you're using the service as you're meant to. I'll rewager that bet and say you would have been one of the first to criticise if we didn't know what the hell was going on last night, yes?

No, frankly, I wouldn't care. My heart hasn't been in this site for a long time and I know I am speaking for quite a lot of active users when I say that. If Habbox goes, it goes. In fact, it's not an 'if' but rather a 'when'. I hate to be the realist, of course. I'd stay clear of making that bet in any case.

I'm all for you investigating this but it doesn't need to be plastered in public with people acting like it is more terrible than it is. Certainly, if you want to play internet detective then do it somewhere you can all play together without people seeing the Habbox tech team peeing contest.

[xxMATTGxx]

Wait, so it took over 24 hours to get sierk to change the DNS...

cba reading the other idiots posts.

Jin would normally have access but as mentioned in another post he lost the details due to recent hard drive failures and this caused the name servers not being changed straight away.

No, frankly, I wouldn't care. My heart hasn't been in this site for a long time and I know I am speaking for quite a lot of active users when I say that. If Habbox goes, it goes. In fact, it's not an 'if' but rather a 'when'. I hate to be the realist, of course. I'd stay clear of making that bet in any case.

I'm all for you investigating this but it doesn't need to be plastered in public with people acting like it is more terrible than it is. Certainly, if you want to play internet detective then do it somewhere you can all play together without people seeing the Habbox tech team peeing contest.

You did not have to post in this thread at all, the discussion was actually going on fine to be honest.

[GommeInc]

Right. First off, compare the size of Habbox's userbase and the PSN userbase. Huge difference. Like, such a huge difference that Habbox is wiped off of the map in comparison. Secondly, anyone who is stupid enough in 2012 to put anything sensitive or exploitable on to a site like Habbox is careless or ignorant. I do agree that it is important to protect the information of your userbase, but really? This is not as big of a deal as people are making it out to be. This is Habbox and I am still waiting to see any serious damage from this evil act by a terrible hacker besides chips on the egos of those who manage the site. I can't stress that enough.

I thought you would make that comparison yet you've seen it the wrong way. Habbox is a minor site, which is "easy pickings". Find the e-mail, the username and any information that can lead to a take over of more important accounts such as PSN accounts and there you have it, you've done little to no leg work. Would you rather attack the FBI straight on, or find a minor character and enter easily? Same thing, and all too common in this day and age.

EDIT: An obvious example can also be what happens on Habbo far too often. Find the e-mail associated with it > take over the account or just use the e-mail to find out their Facebook and so forth. Habbo have been known to change e-mail addresses on Habbo accounts if you e-mail them and make a persuasive argument.