Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0_1 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A400 Safari/528.16)

I tried connecting to flyertalk and somehow got redirected to "dupedb.com" promoting rapidshare downloads.

I don't know if others have experienced this but I got this on three different systems so I'm posting this as a heads-up to the site administrators.

Wirelessly posted (Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 NokiaE63-1/100.21.110; Profile/MIDP-2.0 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413)

I've been getting the same here in the UK. No problem earlier this morning, now can only access via mobile site. Faith and trust in Flyertalk site falling further :(

Same here.

Same. Are the FT tech people capable of handling the recent problems? If not, and it appears they aren't, they need to find new people.

hacked again. sigh.

a quick google search of dupedb shows that their discussion board is also 'powered by' vbulletin. no idea if that means anything.

Same here in Germany,

using firefox.initially redirected to this file sharing site, now just white screen.
No problems with IE.

cheers

Same problem from Japan. Redirected to the same file-sharing site. Easy to block the redirect in Firefox, but still could not get to FT. Using IE I would just get an error message.

FT seems to be up and running again.
These hacks are quite annoying!

Wirelessly posted (BlackBerry8310/4.5.0.110 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/102)

Same here. Don't think it is the fault of the FT IT group as any dedicated attack will achieve the desired goal.

Indeed, I was also redirected this morning. Will there be some sort of after action report on the outage? If not, I assume it is up to us to take the initiative to change our FT passwords, etc, correct?

That may well be true, but FT without a doubt, seems to have far, far more problems than ANY website of any type that I visit.

It should be getting a bit embarrassing for the IT staff at this point...

Regards

Agreed......Just hope members personal details can't be accessed as easily as the site seems to be hacked.

?????

How is FT (actually, IB) not responsible for the security of their systems? They are running a multi-million $ operation and need either to deal with things in-house or put some serious pressure on their vendors.

The single largest piece of the system (vBulletin) is actually owned by IB. It's their baby now and has been for a couple years.

What FT tech people? The same ones who routinely take 3+ weeks to answer a simple question here?

I never thought I'd say this, but the guys in Colorado Springs were far better, at least on what is customer-facing.

I got the same re-direct this morning- 9:30 a.m. EST. I checked

http://downforeveryoneorjustme.com/

and it confirmed that FlyerTalk was down for others and not just me.

About 10:15 a.m. EST it came back a and the above URL reported it was up.

Me too. Sucks

Me too. Firefox was redirected IE just could not find page.

Hey Mods, what happened?

Me too, works now though...

I had the same problem earlier. Now that the site is back, though, every time I come over here, I get a pop-up from Kaspersky Security that says:

Application Firefox contains link to web page http://.../ads?client=ca-ib_travel_sede_1&output ...used to steal passwords, credit card numbers or other confidential information. Denied.

It still lets me read the threads though. At first I thought it was more of an issue with Firefox, yet when I go to any other website, I don't get that pop-up screen. Only here at Flyertalk.

We believe that the attackers found a vulnerably in a piece of software on the site. We became aware of the exploit last week and patched the software accordingly. Our security scan of the site did not uncover any additional problems, however someone had left a back door onto the server. We have located and removed the malicious scripts.

We are very sorry for the inconvenience today.

You mean for now. :rolleyes:

By the way, the recent technical, oh, what should we call them, SCREW-UPS are the reason I won't be subscribing to this site. At least until professionals are in charge. :td:

LoneStarMike, that doesn't sound good.
Does the alert popup still come up after IB's actions so far?

I'm confused. What do you mean by "subscribing to this site"? You have an account with FlyerTalk and you just made a post. Isn't that a subscription?

FT needs to get going on stuff...who will want to use a site that has secuirty threats. Thankfully, I use IE which blocked that and just kept the site inaccessible :)

If it's that site - report it to google so that their site get removed: http://www.google.com/safebrowsing/report_badware/

nope. there's a paid option which removes the ads (as does ....... for free, if you're using firefox) and gives you a larger mailbox.

So, your server was compromised and there is no statement issued by you stating that we should change our passwords?

Very unsecure.

I'm outta here.

One of the reasons I let my subscription lapse.

Got it. Thanks :D

I will not provide this site with any critical information until their IT reputation revives itself. IT security is way too important, how can this possibly happen...we got hacked, fixed it, then got hacked bc we actually didnt fix all the servers? Security please!

I for one thank you and the others that administer FT. I'll suppress my opinions about the posts (and posters) who threaten leaving.

I'm not clear on it, but the IF subscription fees may very well be going to the HOM in COS instead of to IB.

People vowing not to subscribe may be protesting against the wrong party...

It is a business and if the firm, FT, could be making more economic profit elsewhere, the firm would dissolve and reallocate its resources in a different market. Thus, I am thankful for such a service, but keep it mind, this is not ran out of some poor person's house who has overloaded their electric circuit for us :) It's a business and they need to respond to customers.

I'd suggest that IB get some junior high coders on their staff. so they can flesh out these problems a bit quicker. ;)

The compromise was with the application and they had no access at any time to the database. However, for a second let's say that they did. Your password is saved as an md5 hash with a salt added to it. We don't actually ever save your password. When you type in your password, your specific salt is added to it and it's hashed. The resulting hash is compared to the hash stored in the database. If they match, then it lets you in.

MD5 is a one way hash. This means that you can't take a hash and figure out what the original string was. While there are md5 lookup databases that try to catalog all possible hashes, the fact that we salt the password first makes them completely unusable.

This is why if you forget your password here that you can only get instructions to reset it. We can't ever send you your password because we don't know what it is. If a website will email you your password when you forget it, that means that they store your password directly. That's a bad thing.

We didn't warn anyone that they should change their passwords because there is absolutely no way that someone stole your passwords.

Thanks!

Let me join with others in saying thanks to our hard working IT gurus.

Bigger sites have been hacked including sensitive government sites. The test of IT is how fast they can get things back together. Where we addicts look for instant gratification, you did well guys.

No. Once I shut down and then powered up again, the popup was gone.

While what you write above about MD5 is true, but it does not address the problem of password security on a compromised site.

1.) MD5 is outdated and deprecated, as successful attacks on MD5 have been demonstrated more than 4 years ago. Look this up in any recent book on computer security - or just go to wikipedia. I quote: "On 18 March 2006, [Vlastimil] Klima published an algorithm that can find a collision within one minute on a single notebook computer, using a method he calls tunneling."

How anybody can still use MD5 in critical applications is beyond me. You should switch to SHA. For SHA-1, only theoretical attacks exist, for SHA-2 no known attacks exist.

2.) Salting offers only minimal protection against weak passwords. Everybody with a short password (less than eight characters) should be aware that a brute force attack will uncover it in a few hours (total time for yours and any other similar weak password in the system). Since it is a brute force attack, even a password like "gHj87Q" offers no protection. Also, dictionary attacks can be quite successful - how many of you have a common English word or name as a password? Those take minutes.

3.) A system that has been compromised as far as having backdoors installed, should never be considered safe until reinstalled or restored from a known good backup. Evidence that "they never accessed the database" may be false, since the backdoor application could as well have scrubbed the log files to hide its tracks - very common, btw.

And yes, I do system security for a living.

Thanks for the reminder.

I thought my passwords were fairly complex but you convinced me to rethink that.

I just added very complex passwords for the log-ins at my financial institutions, hotel and airline mileage/point programs and other websites where someone who cracked the password could drain my account.

I'm sure my passwords could still be hacked but they're going to have to work one hell of a lot longer to do so.

MD5 with SALT is useless, it is NOT a one way hash and can easily be defeated, as it has on other vB powered sites of major size, if you want details, ASK. I am a member of another site that had similar things happen(not an Internet Brands owned site), they tried to cover it up as well. In the end they ate some humble pie, told the real facts, and secured their systems and firewalls again from the start with more security in mind. In addition they use a proxyshield at times when DDOS attacks and brute force attempts happen that aid in loading the site for the legit users.

The hackers responded by posting DB dumps of email addresses, passwords, and other sensitive info on rapidshare and other sites, not once but THREE times over two weeks. (updated to latest passwords and info each time)

They too had MD5 with salt, but it is outdated and not a secure means anymore. You are giving a false sense of security in this reply.