Stallion Spotlight

Sir Donnerhall_02Beelitz

Real Estate Spotlight

untitled (115 of 123)-Edit
  • Welcome to the Chronicle Forums.
    Please complete your profile. The forums and the rest of www.chronofhorse.com has single sign-in, so your log in information for one will automatically work for the other. Disclaimer: The opinions expressed here are the views of the individual and do not necessarily reflect the views and opinions of The Chronicle of the Horse.

Announcement

Collapse

Forum rules and no-advertising policy

As a participant on this forum, it is your responsibility to know and follow our rules. Please read this message in its entirety.

Board Rules

1. You�re responsible for what you say.
As outlined in Section 230 of the Communications Decency Act, The Chronicle of the Horse and its affiliates, as well Jelsoft Enterprises Ltd., the developers of vBulletin, are not legally responsible for statements made in the Forums.

This is a public forum viewed by a wide spectrum of people, so please be mindful of what you say and who might be reading it�details of personal disputes may be better handled privately. While posters are legally responsible for their statements, the moderators may in their discretion remove or edit posts, though are not legally obligated to do so, regardless of content.

Users have the ability to modify or delete their own messages after posting. Moderators generally will not delete posts, threads or accounts unless they have been alerted and have determined that a post, thread or user has violated the Forums� policies. Moderators do not regularly independently monitor the Forums for such violations.

Profanity, outright vulgarity, blatant personal insults or otherwise inappropriate statements will not be tolerated and will be dealt with at the discretion of the moderators.

Users may provide their positive or negative experiences with or opinions of companies, products, individuals, etc.; however, accounts involving allegations of criminal behavior against named individuals or companies MUST be first-hand accounts and may NOT be made anonymously.

If a situation has been reported upon by a reputable news source or addressed by law enforcement or the legal system it is open for discussion, but if an individual wants to make their own claims of criminal behavior against a named party in the course of that discussion, they too must identify themselves by first and last name and the account must be first-person.

Criminal allegations that do not satisfy these requirements, when brought to our attention, may be removed pending satisfaction of these criteria, and we reserve the right to err on the side of caution when making these determinations.

Credible threats of suicide will be reported to the police along with identifying user information at our disposal, in addition to referring the user to suicide helpline resources such as 1-800-SUICIDE or 1-800-273-TALK.

2. Conversations in horse-related forums should be horse-related.
The forums are a wonderful source of information and support for members of the horse community. While it�s understandably tempting to share information or search for input on other topics upon which members might have a similar level of knowledge, members must maintain the focus on horses.

3. Keep conversations productive, on topic and civil.
Discussion and disagreement are inevitable and encouraged; personal insults, diatribes and sniping comments are unproductive and unacceptable. Whether a subject is light-hearted or serious, keep posts focused on the current topic and of general interest to other participants of that thread. Utilize the private message feature or personal email where appropriate to address side topics or personal issues not related to the topic at large.

4. No advertising in the discussion forums.
Posts in the discussion forums directly or indirectly advertising horses, jobs, items or services for sale or wanted will be removed at the discretion of the moderators. Use of the private messaging feature or email addresses obtained through users� profiles for unsolicited advertising is not permitted.

Company representatives may participate in discussions and answer questions about their products or services, or suggest their products on recent threads if they fulfill the criteria of a query. False "testimonials" provided by company affiliates posing as general consumers are not appropriate, and self-promotion of sales, ad campaigns, etc. through the discussion forums is not allowed.

Paid advertising is available on our classifieds site and through the purchase of banner ads. The tightly monitored Giveaways forum permits free listings of genuinely free horses and items available or wanted (on a limited basis). Items offered for trade are not allowed.

Advertising Policy Specifics
When in doubt of whether something you want to post constitutes advertising, please contact a moderator privately in advance for further clarification. Refer to the following points for general guidelines:

Horses � Only general discussion about the buying, leasing, selling and pricing of horses is permitted. If the post contains, or links to, the type of specific information typically found in a sales or wanted ad, and it�s related to a horse for sale, regardless of who�s selling it, it doesn�t belong in the discussion forums.

Stallions � Board members may ask for suggestions on breeding stallion recommendations. Stallion owners may reply to such queries by suggesting their own stallions, only if their horse fits the specific criteria of the original poster. Excessive promotion of a stallion by its owner or related parties is not permitted and will be addressed at the discretion of the moderators.

Services � Members may use the forums to ask for general recommendations of trainers, barns, shippers, farriers, etc., and other members may answer those requests by suggesting themselves or their company, if their services fulfill the specific criteria of the original post. Members may not solicit other members for business if it is not in response to a direct, genuine query.

Products � While members may ask for general opinions and suggestions on equipment, trailers, trucks, etc., they may not list the specific attributes for which they are in the market, as such posts serve as wanted ads.

Event Announcements � Members may post one notification of an upcoming event that may be of interest to fellow members, if the original poster does not benefit financially from the event. Such threads may not be �bumped� excessively. Premium members may post their own notices in the Event Announcements forum.

Charities/Rescues � Announcements for charitable or fundraising events can only be made for 501(c)(3) tax-exempt organizations. Special exceptions may be made, at the moderators� discretion and direction, for board-related events or fundraising activities in extraordinary circumstances.

Occasional posts regarding horses available for adoption through IRS-registered horse rescue or placement programs are permitted in the appropriate forums, but these threads may be limited at the discretion of the moderators. Individuals may not advertise or make announcements for horses in need of rescue, placement or adoption unless the horse is available through a recognized rescue or placement agency or government-run entity or the thread fits the criteria for and is located in the Giveaways forum.

5. Do not post copyrighted photographs unless you have purchased that photo and have permission to do so.

6. Respect other members.
As members are often passionate about their beliefs and intentions can easily be misinterpreted in this type of environment, try to explore or resolve the inevitable disagreements that arise in the course of threads calmly and rationally.

If you see a post that you feel violates the rules of the board, please click the �alert� button (exclamation point inside of a triangle) in the bottom left corner of the post, which will alert ONLY the moderators to the post in question. They will then take whatever action, or no action, as deemed appropriate for the situation at their discretion. Do not air grievances regarding other posters or the moderators in the discussion forums.

Please be advised that adding another user to your �Ignore� list via your User Control Panel can be a useful tactic, which blocks posts and private messages by members whose commentary you�d rather avoid reading.

7. We have the right to reproduce statements made in the forums.
The Chronicle of the Horse may copy, quote, link to or otherwise reproduce posts, or portions of posts, in print or online for advertising or editorial purposes, if attributed to their original authors, and by posting in this forum, you hereby grant to The Chronicle of the Horse a perpetual, non-exclusive license under copyright and other rights, to do so.

8. We reserve the right to enforce and amend the rules.
The moderators may delete, edit, move or close any post or thread at any time, or refrain from doing any of the foregoing, in their discretion, and may suspend or revoke a user�s membership privileges at any time to maintain adherence to the rules and the general spirit of the forum. These rules may be amended at any time to address the current needs of the board.

Please see our full Terms of Service and Privacy Policy for more information.

Thanks for being a part of the COTH forums!

(Revised 5/9/18)
See more
See less

Should we Make New Passwords Since COTH Was Hacked?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Should we Make New Passwords Since COTH Was Hacked?

    Moderator 1 Wondering how much , if any, of our info was compromised. That was quite the website that appeared when I tried to view the forum yesterday.

  • #2
    And as a follow-up, I don't even see an option to change my login within my user settings, profile, or anywhere else...

    Comment


    • #3
      I was surprised this morning that there was no announcement about that forum take over yesterday from COTH.

      I guess it is never a bad idea to change your password.

      Comment

      • Original Poster

        #4
        I'd like to know if my email address, DOB, login and/or password was accessed by the hackers.

        Comment


        • #5
          I think in general it is VERY IMPORTANT not to use the password you use here anywhere else. If you are using this password for any other account - especially something important like banking, email, or the like, change those passwords now. Make sure each are unique. Ideally your passwords should be longer than 8 characters, ideally longer than 12.

          Your lock password for your computer, your password for banking, your password for email, those passwords all need to be unique to each site and difficult to guess. Please don't use a password for any of those that is in the 100 most common passwords. https://github.com/danielmiessler/Se...17-top1000.txt

          If your password is "monkey", "princess1", or "12345" it's laughably easy to guess.

          Picking good passwords doesn't have to mean a lot of random numbers and letters. Being long is more important than the special characters. String 4 random words together, maybe add a number, and your password is unlikely to be guessed but will be easy to remember.

          It may be of help to you to use a password manager like LastPass or 1Password to track multiple passwords. Know your threat model to know if your most likely attack is someone in your home or office, someone trying to access your device while traveling, or an overseas hacker to decide how you want to store them.

          I assume that the problem was this: https://arstechnica.com/information-...vbulletin-bug/

          IE, not the fault of COTH admins but severe and unfortunate.
          If you are allergic to a thing, it is best not to put that thing in your mouth, particularly if the thing is cats. - Lemony Snicket

          Comment

          • Original Poster

            #6
            I am well aware of how to manage my passwords. I would like to know if my password for COTH and my DOB and email may have been accessed.

            Comment


            • #7
              Originally posted by Nestor View Post
              And as a follow-up, I don't even see an option to change my login within my user settings, profile, or anywhere else...
              You change your password by getting into account settings - click your name up above the COTH page banner, over on the left hand side. Then click the [Change Password] button shown below your account info.
              ~~ How do you catch a loose horse? Make a noise like a carrot! - British Cavalry joke ~~

              Comment


              • #8
                skydy after reading the Ars Technica article I think you should act as if they were. It's likely that the COTH staff does not know the answer but the vulnerability reported means it was possible that they were able to see anything in the database stored in plaintext.

                FWIW your email and your DOB are probably already semipublic due to various other public records. I use a false DOB on COTH but that doesn't help now.

                The rest of the info I posted for anyone reading, since most people here are likely not savvy about password management.
                If you are allergic to a thing, it is best not to put that thing in your mouth, particularly if the thing is cats. - Lemony Snicket

                Comment


                • #9
                  Originally posted by poltroon View Post
                  [ I use a false DOB on COTH but that doesn't help now.

                  .
                  I thought was strange that so many people were born on January 1st

                  Comment


                  • #10
                    Why is Monkey a common password?

                    I must have missed a memo. I never would have guessed that one.

                    Comment

                    • Original Poster

                      #11
                      Originally posted by trubandloki View Post
                      Why is Monkey a common password?

                      I must have missed a memo. I never would have guessed that one.
                      Neither would I.

                      Comment


                      • #12
                        Originally posted by trubandloki View Post
                        Why is Monkey a common password?

                        I must have missed a memo. I never would have guessed that one.
                        lol who knows? Lots of first names, lots of variations of 12345, etc.

                        The original list comes from a data breach of 32 million passwords, and it was found that something like 20% of them were in the top 100. This totally changed brute force password hacking from dictionary attacks to attacks that hit the top 5000 or so common passwords.

                        Fun fact: the "random" looking passwords on that list are common words in languages that don't use an ASCII keyboard, such as Chinese.

                        Also high on the list is 'superman' but 'princessmonkeysuperman' would probably be a decent password.
                        If you are allergic to a thing, it is best not to put that thing in your mouth, particularly if the thing is cats. - Lemony Snicket

                        Comment


                        • #13
                          COTH did make an announcement on Facebook... but yeah weird they didn't include anything directly on the forum announcements for those that don't have Facebook or check it often.

                          Direct link to change COTH password:
                          https://www.chronofhorse.com/account/EditAccount (that will take you to your account information which you can also get to by clicking your name in the top left corner)

                          You should always be changing your passwords. If you've had the same password for 10 years then... well it is a matter of time before your info is taken in this day and age. You can check Have I Been Pwned (pun on owned) https://haveibeenpwned.com/ to search if your email was ever a part of a known data breach. If you see any sites associated with your email and you haven't changed your passwords recently AND they all match - go change them asap. If you see any sites on there that you DON'T use and can still get into I suggest logging in and changing the associated email to something different (I have a throw away gmail one I use for things that I don't need frequently) as well as the password. I actually use multiple real email addresses and my accounts are all different passwords because I don't want one login to get me screwed over across the board. I also have two factor authentification on EVERYTHING. Fool me once shame on you (yes, I got hacked pretty bad once upon a time) fool me twice shame on me.... haven't fooled me twice because I take protecting my accounts very seriously. Sad that it has to be done, but not everyone plays nice on the interwebs.


                          ETA - if you want to see how many times a password has been "pwned" you can click on the top link that says passwords or here is the direct link. https://haveibeenpwned.com/Passwords . As of this post the password "password" has been pwned 3,730,471 times while the closely related "p@ssword" comes in at 13,635. Still a lot. The password "12345678" has been pwned 2,938,594. "Monkey" has been pwned 987,676 times. It really can be disturbingly amusing to see what common words people end up using as passwords.
                          Last edited by rockonxox; Sep. 26, 2019, 03:13 PM.

                          Comment


                          • #14
                            Originally posted by rockonxox View Post
                            COTH did make an announcement on Facebook... but yeah weird they didn't include anything directly on the forum announcements for those that don't have Facebook or check it often.
                            And yet another reason why it would make sense for them to say something here now that they are back up.
                            I follow COTH on Facebook, but I never saw any of that on my news feed. We all know how Facebook only shows you what it wants to show you.

                            Comment


                            • #15
                              This? Not sure I'd count this as an announcement about whatever happened yesterday :-/

                              https://www.facebook.com/82392280313...2565446520314/

                              They can do better about telling us what was compromised and if we need to worry. It's not just passwords...what about the credit card info they store, too?

                              Comment


                              • #16
                                Ok dumb question. What is the risk if "they" do have our password? That someone is going to post spam under your name?
                                I saw someone mention a credit card, but I've never used a card related to anything on COTH.
                                http://trainingcupid.blogspot.com/

                                Comment


                                • #17
                                  Originally posted by Training Cupid View Post
                                  Ok dumb question. What is the risk if "they" do have our password? That someone is going to post spam under your name?
                                  I saw someone mention a credit card, but I've never used a card related to anything on COTH.
                                  Do you use the email/password combo here for anything else?

                                  If no, then your risk if there was a breech is low. Good job, that's how you should be creating passwords

                                  If yes, then those things you use this user name/password combo are at risk. Or, really, any user name associated with you, or related password. A whole lot of people use the same password in a bunch of places because it can be a pita to remember hundreds of different ones for everywhere we go online.

                                  COTH stores credit card numbers for magazine subscribers. Or has a payment service that does. I only saw the forums down yesterday, but the fb post doesn't specify only the forum and iirc, part of the update a couple years ago was integrating everything. So...what's the risk with what happened yesterday?

                                  Comment

                                  • Original Poster

                                    #18
                                    Apparently they were hacked by a dubious entity because when one tried to enter the forum, a completely unrelated and very sketchy web page appeared.

                                    Comment


                                    • #19
                                      I changed my pw today; better safe than sorry

                                      Comment

                                      • Original Poster

                                        #20
                                        The fact that a very dubious web page came up when I tried to use the forum, is why I rather expected some notification about what, if any, information had been compromised.

                                        Comment

                                        Working...
                                        X