Shown: posts 1 to 25 of 55. This is the beginning of the thread.
Posted by Dr. Bob on May 13, 2007, at 9:50:36
Hi, everyone,
I'm really sorry, but you all should know that Babble was hacked recently and your password here (the one you use to post) may have been compromised. I'm working to fix what I can, so posting is turned off for now. Please report any suspicious posts that remain either by emailing me directly or by using the "notify the administrators" button.
If you want to read posts, you can, but to be on the safe side, turn *off* your cookies, at least for this site, for now:
http://www.dr-bob.org/babble/faq.html#cookies
I'll try to keep you updated, and when the dust settles, we'll need to discuss the consequences of this. Thanks for your patience,
Bob
Posted by Dr. Bob on May 14, 2007, at 5:54:52
In reply to Hacked, posted by Dr. Bob on May 13, 2007, at 9:50:36
> Please report any suspicious posts that remain either by emailing me directly or by using the "notify the administrators" button.
>
> If you want to read posts, you can, but to be on the safe side, turn *off* your cookies, at least for this site, for nowHi again,
I think all the problem posts have been deleted, so it should be safe to turn on your cookies again. BTW, because the hacker was able to post as others, those who seemed to be responsible for the problem posts may not actually have been.
Also, I want to reassure you that someone else may have your posting password, but as far as I can tell, your computer hasn't been infected by a virus, the data on your computer isn't in danger, etc.
Babblechat is one way to stay connected with others here:
http://www.dr-bob.org/cgi-bin/ch/chat.cgi
but remember that that system uses the same passwords, so it may be hard to be sure who exactly you're chatting with.
I know this incident was quite upsetting to many members of this community. It was to me, too! I'm still working on fixing things, and the registration system is now turned off, too. It'll take some more time, but Babble will be back. Thanks again for your patience,
Bob
Posted by Dr. Bob on May 15, 2007, at 11:58:42
In reply to Re: Hacked, posted by Dr. Bob on May 14, 2007, at 5:54:52
> I'm still working on fixing things, and the registration system is now turned off, too.
OK, we're making progress, the registration system is back on.
1. To be on the safe side, everyone should change their password. To do that, go to:
https://dr-bob.securesites.com/cgi-bin/pb/signup.pl
and scroll down to the "update your registration" section. If your password is longer than 8 characters, make sure at least 1 of the first 8 characters is different.
2. If it doesn't accept your password, the hacker may have changed it. Email me, and I'll take a look.
3. While you're changing your password, check the email address that's in the system. The hacker may have changed that, too, and it needs to be correct for you to get your confirmation email.
4. If you're not already, this might be a good time to consider using an email address that's relatively anonymous.
5. I'll keep posting turned off for a few more days to give everyone time to do this. If posters don't change their passwords, I may change them myself to keep the hacker from using those names. Then I'll turn posting back on after we're more sure who's who.
Thanks again for your patience,
Bob
Posted by Dr. Bob on May 16, 2007, at 12:22:35
In reply to Re: change your password, posted by Dr. Bob on May 15, 2007, at 11:58:42
> > I'm still working on fixing things
FYI, what the hacker did was insert malicious instructions into a post that sent them information from the Babble cookies of those who came across that post. You can see for yourself what that included:
http://www.dr-bob.org/cgi-bin/pb/extras.pl#cookies
As far as I know, they didn't get access to the server. Or, as I mentioned before, to the computers of any users. Those who had cookies (or Javascript) turned off weren't affected -- and are probably safer in general.
I've updated the posting software to prevent that from happening again, and I'll turn it back on after people have had some time to change their passwords.
The issue with the Babblechat software was that it wasn't checking the current Babble password, but that should be fixed now, too.
Thanks to those who've sent notes of support, I've really appreciated them. :-)
Bob
Posted by Dr. Bob on May 17, 2007, at 9:10:33
In reply to Re: fixing things, posted by Dr. Bob on May 16, 2007, at 12:22:35
> what the hacker did was insert malicious instructions into a post that sent them information from the Babble cookies of those who came across that post.
FYI, that involved theft of personal information, so I've filed a complaint with the Chicago Field Office of the FBI:
> Specially trained cyber squads at FBI headquarters and in each of our 56 field offices, staffed with “agents and analysts who protect against investigate computer intrusions, theft of intellectual property and personal information, child pornography and exploitation, and online fraud”
>
> http://www.fbi.gov/cyberinvest/computer_intrusions.htmBob
Posted by Dr. Bob on May 20, 2007, at 7:33:09
In reply to Re: fixing things, posted by Dr. Bob on May 16, 2007, at 12:22:35
> I've updated the posting software to prevent that from happening again, and I'll turn it back on after people have had some time to change their passwords.
OK, we should be back up!
FYI, I changed some passwords myself, so if you can't post, please email me at dr-bob@uchicago.edu.
> The issue with the Babblechat software was that it wasn't checking the current Babble password, but that should be fixed now, too.
I've also cleared the Babblechat registration information, so those of you who want to chat will now need to re-register (for chat).
Finally, if Babblemail doesn't work for you, try typing in your current password. What gets filled in automatically may be an old password.
Now where were we? :-)
Bob
Posted by Fallsfall on May 20, 2007, at 7:50:32
In reply to Re: fixed things, posted by Dr. Bob on May 20, 2007, at 7:33:09
Thanks, Dr. Bob, for your handling of this. You kept us up to date on what was going on - that was comforting. I'm so glad you figured out how they got in so that you could plug that hole. There may be other holes, that others might exploit at some point, but at least this particular person can't do the same thing again. I am glad you reported this to the FBI. This was a crime, and we were hurt by this.
I hope that Babble can be peaceful and (not too) quiet! Well, maybe that wouldn't be Babble... I hope that Babble can still be Babble. I kind of like it that way.
Falls.
Posted by NikkiT2 on May 20, 2007, at 8:42:51
In reply to Re: fixed things, posted by Dr. Bob on May 20, 2007, at 7:33:09
Thankyou Dr Bob for all your work over this - I know such issues aren't easy to deal with in a decent manner.
Being kept up to date with what was happening was so important, and I'm so pleased you did that.
Thankyou again,
Nikki
Posted by gardenergirl on May 20, 2007, at 9:03:16
In reply to Re: fixed things, posted by NikkiT2 on May 20, 2007, at 8:42:51
It was very helpful to have the updates and reassurance. It's great to have posting back on, too!
Thanks,
gg
Posted by Dinah on May 20, 2007, at 9:55:31
In reply to I agree, posted by gardenergirl on May 20, 2007, at 9:03:16
You did well under in a trying situation, Dr. Bob.
Thank you.
Posted by Klavot on May 20, 2007, at 10:22:09
In reply to Me too, posted by Dinah on May 20, 2007, at 9:55:31
Don't you just want to jump and dance and scream and shout because PB is back! This is the best thing that has happened this past week. All sites get hacked sooner or later, even the servers of government agencies, so let's just get over it and move on.
Klavot
Posted by Phillipa on May 20, 2007, at 10:33:41
In reply to Re: Me too, posted by Klavot on May 20, 2007, at 10:22:09
Is it real? Babble is back? Thanks Dr. Bob. Love Phillipa
Posted by scratchpad on May 20, 2007, at 13:50:01
In reply to Re: fixed things, posted by Dr. Bob on May 20, 2007, at 7:33:09
For everything.
sp
Posted by Squiggles on May 20, 2007, at 14:43:07
In reply to Thank you Dr Bob, posted by scratchpad on May 20, 2007, at 13:50:01
You've been hacked before i think? But this
was a particularly nasty one. It was considerate
of you to send out "protect your password" messages. I'm glad things are working, and hope
it doesn't happen again. A friend of mine said that using Linux might protect you more than using Microsoft.Congrats to you and your helpers!
Squiggles
Posted by MidnightBlue on May 20, 2007, at 16:33:59
In reply to Re: fixed things, posted by Dr. Bob on May 20, 2007, at 7:33:09
Dr. Bob,
Thank you so much for fixing things and keeping us informed. That was really important to me. Thank you also for answering e-mail.
MidnightBlue
Posted by Racer on May 20, 2007, at 17:37:17
In reply to Re: fixed things » Dr. Bob, posted by MidnightBlue on May 20, 2007, at 16:33:59
It was a crime, and I would like to personally thank you, publicly, for reporting this to the FBI. I appreciate that very much, since it was my personal information which was posted.
Thank you, for keeping us informed, and for reporting this to the proper authorities, and for your concern about changing passwords, etc. I, too, hope Babble returns to -- well, to BabbleNormal, I guess.
Posted by Squiggles on May 20, 2007, at 17:44:33
In reply to Thank you for reporting this, Dr Bob, posted by Racer on May 20, 2007, at 17:37:17
So, what does the FBI do with the report?
And what are the consequences of hacking
this site? Does anyone know *who* did the
hacking?Sorry, I am not a geek, not even a geekling;
Squiggles
Posted by Honore on May 20, 2007, at 19:38:24
In reply to Re: Thank you for reporting this, Dr Bob, posted by Squiggles on May 20, 2007, at 17:44:33
Thanks for the updates and for keeping the chat open. Both make a great difference to me.
And for the change in photograph. It did communicate your presence, dismay, and concern for us, in a real way.
I'm also very happy to have my name back. Thanks for that, too. I''m just so happy that everything is back to normal-- even if normal is, as always, complicated and unstraightforward.
Honore
Posted by sunnydays on May 20, 2007, at 19:39:32
In reply to Thank you Dr Bob, posted by scratchpad on May 20, 2007, at 13:50:01
Thank you so much Dr. Bob! I never realized how comfortable I feel at Babble and how much I really enjoy posting here until it was gone for a while. Also realized I'm not as dependent on it as I feared. :) But it's good to have it back... if nothing else it gives me something to do when I'm bored, like right now. :) Thanks for taking care of this!
sunnydays
Posted by Lou PIlder on May 20, 2007, at 20:30:42
In reply to Re: Thank you for reporting this, Dr Bob, posted by Squiggles on May 20, 2007, at 17:44:33
> So, what does the FBI do with the report?
> And what are the consequences of hacking
> this site? Does anyone know *who* did the
> hacking?
>
> Sorry, I am not a geek, not even a geekling;
>
> SquigglesFriends,
It is written here,[...Does anyone know *who* did the hacking?...]
My feeling here is that if criteria are used to say that a person is of interest to be the hacker, that those criteria could be overiden by that the person falling under those criteria could also be of the nature that they would not do that. Could not someone that is not a likely person to be of interest, be the person also?
So I will not speculate here on who this could be. I think that the authorities could find the person.
Lou
Posted by Toph on May 20, 2007, at 20:48:05
In reply to Lou's response to aspects of Sqiggle's post, posted by Lou PIlder on May 20, 2007, at 20:30:42
> My feeling here is that if criteria are used to say that a person is of interest to be the hacker, that those criteria could be overiden by that the person falling under those criteria could also be of the nature that they would not do that.
>Hi Lou,
Trying to follow your logic here... are you saying that if Bob or the FBI uses some sort of probile to nab the hacker, could this profile be fallible? If that is what you are asking I say yes and hope some other technology definitively identifies the m*therfucker.
Toph
Posted by Squiggles on May 20, 2007, at 20:55:17
In reply to Re: Lou's response to aspects of Sqiggle's post, posted by Toph on May 20, 2007, at 20:48:05
> Hi Lou,
> Trying to follow your logic here... are you saying that if Bob or the FBI uses some sort of probile to nab the hacker, could this profile be fallible? If that is what you are asking I say yes and hope some other technology definitively identifies the m*therfucker.
> Toph
Quick, i need another benzo: are you saying
that the FBI is fallible? C'est pas possible!Squiggles
Posted by Lou PIlder on May 20, 2007, at 20:58:53
In reply to Re: Lou's response to aspects of Sqiggle's post, posted by Toph on May 20, 2007, at 20:48:05
> > My feeling here is that if criteria are used to say that a person is of interest to be the hacker, that those criteria could be overiden by that the person falling under those criteria could also be of the nature that they would not do that.
> >
>
> Hi Lou,
> Trying to follow your logic here... are you saying that if Bob or the FBI uses some sort of probile to nab the hacker, could this profile be fallible? If that is what you are asking I say yes and hope some other technology definitively identifies the m*therfucker.
> TophToph,
You wrote,[...{profile} be fallible?...other technology...]
You have stated that in a good way. What could be the other technology?
Lou
Lou
Posted by Dr. Bob on May 21, 2007, at 8:31:01
In reply to Re: Thank you Dr Bob, posted by Squiggles on May 20, 2007, at 14:43:07
> I'm glad things are working, and hope
> it doesn't happen again.Me, too!
> A friend of mine said that using Linux might protect you more than using Microsoft.
Who uses Microsoft? :-)
Bob
Posted by LadyBug on May 21, 2007, at 11:13:11
In reply to Re: Thank you Dr Bob, posted by Squiggles on May 20, 2007, at 14:43:07
Thanks, Dr. Bob I've missed the site a lot!
Go forward in thread:
Psycho-Babble Administration | Extras | FAQ
Dr. Bob is Robert Hsiung, MD, bob@dr-bob.org
Script revised: February 4, 2008
URL: http://www.dr-bob.org/cgi-bin/pb/mget.pl
Copyright 2006-17 Robert Hsiung.
Owned and operated by Dr. Bob LLC and not the University of Chicago.