gose Posted December 2, 2014 Share Posted December 2, 2014 I use pwnedlist. I actually got an alert on the USPSA hack from pwnedlist BEFORE USPSA decided to alert users. I read about it on Facebook before I got anything from USPSA Link to comment Share on other sites More sharing options...
retarmyaviator Posted December 2, 2014 Share Posted December 2, 2014 (edited) The USPSA membership roster would be a big score for anti-gun activists. Try having an FFL, ATF broadcasts your name and address to the world. Edited December 2, 2014 by retarmyaviator Link to comment Share on other sites More sharing options...
rk272 Posted December 2, 2014 Share Posted December 2, 2014 (edited) I use pwnedlist. I actually got an alert on the USPSA hack from pwnedlist BEFORE USPSA decided to alert users. I signed up on pwnedlist yesterday and it reported 2 data leaks on my email from the USPSA database one on 11/26 and better yet one YESTERDAY 12/1/2014 Edited December 2, 2014 by rk272 Link to comment Share on other sites More sharing options...
NewColonial Posted December 2, 2014 Share Posted December 2, 2014 I got the second notice as well. It's the same data (same old password) so my guess is the list has been posted somewhere else. Link to comment Share on other sites More sharing options...
Jadeslade Posted December 2, 2014 Share Posted December 2, 2014 I signed up with pwnedlist today and got nothing about anything for my emails. Am I doing something wrong? I never got a chance to see if my email was on that original dump. Link to comment Share on other sites More sharing options...
D.Hayden Posted December 2, 2014 Share Posted December 2, 2014 How long it is taking to get the password reset email from USPSA? the site says up to 48 hours? Link to comment Share on other sites More sharing options...
BritinUSA Posted December 2, 2014 Share Posted December 2, 2014 I have not received any emails and I've been trying since the notice was sent out. Link to comment Share on other sites More sharing options...
jhguns Posted December 2, 2014 Share Posted December 2, 2014 I have not received any emails and I've been trying since the notice was sent out. Same here Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Round_Gun_Shooter Posted December 2, 2014 Share Posted December 2, 2014 I have not received any emails and I've been trying since the notice was sent out. I too have been trying since day 1. I couldn't sleep last night (not unusual) and tried it at 0300 and it went right through. Password changed............. Finally. Link to comment Share on other sites More sharing options...
pkm Posted December 2, 2014 Share Posted December 2, 2014 When I requested a password reset they just told me to use the default pin when I signed up that is located on your frontsite magazine. That being said I have yet to be able to actually change my password on the site, it says my profile is updated but the only thing I can use to login is my PIN. Link to comment Share on other sites More sharing options...
NewColonial Posted December 2, 2014 Share Posted December 2, 2014 (edited) More great USPSA "security": Log into your account with your USPSA # and pin, both printed in clear view on the cover of the magazine for anyone to see. Edited December 2, 2014 by NewColonial Link to comment Share on other sites More sharing options...
pkm Posted December 2, 2014 Share Posted December 2, 2014 Its not like the website is an integral part of USPSA or anything. Link to comment Share on other sites More sharing options...
CHA-LEE Posted December 2, 2014 Share Posted December 2, 2014 This kind of crap is expected when USPSA HQ is leveraging "Volunteers" to do this stuff. Just like anything else in this world, you get what you pay for. If someones head does not roll for this blatant screw up then we really know how screwed up USPSA HQ is. Link to comment Share on other sites More sharing options...
BritinUSA Posted December 2, 2014 Share Posted December 2, 2014 Its not like the website is an integral part of USPSA or anything. Back when it was setup it probably wasn't an integral part but now it is and it should be handled by professionals who can support it 24x7. The design and support of the web-site should be outsourced to a credible web-design company. Link to comment Share on other sites More sharing options...
pkm Posted December 2, 2014 Share Posted December 2, 2014 Sorry Paul I forgot to use the sarcasm font. Don't forget to add regular security testing as well, their notion that the payments were impacted because they were handled by a third party is also probably bullshit, but it is quite obvious by the SQL error messages that users have received since the site was "fixed" that they didn't fix anything. A breach is one thing but to store passwords in the clear is just plain incompetence. Link to comment Share on other sites More sharing options...
BritinUSA Posted December 2, 2014 Share Posted December 2, 2014 We do security audits every 3 months at work, its a pain but it has to be done. Every organization makes mistakes, and every mistake should be cause to re-examine everything related to that mistake. USPSA needs to undergo some analysis of everything that is being done and identify all problems and all potential problems and fix them. I think there is too much "if its not broken don't fix it" attitude; Stuff may not necessarily be broken but everything can be improved and I think that determination should be based on risk/reward/cost factors. Link to comment Share on other sites More sharing options...
pkm Posted December 2, 2014 Share Posted December 2, 2014 Agree, and as someone who does this day in and day out for a living it really irks me. Hey Paul, maybe you should run for President Link to comment Share on other sites More sharing options...
Richc2048 Posted December 3, 2014 Share Posted December 3, 2014 I like how I am still getting deals on steel targets shared on their facebook. I can't believe they are still posting pictures and stuff like everything is normal. I would think they would want to be in the dark for a little while. At least until everything is fixed, classifiers from early November are entered, etc... Link to comment Share on other sites More sharing options...
Adam B Posted December 3, 2014 Share Posted December 3, 2014 for those of you that reset your password before 12/1, per pwnedlist.com, the site was compromised again on 12/1 Link to comment Share on other sites More sharing options...
NewColonial Posted December 3, 2014 Share Posted December 3, 2014 I do not believe that was a new compromise, but a reposting of the same data somewhere else. The 12/1 post on pwnedlist shows the old password. If it was a new hack, my changed password would be listed on pwnedlist. Link to comment Share on other sites More sharing options...
D.Hayden Posted December 3, 2014 Share Posted December 3, 2014 Does it say somewhere on pwnedlist what site was compromised? Link to comment Share on other sites More sharing options...
Adam B Posted December 3, 2014 Share Posted December 3, 2014 it may have been a re post of the data, in my report it states uspsa.org credentials leaked 1/26 and 12/1 Link to comment Share on other sites More sharing options...
bgary Posted December 4, 2014 Share Posted December 4, 2014 More info, hot off the press.... http://uspsa.org/uspsa-announcements-details.php?USPSA-Board-Addresses-Website-Issues-191 Link to comment Share on other sites More sharing options...
outerlimits Posted December 4, 2014 Share Posted December 4, 2014 bruce- even though no other info was compromised, once the id and passwords were available, one could access confidential info such as home address, etc by merely logging in. has your IT guru looked at how many records and which ones were accessed after the breach? Link to comment Share on other sites More sharing options...
ron169 Posted December 4, 2014 Share Posted December 4, 2014 Just read the pdf /bulletin that USPSA released. That is the most transparent I've ever seen them be Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now