It may be nothing but we could have a security problem on FD

[Narrow Back]

[styky]

So what are you saying.............they give out towels at the secret meetings now?

[J.B. Stone]

Knob

Yep.

So, you're saying it's still happening after I did all THAT....???



NOW you've done it......you went and broke the internet.

[Narrow Back]

Knob

Yep.

So, you're saying it's still happening after I did all THAT....???



NOW you've done it......you went and broke the internet.

Yes, you are correct and wise.

[ccurrie]

I suspect this is a browser effect NB. Without either a router log showing the packets in and out, or a firebug style debugger running on the client there's no way I could figure out what happened. I can't make it happen myself.

[pirapoi]

Narrow Back, Connie Fournier, shiva, Hubert Mitchell, Charles J. White and pirapoi.
Why these names come up, and only these names, is a mystery to me.

I thought it might be a co-ed hockey team, although there seems to be an excess of right wingers.

[shiva]

Narrow Back, Connie Fournier, shiva, Hubert Mitchell, Charles J. White and pirapoi.
Why these names come up, and only these names, is a mystery to me.

I thought it might be a co-ed hockey team, although there seems to be an excess of right wingers.

That is quite a formidable crew!I wouldn't want to mess with them, myself included.

[Peter O'Donnell]

I've got only one thing to say to anyone who wants to steal my identity.


Ha ha !!!

[Narrow Back]

I suspect this is a browser effect NB. Without either a router log showing the packets in and out, or a firebug style debugger running on the client there's no way I could figure out what happened. I can't make it happen myself.

It's simple, type in a name, any name, then try to login (without password). When you go back to the login, double-click on the empty username box, you should see the name that you entered. I just did with Connie's name. Here it is:



This is the crux of the matter. When someone hacks they enter the name that they want then run a hack program on the password. Since I have NEVER typed in anyone's name but mine, how did they get there? There is no chance anyone could get to my machine unless they broke into my home. That would be very difficult to do or believe. That leaves only one possible answer. The information is cached on FD's server, which is why I could see the names. There simple is no other explanation.

Here are some tools that can be used to explore this further.

http://www.opensourcetesting.org/security.php

There are many others. If Connie likes I can try to do this but I suck with network security stuff.

[Julian]

N.B. I just followed your instructions and when I double click on the empty name box I get nothing at all, not even my own name that I had just entered.

[Narrow Back]

N.B. I just followed your instructions and when I double click on the empty name box I get nothing at all, not even my own name that I had just entered.

I understand. How can I do this then? You don't need to answer. The point is, those names did come up for me. I am trying to warn about a problem. I create forms and I teach about forms. I know how they work. It was either me who typed those names or someone else. It's a black and white issue. Browsers don't just decide to insert names into password protected login forms. Hackers do though.

[ShadowCat]

NB-
My results following your instructions are the same as Julian above-
Not even my own name -
It must be some kind of internal glitch with your setup-

[Narrow Back]

NB-
My results following your instructions are the same as Julian above-
Not even my own name -
It must be some kind of internal glitch with your setup-

It only appears to happen in Google Chrome. That's beside the point. The question remains, how did those names get in there? A "glitch" is not the answer.

[Julian]

N.B. I just followed your instructions and when I double click on the empty name box I get nothing at all, not even my own name that I had just entered.

I understand. How can I do this then? You don't need to answer. The point is, those names did come up for me. I am trying to warn about a problem. I create forms and I teach about forms. I know how they work. It was either me who typed those names or someone else. It's a black and white issue. Browsers don't just decide to insert names into password protected login forms. Hackers do though.

What are the odds that your computer has been hacked and not the fd system? If this was done what is the objective? Is it possible that if your system was co-opted that it could be used to get access to other systems that frequent f.d.?

[Narrow Back]

N.B. I just followed your instructions and when I double click on the empty name box I get nothing at all, not even my own name that I had just entered.

I understand. How can I do this then? You don't need to answer. The point is, those names did come up for me. I am trying to warn about a problem. I create forms and I teach about forms. I know how they work. It was either me who typed those names or someone else. It's a black and white issue. Browsers don't just decide to insert names into password protected login forms. Hackers do though.

What are the odds that your computer has been hacked and not the fd system? If this was done what is the objective? Is it possible that if your system was co-opted that it could be used to get access to other systems that frequent f.d.?

That could be it. If someone hacked me then logged into FD they would cover their tracks. I would look like the hacker.

It's entirely by accident that I noticed this. That's why I am raising the subject here. If something does happen I want to alert everyone in advance.

Shiva and I had an exchange earlier in this thread that might shine some light on motive. It may just be a hacker getting his jollies or something more serious. I don't know. I do know it doesn't hurt to be vigilant, especially when it comes to site security.