| Pages in topic: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | Illegal use of data from ProZ.com profile Thread poster: RoxanaTrad (X)
|
|---|
Cetacea 
Switzerland
Local time: 05:44
English to German
+ ...
Henry D wrote:
The breach exploited a little-used area of the site that had not been updated for quite some time. The vulnerability has been corrected and further steps are being taken. We have begun efforts with relevent parties -- including outsourcingroom.com directly -- to have the unauthorized publishing of the data stopped.
Thanks again for your help, folks.
Henry
Thank you, Henry, and everybody involved in resolving this. I realize finding the hole and closing it is not quite as easy as darning an old sock...
| | | | Kay Barbara
United Kingdom
Local time: 05:44
Member (2008)
English to German
+ ...
| Ralf is right, please lift restrictions | Jul 23, 2009 |
Ralf Lemster wrote:
Hi Henry,
Thanks for the explanations.
In the meantime, to again quote Neil (thanks, Neil!):
What you should do is make sure that all of your accounts: ProZ, e-mail accounts, accounts for other web sites... have unique, secure passwords... Choose a separate, long, random sequence of letters, digits and symbols for your password for each account.
To update your password, go to: http://www.proz.com/?sp=new_password
I noted that ProZ.com does not accept special characters for passwords, or passwords longer than 10 characters. Unless there is some compelling technical reason for this, you may want to lift these restrictions, to permit safer passwords.
Best regards,
Ralf
I fully agree with Ralf. I just changed my password but was unfortunately not allowed to choose a strong password due to the restritctions in place. It would be great if you could change these restrictions.
Best,
Kay
| | | | Aniello Scognamiglio (X)
Germany
Local time: 05:44
English to German
+ ...
| Ten Password Myths | Jul 23, 2009 |
Myth #1: My Password Hashes Are Safe When Using NTLMv2
Myth #2. Dj#wP3M$c is a Great Password
Myth #3. 14 Characters is the Optimal Password Length
Myth #4. J0hn99 is a Good Password
Myth #5. Eventually Any Password Can Be Cracked
Myth #6. Passwords Should be Changed Every 30 Days
Myth #7. You Should Never Write Down Your Password
Myth #8: Passwords Cannot Include Spaces
Myth #9: Always Use Passfilt.dll
Myth #10: Use ALT+255 for the ... See more Myth #1: My Password Hashes Are Safe When Using NTLMv2
Myth #2. Dj#wP3M$c is a Great Password
Myth #3. 14 Characters is the Optimal Password Length
Myth #4. J0hn99 is a Good Password
Myth #5. Eventually Any Password Can Be Cracked
Myth #6. Passwords Should be Changed Every 30 Days
Myth #7. You Should Never Write Down Your Password
Myth #8: Passwords Cannot Include Spaces
Myth #9: Always Use Passfilt.dll
Myth #10: Use ALT+255 for the Strongest Possible Password
http://www.securityfocus.com/infocus/1554 ▲ Collapse
| | | | | My profile shows up as xxxLittleBalu | Jul 23, 2009 |
I stumbled across this thread only this morning and spent the last two hours reading all your posts.
I checked at - you know where - and found that my faked profile shows up as xxxLittleBalu. No further information is displayed, the (visible) profile is empty. Does that mean the profile has been deleted like it does here at Proz.com when you delete your profile but your KudoZ and Forum posts remain visible?
I don't intend to log in at - you know where - to check or remo... See more I stumbled across this thread only this morning and spent the last two hours reading all your posts.
I checked at - you know where - and found that my faked profile shows up as xxxLittleBalu. No further information is displayed, the (visible) profile is empty. Does that mean the profile has been deleted like it does here at Proz.com when you delete your profile but your KudoZ and Forum posts remain visible?
I don't intend to log in at - you know where - to check or remove the profile myself.
@Henry:
Is there any chance of Proz.com demanding the complete removal of all those Proz.com user profiles affected by the theft - instead of us having to try to do it ourselves, one by one? ▲ Collapse
| | |
|
|
|
avsie (X)
Local time: 05:44
English to French
+ ...
| Profile still there | Jul 23, 2009 |
Madeleine MacRae Klintebo wrote:
Great to hear to some people have been able to get "their" profiles removed/edited. I also used their form to send a threatening message, but no luck.
Same bad luck for me, Madeleine. I am not receiving any e-mails from OSR.com when I request my password to be reset, and my (threatening) e-mails via their contact form have remained unanswered - and my profile is still there. I suspect my ISP must be blocking their e-mails directly, because the e-mail address is still completely valid and I have full access to it.
Henry, I'm with LittleBalu: any chance of Proz.com demanding the removal of all profiles affected by the theft, instead of us having to try to do it ourselves?
| | | | | Off topic: @ Narasimhan Raghavan (and about personal data available in the Internet) | Jul 23, 2009 |
Narasimhan Raghavan wrote:
I tried from all angles. My profile is just not there. Nobody seems to love me then. 
Regards,
N. Raghavan
You're not alone, Narasimhan, I just made a quick search and it seems I am not there, either, thank God! I would say this time we have been the luckier ones.
But who knows, it could just be that we realized this late (my case) and, given all the fuss there has been these past days, maybe the said website has already started removing some or all of the Proz.com profiles.
On the other hand, I wanted to add that, as it has been mentioned that it seems basic crawling has been used to access profiles' public data, I did notice (I believe about 3 months ago), whenever I checked my visitor log, recurrent visits from a specific IP from Russia, so this could perfectly be the crawling robot that was being used. I also get recurrent visits from the crawling robot from California, from Google, and also from one in China.
And now that this incident has happened, it would be worth remembering that leaving very personal/detailed information so available in the Internet, especially in the case of resumés/CVs, is probably something to avoid, as you see how easy it can be to access it.
This also reminded me how sometimes in these forums in some discussions about being "professional" you are "blamed" for not displaying more complete information (like your telephone number or home address) about yourself. Well, in case you had not realized it, this incident is a good example of why.
| | | | | Call for public announcement and apology | Jul 23, 2009 |
I'm really glad that at least how this happened has now been cleared up, but the fact remains that there was a major security breach and that information is still out there (mine included; I refuse to "log in" to my "account" there). LittleBalu for instance is a regular site user and P-program member and just stumbled across the thread this morning. In the interest of clarification and transparency, I urge Henry to place a public announcement and apology in a prominent place on the main web page... See more I'm really glad that at least how this happened has now been cleared up, but the fact remains that there was a major security breach and that information is still out there (mine included; I refuse to "log in" to my "account" there). LittleBalu for instance is a regular site user and P-program member and just stumbled across the thread this morning. In the interest of clarification and transparency, I urge Henry to place a public announcement and apology in a prominent place on the main web page. ▲ Collapse
| | | | Jocelyne S
France
Local time: 05:44
French to English
+ ...
| To reiterate | Jul 23, 2009 |
LittleBalu wrote:
@Henry:
Is there any chance of Proz.com demanding the complete removal of all those Proz.com user profiles affected by the theft - instead of us having to try to do it ourselves, one by one?
Thanks,
Jocelyne
| | |
|
|
|
| Password restrictions will be updated | Jul 23, 2009 |
Ralf Lemster wrote:
I noted that ProZ.com does not accept special characters for passwords, or passwords longer than 10 characters. Unless there is some compelling technical reason for this, you may want to lift these restrictions, to permit safer passwords.
Hi Ralf,
Great point. The password system is being upgraded now. Safer passwords will be possible soon.
Thanks,
Jason
| | | | | ProZ.com response is ongoing | Jul 23, 2009 |
LittleBalu wrote:
@Henry:
Is there any chance of Proz.com demanding the complete removal of all those Proz.com user profiles affected by the theft - instead of us having to try to do it ourselves, one by one?
Hi everyone,
Efforts are underway to try to get all profiles that were copied from ProZ.com removed from the site in question (though there's no guarantee this will be successful). It still may be helpful for those affected to also request removal.
An announcement to all those affected by the breach will be made soon. I anticipate that Henry will respond in the morning (it's the middle of the night in his timezone).
Best regards,
Jason
| | | | Ralf Lemster
Germany
Local time: 05:44
English to German
+ ...
| Thanks, Jason! | Jul 23, 2009 |
Great point. The password system is being upgraded now. Safer passwords will be possible soon.
Good move - and very fast, too. Great.
Best, Ralf
| | | | Steffen Walter
Germany
Local time: 05:44
Member (2002)
English to German
+ ...
| Agree entirely, Michele | Jul 23, 2009 |
Michele Johnson wrote:
I'm really glad that at least how this happened has now been cleared up, but the fact remains that there was a major security breach and that information is still out there (mine included; I refuse to "log in" to my "account" there). LittleBalu for instance is a regular site user and P-program member and just stumbled across the thread this morning. In the interest of clarification and transparency, I urge Henry to place a public announcement and apology in a prominent place on the main web page.
Hi Michele,
Due to other commitments, I hadn't got the time yet to respond to this thread (but followed it passively on and off). Thanks to Henry and Jason for clearing this up and taking appropriate action but I fully agree that a related public announcement would be more than appropriate.
I also share LittleBalu's view that ProZ.com itself should take any and all actions deemed appropriate to have our entries removed from that site, as indicated by Jason already. I am very reluctant to engage in any activities on the site in question as I am not prepared to leave just another trace there.
Steffen
| | |
|
|
|
| Another SPAM | Jul 23, 2009 |
-----------
Sie haben eine Nachricht über ProZ.com erhalten.
Absender: anscha Profil des Absenders: http://www.proz.com/profile/1101448
IP-Adresse des Absenders: 196.207.219.102
-----------
HELLO
How are you? i hope you are fine, My name is Miss paulina,
I am browsing today in/www.proz.com so i come acrose your
profile with your email, it seams l... See more -----------
Sie haben eine Nachricht über ProZ.com erhalten.
Absender: anscha Profil des Absenders: http://www.proz.com/profile/1101448
IP-Adresse des Absenders: 196.207.219.102
-----------
HELLO
How are you? i hope you are fine, My name is Miss paulina,
I am browsing today in/www.proz.com so i come acrose your
profile with your email, it seams like some thing touches
me, i started having some feeling in me which i have never
experience in my life before, i decided to write you, l will
also like to know you the more,and l want you to send an
email to my email address so l can give you my picture for
you to know whom l am. Here is my email
address([email protected])
I believe we can move from here!
I am waiting for your mail to my email address above.
Miss paulina.
-----------
Ihr Profil: http://www.proz.com/profile/109353
Login unter: http://www.proz.com/profile/
Einstellungen für Profil-E-Mails bearbeiten: http://www.proz.com/?sp=ef&show_mode=profmail
Profilnachrichten von diesem Absender sperren: http://www.proz.com/?sp=ef&add_ip_block=196.207.219.102&add_email_block=magdalene_karmah@yahoo.com&add_eid_block=1101448
Unverlangte Werbung? Stellen Sie eine Supportanfrage: http://www.proz.com/?sp=ef&report_spam=3064457
----------- ▲ Collapse
| | | | Oliver Walter
United Kingdom
Local time: 04:44
German to English
+ ...
| | Republishing my earlier post... | Jul 23, 2009 |
From http://www.proz.com/post/1177295#1177295 :
Henry D wrote:
Hi all,
It turns out that what happened at elance happened also at ProZ.com: certain contact information was obtained, from certain profiles, with it later appearing on outsourcingroom.com.
The data was accessed during the first week of June, ie. a little over a month ago (though as I have posted previously, it is older ProZ.com profiles that were affected.) Among the information accessed were username, password (encrypted, not readable), first name, last name, phone number, email address and some geographical fields.
As posted previously, ProZ.com does not accept or hold credit card or bank account information, national identity (ex. social security), corporate or other identity numbers, so this incident did not involve the loss of any of those.
The breach exploited a little-used area of the site that had not been updated for quite some time. The vulnerability has been corrected and further steps are being taken. We have begun efforts with relevent parties -- including outsourcingroom.com directly -- to have the unauthorized publishing of the data stopped.
In the meantime, to again quote Neil (thanks, Neil!):
What you should do is make sure that all of your accounts: ProZ, e-mail accounts, accounts for other web sites... have unique, secure passwords... Choose a separate, long, random sequence of letters, digits and symbols for your password for each account.
To update your password, go to: http://www.proz.com/?sp=new_password
I am very sorry for the trouble caused to all of you in this case. I also regret that it took so long for us to get to the bottom of this. If you have a question or specific concern about how you may have been affected, please submit a support ticket. We will try to respond to all tickets as quickly as possible.
I will be sending notification by email soon to those who may have been affected.
Thanks again for your help, folks.
Henry
As I wrote, "We have begun efforts with relevent parties -- including outsourcingroom.com directly -- to have the unauthorized publishing of the data stopped." and "I will be sending notification by email soon to those who may have been affected."
| | | | | Pages in topic: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Illegal use of data from ProZ.com profile | Wordfast Pro | Translation Memory Software for Any Platform
Exclusive discount for ProZ.com users!
Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value
Buy now! » |
| | TM-Town | Manage your TMs and Terms ... and boost your translation business
Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
