First  Prev  20  21  22  23  24  25  26  27  28  29  30  31  32  33  34  35  36  Next  Last
Post Reply Crunchyroll.com - Site Issues
9 cr points
Send Message: Send PM GB Post
Offline
Posted 11/4/17 , edited 11/4/17

zapotah wrote:

As soon as someone from the staff wakes up, I want clarification on two things:

1) Has CR stored passwords in plaintext or as they should be stored, hashed and salted? This to clarify on how bad this breach is.

2) Does CR store Payment information (CC number, Paypal, whatnot) in a way that i need to kill my card as a result on this breach?

Please dont give a vague answer to this. Two very simple questions with few words as an answer.




Exactly this, we really deserve an answer to this - not just (Crunchyroll is back up)
108604 cr points
Send Message: Send PM GB Post
57 / M / U.S.A. (mid-south)
Offline
Posted 11/4/17 , edited 11/4/17

zapotah wrote:

2) Does CR store Payment information (CC number, Paypal, whatnot) in a way that i need to kill my card as a result on this breach?

With PayPal, you wouldn't have to worry about your card, as CR would never have access to any card you had listed with PayPal. Likewise, they wouldn't have access to your PayPal credentials, only a token that authorizes CR to make charges to your PayPal account. Even if an attacker gained access to that, it would be useless elsewhere.

8032 cr points
Send Message: Send PM GB Post
32 / M
Offline
Posted 11/4/17 , edited 11/4/17
Website's still not encrypted. User's usernames and passwords are being sent, received, stored in plaintext.
Still using insecure Adobe Flash to play videos.
NGinx 1.10.3 is outdated and needs to be updated as does Ubuntu most likely.
You're announcing it via your Metatags which haven't been properly set.
Characterset isn't set so other charactersets can be sent and received which will allow for characters not expected by the server to be used to exploit it. Basically, do you know what characters are accepted and which are ignored¿
Because what someone types into a URL can easily become code on a server if someone accidentally used GET instead of POST for the data.
So you have a few little things to work on. Please do.
108604 cr points
Send Message: Send PM GB Post
57 / M / U.S.A. (mid-south)
Offline
Posted 11/4/17 , edited 11/4/17

D3m0n1q_733rz wrote:

Website's still not encrypted. User's usernames and passwords are being sent, received, stored in plaintext.



8032 cr points
Send Message: Send PM GB Post
32 / M
Offline
Posted 11/4/17 , edited 11/5/17
And yet, afterwards, once you're authenticated, your authentication can be easily swiped via listening to the communications between Crunchyroll and yourself. Also, SSL certificates verify that the site you are using is not another website entirely. So, once you're logged-in, then what? No encryption after that. Yes, it looks like Crunchyroll, but if I send you to another site via DNS poisoning, so could it. And you would be non-the-wiser because nobody authenticated the website after logging in.
Yes, it's nice that they use it for some of their pages. But after that, no security at all. GoDaddy (Yes, Crunchyroll is hosted by GoDaddy.com) should allow it to be used on all of their links here and with good reason.
Alright, I'll give you a scenario. You have an unencrypted site that directs you to an encrypted one. Only, because nobody could verify the initial site, it sent you to an encrypted fake site to enter your information to. Now, had you been able to verify that the site you were originally directed to was really a fake site, then you would know something's up and leave immediately. Hence the issue.
What's more, you don't even have to have the entire site replaced. As long as a link, image, or ad is replaced, something can affect users. All it takes is a tiny little reroute and it's done.
So please encrypt the rest of the site. It might not seem like it, but it's important.
54562 cr points
Send Message: Send PM GB Post
61 / M / Earth
Offline
Posted 11/4/17 , edited 11/5/17

symeller wrote:
Exactly this, we really deserve an answer to this - not just (Crunchyroll is back up)


This is probably as much of an official statement as you are going to get. It doesn't address the specific security measures that are being asked about, but it does explain what happened, and that the site itself was not compromised.

https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155
16016 cr points
Send Message: Send PM GB Post
41 / M
Offline
Posted 12/25/17 , edited 12/25/17
Android app and xbox one down :(

WHYYYY???
Posted 12/30/17 , edited 12/30/17
Hi,

I unlinked my VRV from crunchyroll and I no longer have a premium on VRV but my cr account is still saying that it's connected and that I have a premium on here. I am not too sure what more to do other than to ask in here for help.

Thank you so much for your help if you can ~
59925 cr points
Send Message: Send PM GB Post
32 / M / Dallas, TX
Offline
Posted 12/30/17 , edited 12/30/17

lynnllia wrote:

Hi,

I unlinked my VRV from crunchyroll and I no longer have a premium on VRV but my cr account is still saying that it's connected and that I have a premium on here. I am not too sure what more to do other than to ask in here for help.

Thank you so much for your help if you can ~


Is there a reason you unlinked your accounts? Did you originally pay for Crunchyroll via VRV or CR?
Posted 12/30/17 , edited 12/30/17


Because I wanted to? I mean I have my reasons.
I only watch funimation now so it's cheaper to pay just for that.
I had VRV and linked that way. VRV removed it for me but it still says I have it on here.
That is my only issue, lol.
Are you a site mod to help me?
54562 cr points
Send Message: Send PM GB Post
61 / M / Earth
Offline
Posted 12/30/17 , edited 12/30/17

lynnllia wrote:

Hi,

I unlinked my VRV from crunchyroll and I no longer have a premium on VRV but my cr account is still saying that it's connected and that I have a premium on here. I am not too sure what more to do other than to ask in here for help.

Thank you so much for your help if you can ~


You need to put in a direct support request if you wish to resolve any account issues. The forums are mainly for peer to peer help. Mods (all volunteers to police the forums and comment sections) can't help with that, it needs to be done by staff: /contact
Posted 12/30/17 , edited 12/30/17


ahhh I see. Thank you so much! I shall put in a request thing of sorts ~

597 cr points
Send Message: Send PM GB Post
38 / M / Everywhere
Offline
Posted 1/3/18 , edited 1/3/18
After wanting to change my avatar to another one I was not able to upload a new avatar so I am stuck with nothing right now. The new ones I was trying to upload were all small enough as well.
54562 cr points
Send Message: Send PM GB Post
61 / M / Earth
Offline
Posted 1/3/18 , edited 1/3/18

VegaStarX1 wrote:

After wanting to change my avatar to another one I was not able to upload a new avatar so I am stuck with nothing right now. The new ones I was trying to upload were all small enough as well.


Not entirely clear what you mean by "size"... kilobytes is only one measure, but in addition to that, neither the width nor the height can exceed 300 pixels to start.

It will then be shrunk (proportionally) to a stored maximum of 200 x 200 pixels, and the display on the forums will be 100 x 100. Comments will be even smaller than that.
597 cr points
Send Message: Send PM GB Post
38 / M / Everywhere
Offline
Posted 1/3/18 , edited 1/3/18

asharka wrote:


VegaStarX1 wrote:

After wanting to change my avatar to another one I was not able to upload a new avatar so I am stuck with nothing right now. The new ones I was trying to upload were all small enough as well.


Not entirely clear what you mean by "size"... kilobytes is only one measure, but in addition to that, neither the width nor the height can exceed 300 pixels to start.

It will then be shrunk (proportionally) to a stored maximum of 200 x 200 pixels, and the display on the forums will be 100 x 100. Comments will be even smaller than that.


The file size of the photo is under 1M.



First  Prev  20  21  22  23  24  25  26  27  28  29  30  31  32  33  34  35  36  Next  Last
You must be logged in to post.