First  Prev  1  2  Next  Last
Post Reply Crunchyroll Viewer?
75489 cr points
Send Message: Send PM GB Post
28 / M / canada
Offline
Posted 11/10/17 , edited 11/11/17

TheAncientOne wrote:


rizelmine17 wrote:

The hell sort of logic is that? first of all you are making an analogy of traffic accidents and comparing it to internet security which doesn't make any sense.

I'm sorry the analogy was not exacting enough for you to grasp it. The key point is that being aware can help one avoid being a victim. Not being aware doesn't make the other party less guilty, but isn't it better not to be a victim to begin with?


Second of all, the burden of security of private information and safety when using a product/service should always be on the company. What use is there to blame the victims? Where in this messed up scenario do you see an area that can be improved by saying "well you should have known and done better".

Here we disagree. You also completely missed the point the point that CR was also a victim, but you seem to have zero problem blaming them. By continuing to believe that you don't have to take any precautions or should aware, you are just setting yourself up to be a online victim again in the future.




namealreadytaken wrote:

fact 1: the CR viewer announcement looked very convincing

Very convincing? Did you read my message further up the page?


fact 2: Crunchyroll is NOT a shady website. it's one thing to download an executable file from a suspicious website.
it's another thing entirely to download a program advertised by a legit website. it's like blaming people for getting infected after visiting Microsoft.com only to be infected by a virus.

People have gotten malware via legit websites before, either via malicious advertising or even the website itself getting hacked. Being at a legit website is no reason to drop your guard, especially when it asks you to do something it has never asked before. (When had CR ever asked you to download and install an executable, especially via badly worded text)?





Am I going crazy? Dude are you actually saying that Crunchyroll is a victim in this? Crunchyroll used HTTP instead of HTTPS which allowed anyone, and I kid you not, anyone doing an hour of research do a DNS hijack on their website and cause a malicious redirect. this is something that is so egregious in cyber security that anyone who calls themselves a professional would say is a terrible idea. Their cyber security practices were bad and because of this their clients were exposed to malware. This is bordering on criminal negligence so I simply can't understand how you think that the users were to blame here.

Anyone, and I mean anyone can use this website. Children, adults, people who don't have a good understanding of technology use this website. CR dropped the ball and tried to down play the situation which nearly bricked my computer.

If they cared so much about you and me why didn't they leave a prominent message to warn users that may have been affected? Why didn't they send a message to our inbox to notify us of what happened? No they down played the situation and did the bare minimum to say that they did do something to warn people and and moved on as if nothing happened. How does this not make you angry? I just don't see why you see them in the light of being a victim when it's their poor practices that got people hurt.
109845 cr points
Send Message: Send PM GB Post
58 / M / U.S.A. (mid-south)
Offline
Posted 11/11/17 , edited 11/11/17

rizelmine17 wrote:

Am I going crazy? Dude are you actually saying that Crunchyroll is a victim in this?

By your logic, someone whose car was stolen because they didn't lock the doors wouldn't be a victim. You are claiming making questionable choices eliminates victim status.


If they cared so much about you and me why didn't they leave a prominent message to warn users that may have been affected? Why didn't they send a message to our inbox to notify us of what happened? No they down played the situation and did the bare minimum to say that they did do something to warn people and and moved on as if nothing happened. How does this not make you angry? I just don't see why you see them in the light of being a victim when it's their poor practices that got people hurt.

When have I ever brought up whether CR cared or not? I expect they would rather this incident soon be forgotten. Given that it happened in the wee hours of the morning on a weekend, I expect there was a large percentage of people that use CR that were never exposed to this and still haven't heard about it.

It doesn't make me angry because I've been around long enough that I don't get upset over things where my own personal responsibility allows me to easily avoid the consequences. Even if I had ignored the poorly worded text on the page touting the executable and downloaded and ran it, restoring a pristine OS on my system would have been as easy as restoring my last system image. I don't expect others to keep me safe on the internet, as experience has taught me that is folly.


Anyone, and I mean anyone can use this website. Children, adults, people who don't have a good understanding of technology use this website. CR dropped the ball and tried to down play the situation which nearly bricked my computer.

You are greatly over exaggerating there. There is no way this "nearly bricked my computer". You are running a Mac, which can't even natively execute the file in question. You couldn't even have ran the file in question (and I still wonder why the heck you did), if you didn't have a Windows installation running under Parallels. "Bricked" means to make non-functional. Even if one had been running a Windows XP system, and the file completely buggered the OS, that person could still wipe the drive and re-install the OS.

On that point, despite early reports this was crypto malware, I have yet to see a single posting on CR from someone relating that this encrypted a single data file on their system.

Frankly, with Parallels, you could have been back to pristine state in a matter of minutes if you were following normal backup procedures. The entire environment is contained in single .pvm file. If you aren't making a regular backup of your files, you are just asking to eventually lose them, and that has nothing to do with CR.


The internet isn't a safe place. "Children, adults, people who don't have a good understanding of technology" should take precautions. Using a Chromebook would be the safest approach, although a Mac is good as well. If Windows is used, the child or other individual that doesn't have the experience to avoid issues should be using a standard account, not an administrator account. Again, this isn't just because of CR, it is because of the internet in general. One reason I used the driving analogy before is because a lot of people approach driving and using the internet the same way; they believe all they need to do is follow the rules, and ignore they would be far safer if they anticipated the stupid or malicious actions of others, and planned for the best way to counter them.
15180 cr points
Send Message: Send PM GB Post
☆Land of sweets☆
Offline
Posted 11/11/17 , edited 11/11/17

TheAncientOne wrote:


rizelmine17 wrote:

Am I going crazy? Dude are you actually saying that Crunchyroll is a victim in this?

By your logic, someone whose car was stolen because they didn't lock the doors wouldn't be a victim. You are claiming making questionable choices eliminates victim status.


If they cared so much about you and me why didn't they leave a prominent message to warn users that may have been affected? Why didn't they send a message to our inbox to notify us of what happened? No they down played the situation and did the bare minimum to say that they did do something to warn people and and moved on as if nothing happened. How does this not make you angry? I just don't see why you see them in the light of being a victim when it's their poor practices that got people hurt.

When have I ever brought up whether CR cared or not? I expect they would rather this incident soon be forgotten. Given that it happened in the wee hours of the morning on a weekend, I expect there was a large percentage of people that use CR that were never exposed to this and still haven't heard about it.

It doesn't make me angry because I've been around long enough that I don't get upset over things where my own personal responsibility allows me to easily avoid the consequences. Even if I had ignored the poorly worded text on the page touting the executable and downloaded and ran it, restoring a pristine OS on my system would have been as easy as restoring my last system image. I don't expect others to keep me safe on the internet, as experience has taught me that is folly.


Anyone, and I mean anyone can use this website. Children, adults, people who don't have a good understanding of technology use this website. CR dropped the ball and tried to down play the situation which nearly bricked my computer.

You are greatly over exaggerating there. There is no way this "nearly bricked my computer". You are running a Mac, which can't even natively execute the file in question. You couldn't even have ran the file in question (and I still wonder why the heck you did), if you didn't have a Windows installation running under Parallels. "Bricked" means to make non-functional. Even if one had been running a Windows XP system, and the file completely buggered the OS, that person could still wipe the drive and re-install the OS.

On that point, despite early reports this was crypto malware, I have yet to see a single posting on CR from someone relating that this encrypted a single data file on their system.

Frankly, with Parallels, you could have been back to pristine state in a matter of minutes if you were following normal backup procedures. The entire environment is contained in single .pvm file. If you aren't making a regular backup of your files, you are just asking to eventually lose them, and that has nothing to do with CR.


The internet isn't a safe place. "Children, adults, people who don't have a good understanding of technology" should take precautions. Using a Chromebook would be the safest approach, although a Mac is good as well. If Windows is used, the child or other individual that doesn't have the experience to avoid issues should be using a standard account, not an administrator account. Again, this isn't just because of CR, it is because of the internet in general. One reason I used the driving analogy before is because a lot of people approach driving and using the internet the same way; they believe all they need to do is follow the rules, and ignore they would be far safer if they anticipated the stupid or malicious actions of others, and planned for the best way to counter them.


your analogy is increadibly flawed. when someone forgets to lock their car, they have the know-hows and have the ability to actually protect their vehicle. not only that, it is reasonable to expect the car to be stolen if you leave the car with the doors unlocked in the middle of the street. by comparison, no customer has legal access to the CR DNS, nor are they able to legally change the site code. a better analogy would be buying a new car, driving for a while, and suddenly having the brakes fail. "well sucks to be you, it's your fault that you didn't check the brakes were working before going into the freeway. i always check myself. :D" are you serious. i understand that, since you were a former moderator, you have a bias towards defending the site. but sometimes, rather than trying to make excuses, it's best to just be honest with the CR customers. they're the ones that ultimately keep the site afloat. it's understandable that a site can get hacked - all the major companies were hacked at some point. what i'd expect as a professional response is:

1) be honest - straight tell the customers that the CR was hacked
2) tell the customers what is being done to prevent a similar breach from happening
3) remedy the situation

this wasn't the first time CR dropped their balls. CR was caught lowering the quality for their premium users.. they took a few days before finally issuing an apology and supposedly fixing the affected videos.

it should be noted that CR didn't even provide fix themselves. instead, it was the users from reddit that helped each other fix each other's computer. they didn't even pin a thread on CR from a user helping affected customers.

honestly, i'm relieved your response is not to be taken as an official response - it would have been the perfect way for CR to lose their paying customers. btw thanks for telling us that CR is a potentially malicious website. this totally helps.

> I have yet to see a single posting on CR from someone relating that this encrypted a single data file on their system.
this is thanks to the people from reddit who were able to save other people's infected pc. not thanks to CR though.
109845 cr points
Send Message: Send PM GB Post
58 / M / U.S.A. (mid-south)
Offline
Posted 11/11/17 , edited 11/12/17

namealreadytaken wrote:

your analogy is increadibly flawed. when someone forgets to lock their car, they have the know-hows and have the ability to actually protect their vehicle. not only that, it is reasonable to expect the car to be stolen if you leave the car with the doors unlocked in the middle of the street.

So why is the analogy flawed? I'm saying CR was the one that "left the doors unlocked", not anyone visiting the site.

In case it wasn't clear, in my analogy:

The doors being left unlocked = Whatever did or failed to do that allowed the DNS redirection

The car itself = Crunchyroll.com (or at least the DNS pointing to the website)

Your own analogy is flawed because the problem was caused by a deliberate attack, not a simple failure. What happened here would be more akin to someone cutting a brake line, not a mechanical failure of the brakes due to a manufacturing fault.

Again, are you claiming someone that got their car stolen because they left the doors unlocked isn't a victim? rizelmine17 raised the issue of victim blaming, but apparently thought that applied only to CR's users, while somehow CR itself was excepted.

You admit "it is reasonable to expect the car to be stolen if you leave the car with the doors unlocked in the middle of the street". Is it any less reasonable to expect anyone with common sense to view as suspect a file offered up by a poorly worded page from a site that has never before pushed or offered an executable...at least enough to think "Perhaps I should ask if this is legit before running it"?

To use your analogy, it would be like noticing a pool of fresh fluid under your car, perhaps near one of the wheels, and thinking "Well, everything is probably okay" and proceeding to drive off.


i understand that, since you were a former moderator, you have a bias towards defending the site.

I was never a moderator, staff, or in any way officially associated with CR at any time.

Frankly, I'm glad they removed the "rank" from the profile, because a lot of people jumped to that conclusion, despite me having a disclaimer in my status line for most of the time that was present.


this is thanks to the people from reddit who were able to save other people's infected pc. not thanks to CR though.

Then why haven't we seen complaints of encrypted computers here from people that don't visit Reddit?

Keep in mind I didn't say it wasn't malware. I said it didn't seem to be crypto malware, as some had originally claimed. I'm assuming here you actually know what crypto malware is.

First  Prev  1  2  Next  Last
You must be logged in to post.