Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
679 posts

Ultimate Geek
+1 received by user: 12

Trusted
Spark NZ

  Reply # 509134 19-Aug-2011 17:59 Send private message

Thanks for that.

Yeah I get why it has been implemented, but with the number of ADSL disconnections I get it is just too annoying :(




All opinions are mine and mine alone, and do not represent the opinion of Spark.



BDFL
49620 posts

Uber Geek
+1 received by user: 4465

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509137 19-Aug-2011 18:01 Send private message

Update on mobile problem: it only happens on Telecom XT, and only if your mobile device is configured to use the WAP APN or has no APN configured (in which case WAP is used by default). If you configure the Internet or Direct APNs then it works just fine.







BDFL
49620 posts

Uber Geek
+1 received by user: 4465

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509158 19-Aug-2011 18:40 Send private message

I can work on this for an update.




Aussie
2209 posts

Uber Geek
+1 received by user: 217

Trusted
Subscriber

  Reply # 509174 19-Aug-2011 19:28 Send private message

Explains why I was about to blame my new rom when browsing on my phone while i was out today! lol.

1325 posts

Uber Geek
+1 received by user: 164

Trusted

  Reply # 509184 19-Aug-2011 19:56 Send private message

Great feature.

I use a similar feature in PHP's Suhosin patch. It'll encrypt a cookie using the IP address, you can set it to use the 1st, 1st and 2nd, 1st 2nd and 3rd or all 4 octects of an IP address for the encryption.

What this means is you can change IP within the same /24 and your cookie is still valid if you choose 3 octects, within the same /16 (255.255.0.0) if you pick two or within the same /8 (255.0.0.0) if you pick just one.

Is it possible to modify your check to do this, or make it an option? For me I found making it a /16 worked fairly well, sure it's not bullet proof but if you change ISP then you're (probably) going to fall outside the permitted range.

Just a thought.




Checkout the EPIC5 script I work on, LiCe. Makes console based IRC fun and easy to use, just like the old days!
Android user? Checkout MightyText - text messaging from your browser.



BDFL
49620 posts

Uber Geek
+1 received by user: 4465

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509188 19-Aug-2011 20:00 Send private message

I thought of that but the problem is if you go to a cafe, someone hijacks the cookies - and they will probably be on the same subnet...





1325 posts

Uber Geek
+1 received by user: 164

Trusted

  Reply # 509189 19-Aug-2011 20:02 Send private message

freitasm: I thought of that but the problem is if you go to a cafe, someone hijacks the cookies - and they will probably be on the same subnet...



Good point.

It could be an option though, rather than just binary on/off?  Security Paranoid (IP Address), regular (/16) Relaxed (/8)

Anyway, just a suggestion.  It's a good feature either way.




Checkout the EPIC5 script I work on, LiCe. Makes console based IRC fun and easy to use, just like the old days!
Android user? Checkout MightyText - text messaging from your browser.

1599 posts

Uber Geek
Inactive user


  Reply # 509199 19-Aug-2011 20:37 Send private message

Paulthagerous: Thanks for that.

Yeah I get why it has been implemented, but with the number of ADSL disconnections I get it is just too annoying :(

That is a problem with your ISP, not Geekzone. Tongue out

freitasm: I thought of that but the problem is if you go to a cafe, someone hijacks the cookies - and they will probably be on the same subnet...

If you go to a cafe its likely the External IP for all users is the same, in which case the session could still be hijacked, yes?

gzt

4453 posts

Uber Geek
+1 received by user: 221

Subscriber

  Reply # 509327 20-Aug-2011 13:06 Send private message

Turned mine off for now. Router restarts cause a bit of inconvenience. Glad to have the option. I like muppets suggestion also.

To what extent is cookie/session hijacking a problem?



BDFL
49620 posts

Uber Geek
+1 received by user: 4465

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509331 20-Aug-2011 13:10 Send private message

I am not sure it's a problem for Geekzone users - probably more for Facebook, GMail and Windows Live users.

But we should provide the option. I actually thought of implementing a two factor authentication earlier this year. Just thought was overkill for Geekzone.

However... Another thought: I have a hidden "feature" that sends me an email if someone tries to login using my user name. Never actually received a notification, until last night, when someone tried to login on Geekzone as "freitasm" from a Chinese IP address.

Here comes the thing though: they've used a password I actually used before in another web site. So my guess is that web site was compromised and these guys were searching for all users around the Internet and when found "freitasm" on Geekzone thought they struck gold.

Lucky I don't use the same password in more than one web site.

So my question is: should I extend this feature as an option to everyone? As in getting an email notification (On/Off) and in which situation (Failed/Success/Both)?





gzt

4453 posts

Uber Geek
+1 received by user: 221

Subscriber

  Reply # 509341 20-Aug-2011 13:27 Send private message

freitasm: So my question is: should I extend this feature as an option to everyone? As in getting an email notification (On/Off) and in which situation (Failed/Success/Both)?

It is a feature I would like to see on many websites ;  ). It will be interesting to see how often it happens.

Also I'm thinking you might need a subpage called 'super-geeky options' for these kind of uber cool features - excellent, but they could build up after a while.

1325 posts

Uber Geek
+1 received by user: 164

Trusted

  Reply # 509347 20-Aug-2011 13:58 Send private message

Given that there's no ecommercse on GZ, I don't think you need to be too paranoid about such things. I mean if my account got compromised, what's the worst that they're going to do? Post a bunch of idiotic crap using my username.

You'd never know I'd been compromised in the first place!




Checkout the EPIC5 script I work on, LiCe. Makes console based IRC fun and easy to use, just like the old days!
Android user? Checkout MightyText - text messaging from your browser.

1571 posts

Uber Geek
+1 received by user: 11

Subscriber

  Reply # 509353 20-Aug-2011 13:59 Send private message

freitasm:
[snip]
So my question is: should I extend this feature as an option to everyone? As in getting an email notification (On/Off) and in which situation (Failed/Success/Both)?


+1 to email notification.
Both would be great. Also with the password they tried to log on with?


gzt: Also I'm thinking you might need a subpage called 'super-geeky options' for these kind of uber cool features - excellent, but they could build up after a while.


another +1 to that as well.

Aussie
2209 posts

Uber Geek
+1 received by user: 217

Trusted
Subscriber

  Reply # 509356 20-Aug-2011 14:11 Send private message

Sounds good!

muppet:

You'd never know I'd been compromised in the first place!


+1



BDFL
49620 posts

Uber Geek
+1 received by user: 4465

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509357 20-Aug-2011 14:12 Send private message

gzt: Also I'm thinking you might need a subpage called 'super-geeky options' for these kind of uber cool features - excellent, but they could build up after a while.


We try to geek the number of menu options to a minimum and even then people don't bother reading the first menu on top - I mean, check this.

muppet: Given that there's no ecommercse on GZ, I don't think you need to be too paranoid about such things. I mean if my account got compromised, what's the worst that they're going to do? Post a bunch of idiotic crap using my username. 


Agreed anyone logging couldn't spend money here, but could get some personal information such as user name and email addresses, to then try logging in another websites. Lucky we don't store or show passwords in plain text, otherwise this would be another risk.

muppet: You'd never know I'd been compromised in the first place!


No joke Sherlock ;)

 




1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Moment of Truth?
Created by BarTender, last reply by joker97 on 22-Sep-2014 07:10 (407 replies)
Pages... 26 27 28


Festival of Democracy
Created by gzt, last reply by Geektastic on 21-Sep-2014 23:11 (117 replies)
Pages... 6 7 8


Mr. Key to extradite Kim Dotcom?
Created by TimA, last reply by SaltyNZ on 18-Sep-2014 09:20 (126 replies)
Pages... 7 8 9


Predict E(l)ection 2014 & win
Created by nakedmolerat, last reply by kiwitrc on 22-Sep-2014 07:12 (78 replies)
Pages... 4 5 6


IOS8 - Network Load
Created by FireEngine, last reply by raytaylor on 20-Sep-2014 16:55 (45 replies)
Pages... 2 3


Computer Lounge's Zen Radical
Created by JayADee, last reply by JayADee on 19-Sep-2014 14:51 (15 replies)

Maybe some politicians should go back to school?
Created by jarledb, last reply by DarthKermit on 18-Sep-2014 18:27 (31 replies)
Pages... 2 3


Will My VDSL gets better?
Created by coconuts, last reply by Saranis on 21-Sep-2014 11:54 (29 replies)
Pages... 2



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.