Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
678 posts

Ultimate Geek
+1 received by user: 12

Trusted
Spark NZ

  Reply # 509134 19-Aug-2011 17:59 Send private message

Thanks for that.

Yeah I get why it has been implemented, but with the number of ADSL disconnections I get it is just too annoying :(




All opinions are mine and mine alone, and do not represent the opinion of Spark.



BDFL
50374 posts

Uber Geek
+1 received by user: 4866

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509137 19-Aug-2011 18:01 Send private message

Update on mobile problem: it only happens on Telecom XT, and only if your mobile device is configured to use the WAP APN or has no APN configured (in which case WAP is used by default). If you configure the Internet or Direct APNs then it works just fine.







BDFL
50374 posts

Uber Geek
+1 received by user: 4866

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509158 19-Aug-2011 18:40 Send private message

I can work on this for an update.




Aussie
2262 posts

Uber Geek
+1 received by user: 251

Trusted
Subscriber

  Reply # 509174 19-Aug-2011 19:28 Send private message

Explains why I was about to blame my new rom when browsing on my phone while i was out today! lol.

1368 posts

Uber Geek
+1 received by user: 202

Trusted

  Reply # 509184 19-Aug-2011 19:56 Send private message

Great feature.

I use a similar feature in PHP's Suhosin patch. It'll encrypt a cookie using the IP address, you can set it to use the 1st, 1st and 2nd, 1st 2nd and 3rd or all 4 octects of an IP address for the encryption.

What this means is you can change IP within the same /24 and your cookie is still valid if you choose 3 octects, within the same /16 (255.255.0.0) if you pick two or within the same /8 (255.0.0.0) if you pick just one.

Is it possible to modify your check to do this, or make it an option? For me I found making it a /16 worked fairly well, sure it's not bullet proof but if you change ISP then you're (probably) going to fall outside the permitted range.

Just a thought.




Checkout the EPIC5 script I work on, LiCe. Makes console based IRC fun and easy to use, just like the old days!
Android user? Checkout MightyText - text messaging from your browser.



BDFL
50374 posts

Uber Geek
+1 received by user: 4866

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509188 19-Aug-2011 20:00 Send private message

I thought of that but the problem is if you go to a cafe, someone hijacks the cookies - and they will probably be on the same subnet...





1368 posts

Uber Geek
+1 received by user: 202

Trusted

  Reply # 509189 19-Aug-2011 20:02 Send private message

freitasm: I thought of that but the problem is if you go to a cafe, someone hijacks the cookies - and they will probably be on the same subnet...



Good point.

It could be an option though, rather than just binary on/off?  Security Paranoid (IP Address), regular (/16) Relaxed (/8)

Anyway, just a suggestion.  It's a good feature either way.




Checkout the EPIC5 script I work on, LiCe. Makes console based IRC fun and easy to use, just like the old days!
Android user? Checkout MightyText - text messaging from your browser.

1599 posts

Uber Geek
Inactive user


  Reply # 509199 19-Aug-2011 20:37 Send private message

Paulthagerous: Thanks for that.

Yeah I get why it has been implemented, but with the number of ADSL disconnections I get it is just too annoying :(

That is a problem with your ISP, not Geekzone. Tongue out

freitasm: I thought of that but the problem is if you go to a cafe, someone hijacks the cookies - and they will probably be on the same subnet...

If you go to a cafe its likely the External IP for all users is the same, in which case the session could still be hijacked, yes?

gzt

4751 posts

Uber Geek
+1 received by user: 278


  Reply # 509327 20-Aug-2011 13:06 Send private message

Turned mine off for now. Router restarts cause a bit of inconvenience. Glad to have the option. I like muppets suggestion also.

To what extent is cookie/session hijacking a problem?



BDFL
50374 posts

Uber Geek
+1 received by user: 4866

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509331 20-Aug-2011 13:10 Send private message

I am not sure it's a problem for Geekzone users - probably more for Facebook, GMail and Windows Live users.

But we should provide the option. I actually thought of implementing a two factor authentication earlier this year. Just thought was overkill for Geekzone.

However... Another thought: I have a hidden "feature" that sends me an email if someone tries to login using my user name. Never actually received a notification, until last night, when someone tried to login on Geekzone as "freitasm" from a Chinese IP address.

Here comes the thing though: they've used a password I actually used before in another web site. So my guess is that web site was compromised and these guys were searching for all users around the Internet and when found "freitasm" on Geekzone thought they struck gold.

Lucky I don't use the same password in more than one web site.

So my question is: should I extend this feature as an option to everyone? As in getting an email notification (On/Off) and in which situation (Failed/Success/Both)?





gzt

4751 posts

Uber Geek
+1 received by user: 278


  Reply # 509341 20-Aug-2011 13:27 Send private message

freitasm: So my question is: should I extend this feature as an option to everyone? As in getting an email notification (On/Off) and in which situation (Failed/Success/Both)?

It is a feature I would like to see on many websites ;  ). It will be interesting to see how often it happens.

Also I'm thinking you might need a subpage called 'super-geeky options' for these kind of uber cool features - excellent, but they could build up after a while.

1368 posts

Uber Geek
+1 received by user: 202

Trusted

  Reply # 509347 20-Aug-2011 13:58 Send private message

Given that there's no ecommercse on GZ, I don't think you need to be too paranoid about such things. I mean if my account got compromised, what's the worst that they're going to do? Post a bunch of idiotic crap using my username.

You'd never know I'd been compromised in the first place!




Checkout the EPIC5 script I work on, LiCe. Makes console based IRC fun and easy to use, just like the old days!
Android user? Checkout MightyText - text messaging from your browser.

1571 posts

Uber Geek
+1 received by user: 11

Subscriber

  Reply # 509353 20-Aug-2011 13:59 Send private message

freitasm:
[snip]
So my question is: should I extend this feature as an option to everyone? As in getting an email notification (On/Off) and in which situation (Failed/Success/Both)?


+1 to email notification.
Both would be great. Also with the password they tried to log on with?


gzt: Also I'm thinking you might need a subpage called 'super-geeky options' for these kind of uber cool features - excellent, but they could build up after a while.


another +1 to that as well.

Aussie
2262 posts

Uber Geek
+1 received by user: 251

Trusted
Subscriber

  Reply # 509356 20-Aug-2011 14:11 Send private message

Sounds good!

muppet:

You'd never know I'd been compromised in the first place!


+1



BDFL
50374 posts

Uber Geek
+1 received by user: 4866

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509357 20-Aug-2011 14:12 Send private message

gzt: Also I'm thinking you might need a subpage called 'super-geeky options' for these kind of uber cool features - excellent, but they could build up after a while.


We try to geek the number of menu options to a minimum and even then people don't bother reading the first menu on top - I mean, check this.

muppet: Given that there's no ecommercse on GZ, I don't think you need to be too paranoid about such things. I mean if my account got compromised, what's the worst that they're going to do? Post a bunch of idiotic crap using my username. 


Agreed anyone logging couldn't spend money here, but could get some personal information such as user name and email addresses, to then try logging in another websites. Lucky we don't store or show passwords in plain text, otherwise this would be another risk.

muppet: You'd never know I'd been compromised in the first place!


No joke Sherlock ;)

 




1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Do I have the right to return this?
Created by corksta, last reply by kiwibro111 on 21-Dec-2014 23:54 (45 replies)
Pages... 2 3


Slaughter of Innocents
Created by networkn, last reply by networkn on 19-Dec-2014 17:46 (64 replies)
Pages... 3 4 5


youtube downloader
Created by Ford, last reply by jarledb on 22-Dec-2014 16:57 (18 replies)
Pages... 2


Spray Foam Insulation
Created by AACTech, last reply by timbosan on 19-Dec-2014 16:58 (36 replies)
Pages... 2 3


Crew Drinking on Flights - Why!?
Created by networkn, last reply by Geektastic on 22-Dec-2014 09:35 (34 replies)
Pages... 2 3


Spark, the least secure part of your home network?
Created by NZtechfreak, last reply by NZSpides on 23-Dec-2014 01:20 (30 replies)
Pages... 2


Police Camera Van Disguise
Created by Reanalyse, last reply by jackyleunght2002 on 23-Dec-2014 01:10 (76 replies)
Pages... 4 5 6


Some lowlife is using my easy to remember number to commit idiocy
Created by joker97, last reply by joker97 on 22-Dec-2014 15:48 (15 replies)


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.