Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
681 posts

Ultimate Geek
+1 received by user: 12

Trusted
Spark NZ

  Reply # 509134 19-Aug-2011 17:59 Send private message

Thanks for that.

Yeah I get why it has been implemented, but with the number of ADSL disconnections I get it is just too annoying :(




All opinions are mine and mine alone, and do not represent the opinion of Spark.



BDFL
50199 posts

Uber Geek
+1 received by user: 4747

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509137 19-Aug-2011 18:01 Send private message

Update on mobile problem: it only happens on Telecom XT, and only if your mobile device is configured to use the WAP APN or has no APN configured (in which case WAP is used by default). If you configure the Internet or Direct APNs then it works just fine.







BDFL
50199 posts

Uber Geek
+1 received by user: 4747

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509158 19-Aug-2011 18:40 Send private message

I can work on this for an update.




Aussie
2244 posts

Uber Geek
+1 received by user: 234

Trusted
Subscriber

  Reply # 509174 19-Aug-2011 19:28 Send private message

Explains why I was about to blame my new rom when browsing on my phone while i was out today! lol.

1352 posts

Uber Geek
+1 received by user: 189

Trusted

  Reply # 509184 19-Aug-2011 19:56 Send private message

Great feature.

I use a similar feature in PHP's Suhosin patch. It'll encrypt a cookie using the IP address, you can set it to use the 1st, 1st and 2nd, 1st 2nd and 3rd or all 4 octects of an IP address for the encryption.

What this means is you can change IP within the same /24 and your cookie is still valid if you choose 3 octects, within the same /16 (255.255.0.0) if you pick two or within the same /8 (255.0.0.0) if you pick just one.

Is it possible to modify your check to do this, or make it an option? For me I found making it a /16 worked fairly well, sure it's not bullet proof but if you change ISP then you're (probably) going to fall outside the permitted range.

Just a thought.




Checkout the EPIC5 script I work on, LiCe. Makes console based IRC fun and easy to use, just like the old days!
Android user? Checkout MightyText - text messaging from your browser.



BDFL
50199 posts

Uber Geek
+1 received by user: 4747

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509188 19-Aug-2011 20:00 Send private message

I thought of that but the problem is if you go to a cafe, someone hijacks the cookies - and they will probably be on the same subnet...





1352 posts

Uber Geek
+1 received by user: 189

Trusted

  Reply # 509189 19-Aug-2011 20:02 Send private message

freitasm: I thought of that but the problem is if you go to a cafe, someone hijacks the cookies - and they will probably be on the same subnet...



Good point.

It could be an option though, rather than just binary on/off?  Security Paranoid (IP Address), regular (/16) Relaxed (/8)

Anyway, just a suggestion.  It's a good feature either way.




Checkout the EPIC5 script I work on, LiCe. Makes console based IRC fun and easy to use, just like the old days!
Android user? Checkout MightyText - text messaging from your browser.

1599 posts

Uber Geek
Inactive user


  Reply # 509199 19-Aug-2011 20:37 Send private message

Paulthagerous: Thanks for that.

Yeah I get why it has been implemented, but with the number of ADSL disconnections I get it is just too annoying :(

That is a problem with your ISP, not Geekzone. Tongue out

freitasm: I thought of that but the problem is if you go to a cafe, someone hijacks the cookies - and they will probably be on the same subnet...

If you go to a cafe its likely the External IP for all users is the same, in which case the session could still be hijacked, yes?

gzt

4687 posts

Uber Geek
+1 received by user: 270


  Reply # 509327 20-Aug-2011 13:06 Send private message

Turned mine off for now. Router restarts cause a bit of inconvenience. Glad to have the option. I like muppets suggestion also.

To what extent is cookie/session hijacking a problem?



BDFL
50199 posts

Uber Geek
+1 received by user: 4747

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509331 20-Aug-2011 13:10 Send private message

I am not sure it's a problem for Geekzone users - probably more for Facebook, GMail and Windows Live users.

But we should provide the option. I actually thought of implementing a two factor authentication earlier this year. Just thought was overkill for Geekzone.

However... Another thought: I have a hidden "feature" that sends me an email if someone tries to login using my user name. Never actually received a notification, until last night, when someone tried to login on Geekzone as "freitasm" from a Chinese IP address.

Here comes the thing though: they've used a password I actually used before in another web site. So my guess is that web site was compromised and these guys were searching for all users around the Internet and when found "freitasm" on Geekzone thought they struck gold.

Lucky I don't use the same password in more than one web site.

So my question is: should I extend this feature as an option to everyone? As in getting an email notification (On/Off) and in which situation (Failed/Success/Both)?





gzt

4687 posts

Uber Geek
+1 received by user: 270


  Reply # 509341 20-Aug-2011 13:27 Send private message

freitasm: So my question is: should I extend this feature as an option to everyone? As in getting an email notification (On/Off) and in which situation (Failed/Success/Both)?

It is a feature I would like to see on many websites ;  ). It will be interesting to see how often it happens.

Also I'm thinking you might need a subpage called 'super-geeky options' for these kind of uber cool features - excellent, but they could build up after a while.

1352 posts

Uber Geek
+1 received by user: 189

Trusted

  Reply # 509347 20-Aug-2011 13:58 Send private message

Given that there's no ecommercse on GZ, I don't think you need to be too paranoid about such things. I mean if my account got compromised, what's the worst that they're going to do? Post a bunch of idiotic crap using my username.

You'd never know I'd been compromised in the first place!




Checkout the EPIC5 script I work on, LiCe. Makes console based IRC fun and easy to use, just like the old days!
Android user? Checkout MightyText - text messaging from your browser.

1571 posts

Uber Geek
+1 received by user: 11

Subscriber

  Reply # 509353 20-Aug-2011 13:59 Send private message

freitasm:
[snip]
So my question is: should I extend this feature as an option to everyone? As in getting an email notification (On/Off) and in which situation (Failed/Success/Both)?


+1 to email notification.
Both would be great. Also with the password they tried to log on with?


gzt: Also I'm thinking you might need a subpage called 'super-geeky options' for these kind of uber cool features - excellent, but they could build up after a while.


another +1 to that as well.

Aussie
2244 posts

Uber Geek
+1 received by user: 234

Trusted
Subscriber

  Reply # 509356 20-Aug-2011 14:11 Send private message

Sounds good!

muppet:

You'd never know I'd been compromised in the first place!


+1



BDFL
50199 posts

Uber Geek
+1 received by user: 4747

Administrator
Trusted
Geekzone
Subscriber

  Reply # 509357 20-Aug-2011 14:12 Send private message

gzt: Also I'm thinking you might need a subpage called 'super-geeky options' for these kind of uber cool features - excellent, but they could build up after a while.


We try to geek the number of menu options to a minimum and even then people don't bother reading the first menu on top - I mean, check this.

muppet: Given that there's no ecommercse on GZ, I don't think you need to be too paranoid about such things. I mean if my account got compromised, what's the worst that they're going to do? Post a bunch of idiotic crap using my username. 


Agreed anyone logging couldn't spend money here, but could get some personal information such as user name and email addresses, to then try logging in another websites. Lucky we don't store or show passwords in plain text, otherwise this would be another risk.

muppet: You'd never know I'd been compromised in the first place!


No joke Sherlock ;)

 




1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Click Monday Deals
Created by mrtoken, last reply by Krishant007 on 24-Nov-2014 17:11 (25 replies)
Pages... 2


Gigatown winner town and plans
Created by freitasm, last reply by toaster on 27-Nov-2014 09:26 (49 replies)
Pages... 2 3 4


Gull Employment Dispute.
Created by networkn, last reply by Geektastic on 26-Nov-2014 16:35 (142 replies)
Pages... 8 9 10


The Warehouse pulling R18 games and DVD's
Created by semigeek, last reply by mattwnz on 26-Nov-2014 16:13 (56 replies)
Pages... 2 3 4


Lollipop no more
Created by ronw, last reply by kiwitrc on 26-Nov-2014 13:44 (13 replies)

Knock off electronics in The Warehouse
Created by jpoc, last reply by openmedia on 26-Nov-2014 13:01 (13 replies)

Current Netflix payment method as of Nov 14 - Cant pay
Created by andynz, last reply by Dratsab on 26-Nov-2014 17:17 (34 replies)
Pages... 2 3


HP Stream 7 arrives
Created by gnfb, last reply by nathan on 27-Nov-2014 08:34 (21 replies)
Pages... 2



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.