Ratte goes postal and leaks a bunch of TOP SECRET CLASSIFIED INFORMATION

[Jim Demintia]

Someone on Lulz.net brought up one comment on Ratte's journal, basically pointing out that the whole hack could be an inside work-that one of the admins (Lulzians believe it's Witchiebunny) sabotaged Ratte and messed with her account, then posted the screenshots, putting the blame on her. Knowing the reputation of FA's mods I wouldn't wonder if one of them really did that-especially Witchie.

Not only is the super-user (all or nothing) model of security SO AWESOME, it's even better when multiple people hold that privilege. People who you don't really know, can't really trust, and who just might have less than upfront motivations to do...stuff.

[Conan]

Knowing the reputation of FA's mods I wouldn't wonder if one of them really did that-especially Witchie.

I highly, highly doubt that it was an inside job. That would involve much of the staff (Carenath ignoring/deleting vBulletin admin logs, Yak ignoring mainsite access logs, etc.) being involved, and all these people have a history of trying to "protect" the "top secret" staff information. If they were involved, we probably would have seen something less obvious happen (calling Zaush a rapist on his talk page or something like that, you know?).

[loki]

What, haha, SecurID? Oh, man, my dad had one of those way back in the '90s,  dialing up through some dumb AT&T VPN software to access MS Exchange. The patent on those has to be long expired...and they're still costly? That's like, what $10 in parts in one of those things? If that?

Shit...they have open source systems that have soft tokens for smartphones. Since we all know furries love getting shiny, expensive cell phones, that shouldn't be a problem, right?

I tried looking up how much they cost; I can't find any hard numbers in the open but it I'm guessing around $50-$60 per each... but that's a price with like 10,000 users. Either way, I'm sure they can afford $60 per admin considering they spent almost $2k a month hosting their garbage....

[ProvincialTwit]

This is all a bit overkill for a furry porn site isn't it?

[Jim Demintia]

This is all a bit overkill for a furry porn site isn't it?

I always thought it was a bit overkill for WoW, but they give 'em out for couch change...

Maybe they could just have admins register their computer to an IP or some other fingerprint, and then they have to do all their admin-ly things from that computer? You know, like your bank does?

If they were dead set on a physical second factor, then look at mOTP or FreeAuth. Both have soft tokens in the form of smart phone apps.

And you know, we've discussed all of this before...and it's for naught since we all know they'll ultimately do jack shit about security.

[kayfox]

From what Ive seen in the market, the tokens themselves cost like $20, but the system/software for the backend and licenses costs somewhere in the $4-8k range plus about $50 per token per year.

Of course, ebay to the rescue:
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=150591872135