ePassporte: Another Lie. Proof Inside. (Drama) (Pics)

[minusonebit]

You know what?

I always have thought that ePassporte's whole "scrambled passwords in the DB" story is bullshit. Now I know.

I signed into my account a second ago using the password they e-mailed me and went to change my password back so I can use "my" password to get into my account.

When I went to change it, I get this message:



Now, if they lost my password in this DB mess, how would the system know that I used that password before? Its lost, remember? So once again, ePassporte has blown smoke up my ass. Someone ain't tellin the truth.

What really happened, ePassporte? I cant wait to hear the explanation here.

[Alex]

Drama.
Sig spot.
9 posts till 10k

[onlineriches]

*pulls up a chair

[Juicy D. Links]

Quote:

Originally Posted by Alex

Drama.
Sig spot.
9 posts till 10k

preliminary congrats

[woj]

interesting...

[Doctor Dre]

lol... prolly was some phishing going on or something like that.

[harvey]

:costumed- ooooh the drama!

[BiggleJones]

Drama on GFY? That's unheard of!

[mattz]

waiting...

[marketsmart]

what do you expect them to say.. thats like a program saying "yeah we shave"

[CDSmith]

Quote:

Originally Posted by Alex

Drama.
Sig spot.
9 posts till 10k

This is huge, huge news. I want to know more about this.

Who or what will you dedicate your 10k post to?

I'm pulling up a lawn chair for this one. :D

[harvey]

Quote:

Originally Posted by CDSmith

This is huge, huge news. I want to know more about this.

Who or what will you dedicate your 10k post to?

I'm pulling up a lawn chair for this one. :D

I'm taking Xanax, the anxiety is killing me

[Alex]

Quote:

Originally Posted by CDSmith

This is huge, huge news. I want to know more about this.

Who or what will you dedicate your 10k post to?

I'm pulling up a lawn chair for this one. :D

Hmm.. Never thought of it that way.
Was more intersteing in getting access to that super secret forum.

[Pete-KT]

wonder what really ahppened

[JD]

Quote:

Originally Posted by Pete-KT

wonder what really ahppened

they got hacked. It's the only real explanation. Any company that "upgrades" the LIVE server is fucking retarded. There's always a dev box. You do the changes on the cloned dev box, if all goes well, you then do them to the live server.

[minusonebit]

Quote:

Originally Posted by Pete-KT

wonder what really ahppened

We'll prolly never know. I think I'll call my bank in the morning and cancel my debit card just to be safe. I really dont need my accounts getting drained right now.

[CDSmith]

Quote:

Originally Posted by Alex

Hmm.. Never thought of it that way.
Was more intersteing in getting access to that super secret forum.

Sorry, keys to the secret forum has been pushed back to 20k posters only.

Was getting too crowded in there.

[SmokeyTheBear]

i noticed my epassporte email addy got hit hard with spam ever since epassporte had their "problem" , theres only one other company with that email.. so its either them or epassporte

[minusonebit]

Quote:

Originally Posted by CDSmith

Sorry, keys to the secret forum has been pushed back to 20k posters only.

Was getting too crowded in there.

Well, in that case, only about ~19,050 posts to go. I think I can get those in before the end of the month. Muahahaha.

[martinsc]

i think i'll park my sig here...

[Sly]

Quote:

Originally Posted by minusonebit

You know what?

I always have thought that ePassporte's whole "scrambled passwords in the DB" story is bullshit. Now I know.

I signed into my account a second ago using the password they e-mailed me and went to change my password back so I can use "my" password to get into my account.

When I went to change it, I get this message:



Now, if they lost my password in this DB mess, how would the system know that I used that password before? Its lost, remember? So once again, ePassporte has blown smoke up my ass. Someone ain't tellin the truth.

What really happened, ePassporte? I cant wait to hear the explanation here.

I have a very possible explanation.

When you create a new password, it is added to a separate database. As you add new passwords, they get added to this separate database. The database that got scrambled was a completely different database. Now you're going to ask "why wouldn't they just retrieve the password from the storage database?" That would be a huge security risk on your behalf.

[woj]

After taking a moment to analyze the "evidence", I concluded there are 2 possible logical explanations to all this:

1. They are telling the truth (there were some database problems)

The database got corrupted, stuff like that happens. Normally what happens in a situation like that everyone panics for a min, then someone in the group realizes, "Wait a min, don't we have a backup from last night?" Database gets restored, missing data since the backup is recovered from the log files. End result: Everything is back to normal. However, everything was not back to normal, everything got recovered except the passwords. Also, it's worth noting, that certain accounts were not effected at all by this "database problem." I don't see any logical explanation for that under this scenario.


2. There was a hacking attempt (which may or may not have been successful)

Hacking attempt was detected and narrowed down to certain accounts. For example, brute force attack was detected, and a list of accounts with failed logins in the past 24 hours was compiled. As a precaution, passwords to effected accounts were changed to minimize possible damage. This explains why only certain accounts were effected.


I guess there are also other possible explanations, like programmer error for example. Programmer was doing work on the database, and accidently wiped out half the passwords. But in my opinion they would all fall into "1" category, database corruption that can be easilly recovered.

[nyana]

passwords stored in high security databases often use encryption ...

so yes its possible they can't read your password, but can verify if it is the same one previously used ...

[tenderobject]

Quote:

Originally Posted by marketsmart

what do you expect them to say.. thats like a program saying "yeah we shave"

LOL

[madawgz]

Quote:

Originally Posted by Juicy D. Links

preliminary congrats

same here, congratzzzzzzz! why did you sign offline with only 4 posts to go

[Well Dunn]

oh the humanity!

[chadglni]

Smokey mentioned the spam, I see lots of people crying about epass spam now so it makes you wonder.

[reynold]

this is more like a tragi-comedy to me

[The Sultan Of Smut]

See sig.

[Ace_luffy]

where's the love ? from epass ref ?

[Jay_StandAhead]

Spin is everywhere. Nowadays even with solid evidence it's hard to disprove the "spin"

if you don't trust epassposte, stop using them. I'll personally lower my balance by 90%

[xclusive]

Quote:

Originally Posted by Alex

Drama.
Sig spot.
9 posts till 10k

Congrats Alex you're almost a greenie

[cool1]

Quote:

Originally Posted by woj

2. There was a hacking attempt (which may or may not have been successful)

Hacking attempt was detected and narrowed down to certain accounts. For example, brute force attack was detected, and a list of accounts with failed logins in the past 24 hours was compiled. As a precaution, passwords to effected accounts were changed to minimize possible damage. This explains why only certain accounts were effected.

I never had any problems with my pass word, so this one sounds logical.

[jimthefiend]

Quote:

Originally Posted by Sly

I have a very possible explanation.

When you create a new password, it is added to a separate database. As you add new passwords, they get added to this separate database. The database that got scrambled was a completely different database. Now you're going to ask "why wouldn't they just retrieve the password from the storage database?" That would be a huge security risk on your behalf.

Makes sense to me.

[CaptainWolfy]

bump here for you all

[djroof]

that sucks.... but epass has some problems with DB

[Screaming]

damn epass has been taking a beating recently

[Damian_Maxcash]

Is it wise to mention that they sent me a new password but I still use my old one with zero problems?

Probably not - please ignore that......

[Damian_Maxcash]

It could be that they just have a database table with all your previous passwords ie.

user - Fred Blogs

previous passords - pass1, pass2, pass3

They then wouldnt have known what the current one should be.

In fact if you put your mind to it there are a dozen explanations

[wonderman]

I am still in process of withdrawing 7000 from my epassporte account. The fact that I can take only 300 dollars a day is sort of annoying. Worse than that is when it takes 6 days to get the money. That is way to long.

[Tuga]

Gotta love Epassporte drama

[G-Rotica]

drama, drama, drama and even more drama

[RawAlex]

Okay, here is my couple of cents worth on this:

In many security schemes, passwords are encoded - often the encoding scheme is one way. Past passwords are often stored (ENCODED, I might add) in a "past passwords" file. When you go to change your password, the new password you request is encoded and compared to the encoded items on the past password list. If there is a match (encode to encoded) they will decline the password.

There is no way to determine what that encoded password is, therefore no way to easily recover as password except to issue a new one.

Nice conspiracy theory, but sorry, common sense in programming and security says "fake drama" all over your thread.

Second part is the people with high Epass balances and low daily take out limits. You guys make me laugh. If you have that much in the account, you should either apply for an increase in amount per day (I don't keep a ton, and my limit is much higher) or consider that potentially the way you are using the account and the amounts you are attempting to put through it are a little beyond what it was intended for. If you are using it, example, to avoid the expenses of processing checks and the amounts you are getting are large enough, you might want to consider asking your sponsors to wire money directly to your account.

A hammer is a great tool for hammer nails. It isn't a very good tool for making micro circuits. Don't blame the tool if you don't use it well.

Alex

[European Lee]

Regards,

Lee

[Egomancer]

Well,

I say they got hacked, or they suspect they got hacked...

Egomancer

[minusonebit]

Quote:

Originally Posted by RawAlex

Okay, here is my couple of cents worth on this:

In many security schemes, passwords are encoded - often the encoding scheme is one way. Past passwords are often stored (ENCODED, I might add) in a "past passwords" file. When you go to change your password, the new password you request is encoded and compared to the encoded items on the past password list. If there is a match (encode to encoded) they will decline the password.

There is no way to determine what that encoded password is, therefore no way to easily recover as password except to issue a new one.

Nice conspiracy theory, but sorry, common sense in programming and security says "fake drama" all over your thread.

Yes, this is all true. But, if there was corruption in the DB, as they have claimed (we'll, actually, all they have said is a "DB problem", whatever the hell that means), then the encoded hashes that were our old passwords would have been changed (corrupted) and the login/changepass scripts would not see a match. But in this case, they do see a match. Which means that ePass had something happen there and the reason we could all log into our accounts was something other than what they said it was.

[jimthefiend]

Quote:

Originally Posted by RawAlex

A hammer is a great tool for hammer nails. It isn't a very good tool for making micro circuits. Don't blame the tool if you don't use it well.

Alex

Well said.

[Fabien]

Long live Epassporte
With this said
Never leave money in your accounts

[Manowar]

drama llama

[darksoul]

Quote:

Originally Posted by RawAlex

Okay, here is my couple of cents worth on this:

In many security schemes, passwords are encoded - often the encoding scheme is one way. Past passwords are often stored (ENCODED, I might add) in a "past passwords" file. When you go to change your password, the new password you request is encoded and compared to the encoded items on the past password list. If there is a match (encode to encoded) they will decline the password.

There is no way to determine what that encoded password is, therefore no way to easily recover as password except to issue a new one.

Nice conspiracy theory, but sorry, common sense in programming and security says "fake drama" all over your thread.

Alex

Think again wise guy.
We already know the passwords are encrypted that doesn't explain why they had to be changed altho they still have the old hashes.