Jump to content

Forum security


Scooby
 Share

Recommended Posts

I'm a little concerned.  I managed, inadvertantly, to access the pm's of another forum user.  I posted on here expressing my concerns (with evidence that I had been able to access their mailbox) - this point has been raised before and forum admin have denied this is possible.  The response - my post was deleted!

Link to comment
Share on other sites

  • Replies 104
  • Created
  • Last Reply

Top Posters In This Topic

Admin is looking into it.

I don't know, but I suspect the reason your post was deleted was because you included a screen shot showing the email address of another forum member.

Perhaps you'd like to PM me telling me how you managed it.

Link to comment
Share on other sites

Nobody can read another persons PM's unless they login to the system as that person (Scooby's 'proof' clearly shows this). The question is how did she/he manage to log in as another person? This, as has been mentioned, is being investigated. Since the forum is only a very minor part of what the computer system at Archant does it will take a while (a week or two perhaps) for the IT department to give us a proper response. What they have said so far is that it is logged and it will be investigated (experience has shown that if its logged it does get looked at). If anyone else has been able to log in as another member please forward details via PM to Forum Admin. Us moderators really don't want to know how its done otherwise we will be accused of reading other peoples PM's so don't send anything about how it was done to us please.

Scooby's post was removed because it did show confidential information about the person they logged in as. This should not have been put in the public domain for obvious reasons.

If you are worried I would suggest you delete any 'sensitive' PM's you have kept (you can always print them off before deleting them) and use email instead.

Link to comment
Share on other sites

[quote user="Quillan"]

If anyone else has been able to log in as another member please forward details via PM to Forum Admin. [/quote]

I don't know about logging in as another member - but in the past few weeks, I have NOT been able to log on as myself... with the effect that I have had to my password changed  repeatedly - every time I log on after getting rid of cookies, or after a power cut... I must have had about 5 passwords in the past 3 weeks, which seems really weird.

Link to comment
Share on other sites

Just to put the record straight Quillan I DID NOT log on as another person - as I have already told another mod.I take serious offence at the tone and inference of your post.  I simply clicked the private message button when logged on under my own name and was taken to the pm box of another user....and was shown logged on as that user.  The problem is a security failure at your end - not hacking at mine.   Stop trying to dress it up as something different.

My 'proof' as Quillan so sarcastically put in quotation marks, was a screen shot of the other users inbox...which I took because of previous claims that 'this was impossible'.

Link to comment
Share on other sites

Scooby, I did not mean it in a sarcastic way at all, if you took it that way then I apologize.

The 'proof' is in the top left corner of you screen shot and was the persons 'private' email address which is what you would expect. Likewise I am stating as fact that the only way to see another persons PM's is to be logged in as them which the screen shot proves because it shows that persons login/email address.

What I am NOT saying is that you have done anything wrong i.e. deliberatly logged in as another member. None of the mods or even Forum Admin can say how this happened at the moment until it has been investigated properly. I cannot deny that there have been one or two glitches with the system in the last couple of weeks but that has only been seen (to the best of our knowledge) as emails and notifications not being delivered. One of the mods (not me) has spent some time on the email problem to help the IT people but that's about it. There is a feeling that there may be other problems as well which is why we have pushed for the IT people to move the problem up their 'to do' list.

The only criticism I have is that you should not have put the screen shot in open forum as it does contain the persons private email address. I am sure that if the boot was on the other foot and it was your private email address you would feel the same.

Link to comment
Share on other sites

[quote user="Jane and Danny"][quote user="Dog"]I was given a personal email address last week in a 'Failure to Deliver' email.[/quote]So was I.

Danny[/quote]

This has already been brought to our attention and has been logged with Tim Tech and James Admin.

Link to comment
Share on other sites

  • 2 weeks later...
I don't understand why this should be a problem if you use the email button, it clearly shows your email address in the 'to' field (at the top of the screen when you type whatever it is you want to say) and it is an email so it will always have the senders email address in the 'from' field when they view it. Of course when you answer an email your address will be in the from field. This is the way the system works. If you don't want people to see your email address then use the PM button and not the email one like RH has already said. Theres nothing dodgy about this its how the system normally functions. By the way if you don't tick the box (or it could be the other way round) on Ebay when you ask a seller a question your email address will appear to the seller. Hope that helps.
Link to comment
Share on other sites

[quote user="Dog"]I sent a PM to Odile and got her email address in an error message.[/quote]

In that case, you've just told anyone who wants to find Odile's email address how to go about it.

Security issues are best discussed via PMs to mods or admin or at least, the possible flaws in the system shouldn't be catalogued "out front".

Link to comment
Share on other sites

It normally takes 4 weeks for our IT Support Team (based in Italy, which does worry me a little) to respond. 8 weeks is normal in the summer. Anything less than that, I'd get them to pitch for our business. Good luck, I bet they say they can't find anything wrong[:D]
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...