Plans - Forum Forum Index
This forum can be searched, but is locked for posting.
Discussion has moved to the planscalendar google group.
   SearchSearch     RegisterRegister  ProfileProfile   Log inLog in
Password Encryption Formula Stolen???

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Plans - Forum Forum Index » Problems
View previous topic :: View next topic  
Author Message
paulp575



Joined: 30 Jun 2005
Posts: 69
Location: Spokane WA
PostPosted: Tue Jan 16, 2007    Post subject: Password Encryption Formula Stolen??? Reply with quote
Just checked my calendar and someone has created a calendar - without my knowledge!

I do know my ISP password-protected (or whatever they call it) my folders so users can not see the contents of my folders. And I have changed the default password.

When I attempted to delete the unauthorized calendar, it trashed my entire calendar setup!

I have contact my ISP for assistance it getting it fixed!

Just want everyone to know!

ADDITIONAL INFORMATION:

What are the consqeuences of editing the calendars.xml file to remove the unauthorized calendar?
Will that break anything?

Thanks,

Paul
Back to top
View user's profile Send private message Visit poster's website
daltonlp
Site Admin


Joined: 24 Nov 2003
Posts: 1539
PostPosted: Thu Jan 18, 2007    Post subject: Reply with quote
Quote:
What are the consqeuences of editing the calendars.xml file to remove the unauthorized calendar? Will that break anything?


None. Each calendar is a single line. You can delete whichever lines you want.

Quote:
When I attempted to delete the unauthorized calendar, it trashed my entire calendar setup!


Some specifics would be helpful. Smile

The passwords are not protected by a secret encryption formula. The code is open-source. The encryption is pretty basic, and definitely vulnerable to dictionary attacks. The best way to prevent these is to make sure your calendars.xml file can't be fetched over the web (just read by the .cgi script). How to do this depends on your host's configuration.

- Lloyd
Back to top
View user's profile Send private message
paulp575



Joined: 30 Jun 2005
Posts: 69
Location: Spokane WA
PostPosted: Thu Jan 18, 2007    Post subject: Password Encryption Formula Stolen??? Reply with quote
paulp575 wrote:
What are the consqeuences of editing the calendars.xml file to remove the unauthorized calendar? Will that break anything?


daltonp wrote:
None. Each calendar is a single line. You can delete whichever lines you want.

OK, I tried it and so far seems OK after deleting the unauthorized calendar.

daltonp wrote:
The passwords are not protected by a secret encryption formula. The code is open-source. The encryption is pretty basic, and definitely vulnerable to dictionary attacks. The best way to prevent these is to make sure your calendars.xml file can't be fetched over the web (just read by the .cgi script). How to do this depends on your host's configuration.


Previously I has my web site host block viewing of my files, so apparently it was some tyoe of dictionary attack!

Anyway, I have recovered and currently, all is well.

Thanks,

paulp575
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Plans - Forum Forum Index -> Problems All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group / Oranja by Lessthaneric.net