We wanted to respond to the post on the Full Disclosure mailing list (link) regarding a vulnerability on XDA.
We can confirm that an admin account was compromised on the Portal portion of our site (also known as the blog or front page), however, no user accounts in the forums were compromised. XDA exists on two separate systems that live in two separate server environments and no user data is stored on the Portal servers where the issue happened.
At this point it appears that an admin account was compromised and used to gain access to the backend code on the WordPress site. We have patched this exploit and are continuing to review our code and policies to prevent this type of thing from happening again. We take security very seriously.
As a safety precaution, we've asked all Portal editors to change their password. Again we have no concern or evidence that XDA's user accounts were in any way compromised.
Our thanks to Steffen for reporting this. His attempts to contact us via other channels were unsuccessful mainly because we receive many emails on a daily basis about various topics, including people falsely claiming that our site is hacked. If anyone has information regarding a vulnerability, they can use the technical contact form on our site with details, or email me directly at security + at + xda-developers.com. When reporting a security vulnerability, make sure to include specific details so that we know that it is a real issue.
To follow up on what bitpushr said above, we've decided to create a dedicated page on the site where people from the community can report security vulnerabilities and understand our disclosure policy. Look for that in the coming days. In the mean time, feel free to use his email if you want to directly reach him and our team.
Thank you
Thank you for informing everyone about the incident and for taking user security serious.
Portal is hacked again.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What's uppening?
---------- Post added at 10:32 AM ---------- Previous post was at 10:21 AM ----------
The home page is now ok
And again.
Kim Jong Un is now here.
What does the database tar contain? Pretty sure it wasn't there before, so should we change our passwords?
Trafalgar Square said:
And again.
Kim Jong Un is now here.
Click to expand...
Click to collapse
Who is Kim Jong Un?
Portal and Forum are on different Servers.
You can change your pass, if you want to be sure.
As far as I know.
---------- Post added at 09:58 ---------- Previous post was at 09:57 ----------
Astrubale said:
Who is Kim Jong Un?
Click to expand...
Click to collapse
Korean dictator
Trafalgar Square said:
Portal and Forum are on different Servers.
You can change your pass, if you want to be sure.
As far as I know.
---------- Post added at 09:58 ---------- Previous post was at 09:57 ----------
Korean dictator
Click to expand...
Click to collapse
What? Why he is here?
Astrubale said:
What? Why he is here?
Click to expand...
Click to collapse
There was a GIF from him on the Portal site.
He hacked a server or admin account?
I don't know.
I am not the Admin.
Maybe it's a joke by the Admins. They are very funny sometimes
Trafalgar Square said:
I don't know.
I am not the Admin.
Maybe it's a joke by the Admins. They are very funny sometimes
Click to expand...
Click to collapse
I think no
Hey all, sorry it's no joke! But our wordpress and forum accounts are totally different. I am evaluating the portal server now, no need to change your password on XDA forum, although it is always good practice to change your passwords every few months, everywhere.
bitpushr said:
Hey all, sorry it's no joke! But our wordpress and forum accounts are totally different. I am evaluating the portal server now, no need to change your password on XDA forum, although it is always good practice to change your passwords every few months, everywhere.
Click to expand...
Click to collapse
Is it ok the web site now?
Since there's xda ad free now, I think it would be a good idea to launch some kind of a bug bounty program.
bitpushr said:
Hey all, sorry it's no joke! But our wordpress and forum accounts are totally different. I am evaluating the portal server now, no need to change your password on XDA forum, although it is always good practice to change your passwords every few months, everywhere.
Click to expand...
Click to collapse
This means files uploaded to xda forums are safe? Downloaded and installed an app when this went down.
Visi0nofExcellence2 said:
This means files uploaded to xda forums are safe? Downloaded and installed an app when this went down.
Click to expand...
Click to collapse
Wouldn't be the forum and the normal website be on different severs? So I guess its okay
Sent from my Moto G using Tapatalk
Related
Hi xda-dev,
I just thought if we could have us thread owners to have a standard button design for a specific thread that we can use/link in our blog post or websites?
Just a thought ..
And, while on the subject: Is an RSS feed going to be made avail in new version ?
Nullstring said:
Hi xda-dev,
I just thought if we could have us thread owners to have a standard button design for a specific thread that we can use/link in our blog post or websites?
Click to expand...
Click to collapse
I think that's a great idea. But could you clarify: Are you speaking of the same basic concept on news sites where various social-media icons are avail to auto-repost? (twitter, digg, etc)... Or do you mean a button that performs the action of copying the thread's link & title to the clipboard, then being able to paste it anywhere on your own site, manually, into a blog post etc?
Button preview
http://www.twitpic.com/zxspe
quicksite said:
Or do you mean a button that performs the action of copying the thread's link & title to the clipboard, then being able to paste it anywhere on your own site, manually, into a blog post etc?
Click to expand...
Click to collapse
that's what I meant. Just a simple idea, thought it would be nice .. but if you could think of better implementation, then it'll be great!
Nullstring said:
Button preview
http://www.twitpic.com/zxspe
Click to expand...
Click to collapse
Hey that's a cool graphic, I like that.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
SLIGHTLY OFF-TOPIC:
I'm WAY behind the curve in using twitter, and how it integrates with what seems like 1000 different twitter-based apps... And twitpics, i'm even less clear on how and WHEN to use it, and if it's used WITH twitter, or a parallel service to twitter for just sharing photos in real time.
ON-TOPIC
So I'm not clear if your posting that image on twitpic is literally an example what you want to be able to do, or are you saying there are apps for either phone or desktop computer that will generate a template graphic as well a specific thread title linked? So, in your picture, is the thread title generated as part of the graphic itself? Or is the thread title displayed in HTML on top of the template graphic?
I am really confused but I like the way it looks! please explain further...
Okay, so now I see this, in your prior sig file.. and I see that it is a graphic that gets generated with the title of the thread rendered as part of the image... so i just have never seen these used -- but I love the idea...
So for this example here:
tell me how that gets generated -- at http://www.twitstamp.com ? and then when you apply that generated graphic, how do you also code the link to the thread, in this example?
even more confused and feeling so behind the times !
well whaddayaknow -- this looks like a pretty cool web app ! ---
so are you speaking of ...
(1) You're here at XDA-devs, and you're on, for example, this very thread...
(2) You'd like to see a simple small graphical button, as part of "thread tools" or somewhere within the thread page layout, that when you click on it, it grabs the Title of the thread, and the link, copies it to pasteboard...
(3) then you go to a site like, for example, TwitStamp.com, and insert what's on the pasteboard into the "input box" at Twitstamp...
(4)... thereby generating a graphic with link that can be embedded anywhere on a webpage etc, exactly as you would grab embed code from a YouTube video, or from a photo at photobucket.com, stuff like that?
(5) Is this kind of small-file-size "picture status" thing being rapidly used as a way to post updates, but using twitpics? So that after you generate the graphic, you post it to twitpics? And those who subscribe to your feeds can see "oh cool, that sounds like an interesting thread, i want that for my phone"... and so they would click on it and link to the thread here at XDA?
even more confused by all the permutations of pasting what where... hah hah.
Is this what you mean exactly, or is it close, or is this just one of many examples of what you are envisioning?
sounds & looks interesting....
sounds & looks interesting....
Click to expand...
Click to collapse
behind those words says something.
am not trying to insist the idea or any way of enforcing it to make it like a xda-dev standards.
if you don't like my request then that's fine.. I accept it with a smile.
Sorry for wasting your time.
Thanks anyways and please Senior Member.. delete this thread too..
or just let me ask the Admin.
What are you talking about?
Everything I have written has been enthusiastically positive about what you're saying. I'm just trying to understand if I'm following what you are thinking. You took all of those posts the wrong way, I think.
I really am interested in learning about how people are using these kind of twitstamps... I went and registered. I don't know what else to say, I like this idea -- and I really would like for you to answer my questions, all of them, because if I "getting" it correctly, I like it. But I may not be understanding AT ALL the way *you* are seeing your idea. So please, explain some more! I'm just another member like you, that's all. We're just talking about your idea.
Nullstring said:
behind those words says something.
am not trying to insist the idea or any way of enforcing it to make it like a xda-dev standards.
if you don't like my request then that's fine.. I accept it with a smile.
Sorry for wasting your time.
Thanks anyways and please Senior Member.. delete this thread too..
or just let me ask the Admin.
Click to expand...
Click to collapse
EDIT: Updating Will be SLOW, I have become very busy. Please feel free to post your own signatures here as well or some awesome ones you have found.
This thread has been created to:
1) Give XDA members some signatures that I created. It will be updated with some more awesome ones regularly so be sure to check back.
2) Allow other users to share signatures that they may/may not have created themselves.
3) Host my ultimate praise for the great site that is XDA.
If a mod is to find that this thread is a duplicate of another one or is invalid on all three purposes, close/move it A.S.A.P. I am sorry if this is the case.
Disclaimer & Rights
All the signatures I post were created by me and belong to me. Please do not steal them and if you do wish to use them, keep the watermark intact.
I will only give permission for my signatures to be used and edited if the watermark is kept intact.
All signatures posted are copyright of their respective owners.
I am not responsible for any damage caused by your use of these signature (lol)
As I say in all my guides, suggestions are like gold to me and I just want to make my service better. All reasonable comments are welcome. Please PM me if you have any urgent problems. I am sorry if my service is uninvited.
Signatures can be used across many sites to identify a user and are multipurpose. Many enjoy having an image in their signature space and I hope you appreciate my work.
Here is what I have so far:
First Two Made using jake044's templates
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
For the trolls amongst you
For the noobs
For the 10 post haters
For the people who work tirelessly to fight against them.
For XDA
For The Flash Lovers. It's killing them.
Resized:
For The ones without manners
I have been able to make these thanks to the skills and motive Whitest0rm passed on. Many thanks to him. If he drops by, please drop him a thanks. He also makes some awesome userbarsRemember, it will be updated.
The Praise
EDIT: Updating Will be SLOW, I have become very busy. Please feel free to post your own signatures here as well or some awesome ones you have found.
Coming Soon...
(Reserved)
REPOST said:
I have been able to make these thanks to the skills and motive Whitest0rm passed on. Many thanks to him. If he drops by, please drop him a thanks. He also makes some awesome userbars
Click to expand...
Click to collapse
Code:
11/11/12 - Re-linked expired image links
19/10/12 - Added Thanks, There's a Button for that
9/10/12 - Added Flashaholic
8/10/12 - Started thread - 4 created
Cool initiative!! Hope for more soon!
Sent With My Brains To Yours. Duh.
Nice thread Deftone I will be keeping a eye on this thread for future signatures. Allso in case no one has noticed. Deftone created the awesome gif that is in my signature, thanks again for the gif Deftone. It really suits me well i think.
Great one..Hope to see more in the future
POTATO!!!!
Good one deftone
Sent from my X8 using xda premium
As others have said, I'll defo be keeping an eye on this thread.
I'll need to contact you again soon Deftone, because the gif you made me is incorrect now
Thanks for the support guys. Really appreciate it.
Do the RCs want one for them? I could try but I'm no designer. Any ideas?
Also, please subscribe to the thread for updates and recommend it to people.
I have some really awesome ones coming.
Sorry bout that KC. I thought I asked you whether you needed a change. Must be mistaken.
Deftone said:
Thanks for the support guys. Really appreciate it.
Do the RCs want one for them? I could try but I'm no designer. Any ideas?
Also, please subscribe to the thread for updates and recommend it to people.
I have some really awesome ones coming.
Sorry bout that KC. I thought I asked you whether you needed a change. Must be mistaken.
Click to expand...
Click to collapse
Yeah you did ask me, but at the time I wasn't planning on changing my signature around. But as soon as I've got a bit of time to sort my signature out, I'll definitely contact you about it
''Evil corrupts the mind of the weak but fails to feed off the mind of the strong''
I added a flashaholic one. Also, Post two will also house a change log.
Much appreciated!
Hey Guys,
Updating Will be SLOW, I have become very busy. Please feel free to post your own signatures here as well or some awesome ones you have found.
Any requests? Leave them here.
Hey man sweet sigs cheers for the promotion too, pm me what you want your bar like and ill get on it, i just made myself a gigatech one that
Ill upload in a min, i can make you a similar one if you want?
Cheers again, whitest0rm
sent from my baby xperia tipo via the xda android app
Awesome!I love it!
I can't see the photo.
ares. said:
I can't see the photo.
Click to expand...
Click to collapse
Disable your adblocker in browser and then refresh the page to see pictures..
ares. said:
I can't see the photo.
Click to expand...
Click to collapse
I have my own version of adblocker and a few other scripts installed and I can see the photos. So yes just disable your adblocker or if that still doesn't work try another browser. I'm using firefox by the way.
I hope you will enjoy my work.
If you do hit thanks.
i got this strange page when i was visiting this thread
Code:
http://forum.xda-developers.com/showthread.php?t=1801464
i am not sure i am the only one getting this error
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
hope u guys can fix this thanks.
Got it too. I think the problems is where the pictures on the thread come from.
mfsr98 said:
Got it too. I think the problems is where the pictures on the thread come from.
Click to expand...
Click to collapse
Well that's what the error message states so yeah.....
OP, this is quite a common occurrence and happens when people choose to host images on less than reputable hosting sites. I'll look through the thread later and take out the offending image.
Sent From My Fingers To Your Face.....
I'm getting this from just about every link I click on for xda, but the malware listed is different.
hooked_on_droid said:
I'm getting this from just about every link I click on for xda, but the malware listed is different.
Click to expand...
Click to collapse
This is true. I have browsed several threads and got the same result
Sent from my SAMSUNG-SGH-I317 using xda app-developers app
Please fix this quickly.
I've gotten the same thing multiple times today.
For me, its on every XDA page that I enter.
But, I keep getting the same malware warning for "security.rltk.us " Doing research on that now.
Update: When I try to go to "security.rltk.us" I get a 403. When I google that malware, all that shows up is results for XDA and another supposedly infected site.
nate234 said:
For me, its on every XDA page that I enter.
But, I keep getting the same malware warning for "security.rltk.us " Doing research on that now.
Update: When I try to go to "security.rltk.us" I get a 403. When I google that malware, all that shows up is results for XDA and another supposedly infected site.
Click to expand...
Click to collapse
just started getting this same thing earlier today. Wasn't getting it this morning though.
Put adblock from the chrome store on. It clears it up. And you can remove later after XDA cleans up
Sent from my SPH-L710 using xda app-developers app
I'm a little surprised there isn't more discussion of this. I'm far from an expert but poking around the many JS files used on XDA I've noticed some suspicious shellcode in one of the Ad providers scripts. I'm fairly sure shellcode is not a common thing to use for an ad platform so maybe the ad provider has had part of their ad framework compromised? It's strange to see unobfuscated shellcode though, which seems rather lazy for typical browser exploits so this may just be strange/legitimate use of shellcode.
Again, by no means is this a definitive thing, just an observation based on what I understand.
EDIT: Looks like since last night Chrome is no longer reporting malware, so possibly the offending ad was removed? And it would appear the ad provider does intentionally use shellcode, as it's still present in their scripts.
I've flagged this for the server guru to take a look at. Not sure if he's around much the next day or two but it will be looked into folks don't worry.
Sent From My Fingers To Your Face.....
conantroutman said:
I've flagged this for the server guru to take a look at. Not sure if he's around much the next day or two but it will be looked into folks don't worry.
Sent From My Fingers To Your Face.....
Click to expand...
Click to collapse
Was curious myself and just did a little more digging on security.rltk.us. Appears Google Safe browsing has the originating site as blacklisted due to being categorized as "Adult & Pornographic content". No other checkers that knew of it had anything negative and not going to dig much further since 1) It's being addressed by mod and 2) Appears issue is cleared. Likely an ad associated with this domain and the message triggered because of the blacklist?
Per Sucuri SiteCheck the site itself has been blacklisted but clean, and provided a clean security report (warnings found):
Blacklisted: Yes
Malware: No
Malicious javascript: No
Malicious iFrames: No
Drive-By Downloads: No
Anomaly detection: No
IE-only attacks: No
Suspicious redirections: No
Spam: No
Plus it lists other sites that checked the domain and cleared it:
* Domain blacklisted by Google Safe Browsing: security.rltk.us - reference
* Domain clean by Norton Safe Web: security.rltk.us - reference
* Domain clean on Phish tank: security.rltk.us - reference
* Domain clean on the Opera browser: security.rltk.us - reference
* Domain clean by SiteAdvisor: security.rltk.us - reference
* Domain clean on Sucuri IP/URL malware blacklist: security.rltk.us - reference
* Domain clean by the Sucuri Malware Labs blacklist: security.rltk.us - reference
* Domain clean on Yandex (via Sophos): security.rltk.us - reference
Typically the "Red page of death" will come up when someone has linked an image to a hostname that is on the malware blacklist from Google, as conantroutman stated.
If there is an ad causing this (ie, if you see it on more than one thread) then it is possible there is a "Bad ad" being served. These are so customized that likely however much browsing I do I'll never come across it, so if anyone does have this issue and has the ability to determine which script exactly is causing the error, would love to hear it so we can yell at our ad provider.
That includes any shellcode that is being performed by an ad, would be very curious what they are doing.
We are blacklisting security.rltk.us from posting ads, the tough part is sometimes the ad is actually served from somewhere else that forwards to that domain name.
I think it's Google job they hate xda for mods/hacks like 4.2 camera is now blocking(ask to delete download links)
Merry christmas and Happy new year
Paulius
I got this too in the Nexus 7 section a few minutes ago. It was warning about freeimagehosting.net.
---------- Post added at 08:57 PM ---------- Previous post was at 08:55 PM ----------
Paulius7 said:
I think it's Google job they hate xda for mods/hacks like 4.2 camera is now blocking(ask to delete download links)
Merry christmas and Happy new year
Paulius
Click to expand...
Click to collapse
It's not Google. It's members who insist on using shady sites to host their photos and stuff. Those sites are blacklisted by Google and that's why the warning comes up.
I'm getting a warning for valid.canardpc.com when I try to go to this XDA page: http://forum.xda-developers.com/showthread.php?t=2483043&page=33
I recently did some network checks for XDA and found out that they are not providing enough security for the personal information of members in the community.
Basically nothing is encrypted
Here is the login page:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
As you can see it's in MD5, preferably passwords must be encrypted in order to safeguard your personal information. As MD5 hashes can be reversed.
Here is the worst part, I found out that my personal messages are not encrypted and have no security measures in place. A person can easily intercept your message without any reasonable effort.
Nah, that's not the worst part, this is...
When you change your password a potential hacker can intercept both your old and new password IN PLAIN TEXT.
I as a user want my personal data on my account to be safe, XDA should implement a full HTTPS for all Private Messages and User credentials as well as password edting.
Wow, just wow. I'm actually gobsmacked
“Power brings a man many luxuries, but a clean pair of hands is seldom among them.”
― Robert Harris
---------- Post added at 11:20 AM ---------- Previous post was at 11:17 AM ----------
Erm, question Deathnotice01. What about the Google sign in?
“Power brings a man many luxuries, but a clean pair of hands is seldom among them.”
― Robert Harris
That's just sad ?
Sent from my KitKatified HTC One X
I guess it doesn't really matter if I switch to Google sign in if nothing else is secure anyway
“Power brings a man many luxuries, but a clean pair of hands is seldom among them.”
― Robert Harris
@MikeChannon @svetius
Sent from my KitKatified HTC One X
Luckily I am using my Google account to access XDA, but damn - this is a major security flaw, on not on some weirdo site buy on XDA *DEVELOPERS*
RohinZaraki said:
@MikeChannon @svetius
Sent from my KitKatified HTC One X
Click to expand...
Click to collapse
I'm not an expert on this so I've passed it to one of our systems people and Sv has a mention too I see.
Mike
deathnotice01 said:
I recently did some network checks for XDA and found out that they are not providing enough security for the personal information of members in the community.
Click to expand...
Click to collapse
Please see this thread regarding bringing HTTPS to XDA: http://forum.xda-developers.com/showthread.php?t=2383868. It has a lot of discussion about this topic.
deathnotice01 said:
Here is the worst part, I found out that my personal messages are not encrypted and have no security measures in place. A person can easily intercept your message without any reasonable effort.
When you change your password a potential hacker can intercept both your old and new password IN PLAIN TEXT.
Click to expand...
Click to collapse
In both of these situations, an attacker would have to be intercepting your traffic. I don't think that this is considered 'easily intercepted'. But, I agree we should be hashing this information on password change. This is built-in vbulletin functionality that we haven't modified but will take a look at the feasibility of changing it. Shouldn't be too difficult. (Famous last words)
deathnotice01 said:
I as a user want my personal data on my account to be safe, XDA should implement a full HTTPS for all Private Messages and User credentials as well as password edting.[/size]
Click to expand...
Click to collapse
We fully agree with this. However XDA is built on vBulletin which doesn't have great capabilities for https. Here are the two major reasons why we don't have it on XDA yet:
1. vBulletin doesn't seem to handle cross-protocol (or even https) sessions very well. You can log in fine, but the session will expire after 5 minutes on different pages. There were a lot of other vBulletin issues regarding https, and I've actually done a lot of coding to fix most of the issues, but the session issue is still outstanding.
2. XDA is filled with 3rd party content, most of which is unencrypted. This will trigger browser warnings all over the place. The only solution to this that I see is to proxy the content on our own servers with https, however this is a pretty huge endeavor.
I am all on board for doing XDA in full https mode but there are still some of these major issues we haven't worked out solutions to (yet).
Wow, really glad you found this out! I know that because of heart bleed they had to redo a lot of the https encryption, but to think that there was almost no security in which to protect our own privacy, its just mind boggling. Good (bad?) find!
Sent from my SGH-I927 using Tapatalk
In both of these situations, an attacker would have to be intercepting your traffic. I don't think that this is considered 'easily intercepted'. But, I agree we should be hashing this information on password change. This is built-in vbulletin functionality that we haven't modified but will take a look at the feasibility of changing it. Shouldn't be too difficult. (Famous last words)
Click to expand...
Click to collapse
It's really easy.
Sniff traffic of a target device and viola. It's HTTP so no decrypting required even a person without any good network auditing experience can perform this attack.
You can download tools from the internet to do such stuff with relatively low or no setup required.
We fully agree with this. However XDA is built on vBulletin which doesn't have great capabilities for https. Here are the two major reasons why we don't have it on XDA yet:
Click to expand...
Click to collapse
Remember Data breach is a big possibility.
Regardless of the system an appropriate amount of security should be implemented that would reasonably protect the transmission of personal information because you are accountable for the data you collect and/or keep.
I personally thank you for looking into it.
Wrote this S#!t via Samsung Galaxy Note 3 LTE
Just gonna bump this incase there's any updates
Sent via Moto X Developer Edition
As the title said it the standard options allow E-Mail notifications about just anything happening on xda-developers. I was so surprised about the amount of xda-mails I started to wonder if it is a spam distriibutor.
Admins, please remove the E-Mail notifications standard options if people create a new account.
heyadmwutanime said:
As the title said it the standard options allow E-Mail notifications about just anything happening on xda-developers. I was so surprised about the amount of xda-mails I started to wonder if it is a spam distriibutor.
Admins, please remove the E-Mail notifications standard options if people create a new account.
Click to expand...
Click to collapse
You can disable and manage notifications in your account > preferences
I just did. But be honest. A lot of new users won't check it just like me. So what benefits does xda get from it? Ad money?
heyadmwutanime said:
I just did. But be honest. A lot of new users won't check it just like me. So what benefits does xda get from it? Ad money?
Click to expand...
Click to collapse
As stated you can turn off, your notifications or leave them be, for those that are in the forums daily and have multi-threads, it works for them. If you are not active them turn it off, the benefit is for the user to be...notified of threads they post in or track.
And for some checking emails are a daily thing, in this day in age, some live by emails.
I turned off all E-Mail notifications and still get spammed by xda when someone replies to me or follow thread. I am ****ing tired of your **** spamming already! Because of it I accidently deleted some important E-Mails.
heyadmwutanime said:
I turned off all E-Mail notifications and still get spammed by xda when someone replies to me or follow thread. I am ****ing tired of your **** spamming already! Because of it I accidently deleted some important E-Mails.
Click to expand...
Click to collapse
So it is XDA's fault that you deleted "important" emails, I for one use a different email for the important emails, but I manage 4 different emails, work, work, home and XDA. But seems you have not turned off your XDA email notifications, or your XDA notifications. Maybe you can just uninstall XDA from your device, or check the threads below, to see if helps with your issue.
BTW posting in this manner, will not get your issue resolved, but it will get you an infraction against your account, we understand your frustration, but the task falls on you to correct.
Maybe there is some help in these threads for you:
[Index] XDA 2021: How to Navigate the New Site Layout
XDA 2021 [INDEX] Helpful Information Welcome, this thread has been created to encompass everything you may need to navigate the new site layout. Please only post in this thread with feedback on how to improve this document. Do not post "Thank...
forum.xda-developers.com
[Index] XDA 2021: Navigating the New Forum App
Navigating the New Forum App [INDEX] Helpful Information Welcome, this thread has been created to encompass everything you may need to use this app. Please only post in this thread with feedback on how to improve this document. Do not post...
forum.xda-developers.com
@T.C.Stockdale Actually, I'd love to learn how to receive an email notification if "someone replies to me" i.e. if I'm mentioned or quoted. I'm not talking about an alert in browser or app. I believe I really tried everything but I'm unable to figure out how to receive such an email notification. Currently, I think it's just not implemented, and therefore I'm even more wondering why and how @heyadmwutanime gets these emails as stated?
Oswald Boelcke said:
@T.C.Stockdale Actually, I'd love to learn how to receive an email notification if "someone replies to me" i.e. if I'm mentioned or quoted. I'm not talking about an alert in browser or app. I believe I really tried everything but I'm unable to figure out how to receive such an email notification. Currently, I think it's just not implemented, and therefore I'm even more wondering why and how @heyadmwutanime gets these emails as stated?
Click to expand...
Click to collapse
Not sure how others or you have it set, I, in my preferences, have checked the email options checked for everything listed in there, I use a different email for XDA, as stated, so my home, work emails don't get overwhelmed, and the emails do come in, along with the app notifications, this way I don't miss anything, that I want to know about. Not sure why you don't get them, but I do, and seems others are, hence the OP's post.
Unless I have a special account, highly doubt it, just a regular Member, so if I get them, not sure why others are not.
T.C.Stockdale said:
Not sure how others or you have it set, I, in my preferences, have checked the email options checked for everything listed in there, I use a different email for XDA, as stated, so my home, work emails don't get overwhelmed, and the emails do come in, along with the app notifications, this way I don't miss anything, that I want to know about. Not sure why you don't get them, but I do, and seems others are, hence the OP's post.
Unless I have a special account, highly doubt it, just a regular Member, so if I get them, not sure why others are not.
Click to expand...
Click to collapse
No, no. All above is clear. I tried all settings in preferences, too. But then I receive an email notification whenever somebody posts in a thread, in which I've also ported i.e. interacted with. Such an email notification, I don't want to receive; only an email notification when I'm mentioned or quoted. But as I said, I think this isn't implemented and as such not selectable.
Therefore my current preferences look like this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}