- IMPORTANT INFO ABOUT YOUR ST ACCOUNT – PLEASE READ
You may have read recently about a problem with the internet – there’s a hole in it.
In very basic terms that I’ve no doubt may be beneath many of you, but not all, it means that a staggering number of websites that thought they were secure for the last few years have found out, through no fault of their own, that they are not.
At the core of the issue is a bug in a file that is common on most servers that could allow access by a third party to sensitive information stored on those servers. This has all come to light in the past few days.
Singletrack was vulnerable to this bug along with millions of other websites. The vulnerability on our servers has already been fixed.
However, no affected websites have any way of detecting if this bug has been exploited in the past. So, what do we all do now?
Change your passwords! Do it now. http://singletrackworld.com/wp-login.php?action=lostpassword
We recommend that you change your passwords, not only for Singletrack but all websites that you have accounts with, on a regular basis. We’ve all heard that advice before but it’s never been more important to heed it than now.
If you have questions then feel free to ask them here. If you are a techie and have answers to those questions then feel free to chip in. There’s already a good thread running at the moment here that has some excellent info and tips.Posted 3 years agoGrahamSSubscriber
Coincidentally there is another good thread running about the best way to remember lots of secure passwords.Posted 3 years agorussianbobMember
A ‘staggering’ amount of websites? Most servers? Really? Are you sure. This only affects ONE SSL product, of which there are many. Perhaps, of more concern is that ST doesn’t seem to use any form of secure connection at all. I certainly can’t see any evidence that it does.Posted 3 years ago
As I understand it,
The problem isn’t the certificate per sé, it’s that the private key might be compromised.
Issue dates aside, if the server cert has been renewed using the same private key then it resolves nothing, the risk will persist. If the existing cert is rey-keyed however then the original certificate will be effectively revoked and reissued, which will fix the problem.
I assume ST Towers has done the latter, but I have no means of verifying this. (-:Posted 3 years agoTomMember
Yes, the latter – rekeyed, revoked, reissued. The key is new. I’ll show you the old one one day 🙂 The new key tackles the threat of decryption of future SSL traffic. If someone had exploited this bug in the past, and been lucky enough to capture our old private key, they may have been able to spoof our site and decrypt SSL traffic to it until a couple of days ago, if they could have intercepted traffic to it and been bothered. I have seen no sign of it happening, but it is no longer an increased risk.Posted 3 years agobrassneckSubscriber
I only use this username on cycling websites. It’s not linked to anything financial or any mobile phone, facebook, google, twitter etc. If I don’t change my password, what’s the worst that can happen?
Nothing really. Impersonation as you on STW, and trolling 29er threads? 🙂Posted 3 years agotrailofdestructionMember
It’s a +1 for this as well I’m afraid
Tried several times to reset my password on here, just not working. The link keeps flipping me out.
Help please Mods. Linky no worky. Just going round and round in circles. Tried 5 times now.
As Junkyard says above
it takes you back to the home page and then you have to submit your current password and then it emails you the same link again
ThanksPosted 3 years agoTomMember
We’re looking into the password issue, which happens not every time but in particular circumstances.
a) ensure your email address is correct
b) check your spam folder for the email from us
c) log out and clear your stw cookies.
This link will log you out and clear your stw cookies:
Users with an email address of invalid_email_address@stw – this indicates that the last one was removed for one reason or another.Posted 3 years ago
The topic ‘IMPORTANT INFO ABOUT YOUR ST ACCOUNT – PLEASE READ’ is closed to new replies.