» Menu

» Login

» OB/Site News

Upcoming Moderation Changes
Comments: 17 - Views: 3129 - Votes: 0
Omerta News Integration
Comments: 54 - Views: 29491 - Votes: 0
War rating
Comments: 10 - Views: 18375 - Votes: 4
» Articles
Date Comments Rating

General Comments & Major Rumors
Comments: 54,372 - Views: 7,128,872 - Votes: 81
Comments: 112 - Views: 2,892 - Votes: 0
01-05 Labour day war
Comments: 141 - Views: 4,341 - Votes: 0
Lusa under fire..
Comments: 66 - Views: 2,655 - Votes: 0
Pre-plating update..
Comments: 15 - Views: 830 - Votes: 0
First families...
Comments: 14 - Views: 796 - Votes: 0
Article is Locked!
19-03 Horde under fire!
Comments: 121 - Views: 6,507 - Votes: 0
18-03 NSA broken..
Comments: 101 - Views: 6,006 - Votes: 3
15-03 Plating war day two
Comments: 52 - Views: 3,839 - Votes: 0
14-03 Plating war thread
Comments: 148 - Views: 10,624 - Votes: 0
go back
go forward
» Barafranca News

» Mafia News

» Online last 15 minutes

Guests: 153
Total members: 3557
Online: 0 (0%)
21-02 Identity theft [fixed]
Author: sbanks
Last updated: 3373d 9h 26m 6s ago by sbanks
Comments: 2
Views: 2,648
Votes: 0 (0 average)
Version: 3.3
The bug related "identity theft" got fixed, from now on, we will use sessions.

Written on 21st february:
We thought we were being smart when we created this site..

So instead of using "cookies" for a user session we used IP matches to identify a user, so he/she would stay/be auto logged in. This all Because cookies can be faked quite easily with some random Firefox addon.

Now we face a new problem, more and more people are using "public" networks with their smartphones.

The problem:
Lets say you have a smartphone and are using Vodafone, you open your browser and get the ip from Vodafone. You log in on OmertaBeyond News read some comments, maybe post something, and leave the site again.

Now person B opens OmertaBeyond News, also using Vodafone, and gets the same IP Address from Vodafone ( and is thus autocratically logged in as you, and can post as you.

The chances of this happening ain't really big, but the last week, I know (at least) 3 events.

Temporary solutions:
- Press logout when you are done visiting the site.
- Only login when you want to post
- Don't login and just use a ` or - behind your nickname when posting a comment

- This can also happen when using the internet from your work place, as most computers will use only 1 gateway.
- No, people who accidentally get logged in on your account can't see your password, not even change it.
- Some one posted as you? join #beyond, and give me (sbanks) a pm, I'll remove the comment(s)
- Can't login anymore because you lost your password? #beyond

What we gonna do?
- We will add sessions based on cookies

I hope i informed everyone enough, for questions/remarks #beyond or /q sbanks hi

Add a YouTube movie Add an image Add a link/url Help
bennaz Netherlands (23:21:02 - 21-02)
Link Quote
Npnp xD
FooBarBaz (22:11:51 - 21-02)
Link Quote
Y U No Work ?!