×
  • remind me tomorrow
  • remind me next week
  • never remind me
Subscribe to the ANN Newsletter • Wake up every Sunday to a curated list of ANN's most interesting posts of the week. read more

Forum - View topic
NEWS: Ellation Posts Update on Crunchyroll Redirect Issue, Explains Steps to Get Rid of Malware


Goto page 1, 2  Next

Note: this is the discussion thread for this article

Anime News Network Forum Index -> Site-related -> Talkback
View previous topic :: View next topic  
Author Message
Mune



Joined: 20 May 2004
Posts: 383
Location: Minnesota
PostPosted: Sun Nov 05, 2017 1:01 am Reply with quote
I was lucky enough not to have any installer come up. I just got an error, but this is still a sad day for Crunchyroll. It may even have a negative impact on the site and service because it shows a lack of security. Many people who have accounts, paid and non-paying, may have been compromised. Yet, that is not being addressed at all.

I'm glad Crunchyroll and it's parent company, Ellation, has taken charge of the situation in a timely manner. It shows that they took responsibility of the situation and how to solve the most important parts of this problem first. I'm hoping that they eventually address all of the issues.
Back to top
View user's profile Send private message
Thorfinn





PostPosted: Sun Nov 05, 2017 1:53 am Reply with quote
Wow, so reassuring to see they said they'd prevent this from happening again and good to see they will improve their security in the futur-

OH WAIT, they didn't even bother to say that much. Are they hoping people forget about this, like everyone forgot about their encodimg issue they had, by the way, they still haven't fixed the vast majority of their catalogue yet, you know, the older stuff.
Back to top
0nsen



Joined: 01 Nov 2014
Posts: 256
PostPosted: Sun Nov 05, 2017 5:00 am Reply with quote
People don't have long memories. The Sony hacks are long forgotten, it seems. So is the red ring of death and that time earlier this year ANN's .com domain got haxx0red. And who was this Snowden guy again? Animators being paid a pittance, KyoAni doing FMP..

I bet nobody cares about this by Christmas.
Back to top
View user's profile Send private message
ArnisEnthusiast



Joined: 12 Jul 2017
Posts: 74
PostPosted: Sun Nov 05, 2017 7:06 am Reply with quote
So... if anything it was CloudFlare's fault? I thought that was really secure too.
Back to top
View user's profile Send private message
mgosdin



Joined: 17 Jul 2011
Posts: 1302
Location: Kissimmee, Florida, USA
PostPosted: Sun Nov 05, 2017 8:55 am Reply with quote
Your security is only as good as the weakest link in the chain, that is normally the end user but in this case it was Cloudflare. Not much Crunchyroll can do if their intermediary has a problem. Targeting Cloudflare should be orders of magnitude more difficult than Crunchyroll ( or ANN which uses them as well ) proper, but still a way was found.

My advice would be to have a few third parties involved in your IT operation as possible. Not that anyone would take my advice.

Mark Gosdin
Back to top
View user's profile Send private message
GoldCrusader



Joined: 25 Apr 2017
Posts: 1023
PostPosted: Sun Nov 05, 2017 9:20 am Reply with quote
Sounds like Cloudflare is the one having problems right now. They are the one transferring users right? Not much Crunchyroll could do.
Back to top
View user's profile Send private message
Kadmos1



Joined: 08 May 2014
Posts: 13626
Location: In Phoenix but has an 85308 ZIP
PostPosted: Sun Nov 05, 2017 10:08 am Reply with quote
There is no really no such thing a perfectly secure server. Even if you add in all necessary security features, someone out there is smart enough to find a tiny hole in that barrier.
Back to top
View user's profile Send private message
Erebus25



Joined: 10 Oct 2016
Posts: 10
PostPosted: Sun Nov 05, 2017 10:43 am Reply with quote
I guess there wasn't much CR could've done about it, but it still took them 2 and a half hours to take the site offline.
Back to top
View user's profile Send private message
yurihellsing





PostPosted: Sun Nov 05, 2017 10:47 am Reply with quote
Thorfinn wrote:
Wow, so reassuring to see they said they'd prevent this from happening again and good to see they will improve their security in the futur-

OH WAIT, they didn't even bother to say that much. Are they hoping people forget about this, like everyone forgot about their encodimg issue they had, by the way, they still haven't fixed the vast majority of their catalogue yet, you know, the older stuff.


Why not people seem to have forgotten how they got started not sure if they took money for it but they first started with fansubs and weren't even legit IIRC.
Back to top
Northlander



Joined: 10 Feb 2009
Posts: 911
PostPosted: Sun Nov 05, 2017 12:39 pm Reply with quote
ArnisEnthusiast wrote:
So... if anything it was CloudFlare's fault? I thought that was really secure too.

No, it's whoever hacked that site and put the EXE file out there who's at fault. Regardless of how secure anyone thinks Crunchy or Cloudflare should be, let's not pretend it's anyone's fault but whoever did this in the first place. The fact that someone thinks a VICTIM of a hacking episode should be to blame is.... an unappetizing attitude.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Lord of Fire



Joined: 28 Apr 2010
Posts: 16
PostPosted: Sun Nov 05, 2017 1:37 pm Reply with quote
Northlander wrote:
ArnisEnthusiast wrote:
So... if anything it was CloudFlare's fault? I thought that was really secure too.

No, it's whoever hacked that site and put the EXE file out there who's at fault. Regardless of how secure anyone thinks Crunchy or Cloudflare should be, let's not pretend it's anyone's fault but whoever did this in the first place. The fact that someone thinks a VICTIM of a hacking episode should be to blame is.... an unappetizing attitude.


If that blame stems from irresponsible behavior, then yes, they should share part of the blame, especially if people were compromised due to the virus.

Now, I'm not saying CF failed to properly secure their servers, but if it turns out that they did pretty much gave hackers a free pass into their systems (intentional or not), then they should be held accountable for that.
Back to top
View user's profile Send private message
slau783



Joined: 04 Feb 2004
Posts: 40
PostPosted: Sun Nov 05, 2017 1:47 pm Reply with quote
ArnisEnthusiast wrote:
So... if anything it was CloudFlare's fault? I thought that was really secure too.


GoldCrusader wrote:
Sounds like Cloudflare is the one having problems right now. They are the one transferring users right? Not much Crunchyroll could do.


This sounds like a classic case of phishing. Notice that it is reported that the configuration for Crunchyroll's Cloudflare was modified. Cloudflare itself was not hacked and is working appropriately. Most likely someone at Crunchyroll got an email from a hacker pretending to be Cloudflare. It would have a link to a login page to verify the account or some other urgent sounding claim. That person clicks the link and enter's Crunchyroll's login credentials. Now the hacker has all they need to go in and change the redirect to their own malicious website. This is incredibly common.
Back to top
View user's profile Send private message
hickey92



Joined: 15 Sep 2012
Posts: 25
PostPosted: Mon Nov 06, 2017 5:32 am Reply with quote
yurihellsing wrote:


Why not people seem to have forgotten how they got started not sure if they took money for it but they first started with fansubs and weren't even legit IIRC.



People always seem to bring this up, but I've never understood the point. It always seems to be brought up as a reason to not subscribe to them and use illegal sites instead. They've been a legitimate site for nearly ten years now, so why does it matter that they 'used' to be an illegitimate one?
Back to top
View user's profile Send private message
Blood-
Bargain Hunter



Joined: 07 Mar 2009
Posts: 24250
PostPosted: Mon Nov 06, 2017 7:15 am Reply with quote
@ hickey92 - I know, I roll my eyes whenever I see this. Guarantee you that 100 years from now some dumbass is going to write, "I can't support Crunchyroll because they started off illegit in the last century."
Back to top
View user's profile Send private message My Anime My Manga
yurihellsing





PostPosted: Mon Nov 06, 2017 3:06 pm Reply with quote
hickey92 wrote:
yurihellsing wrote:


Why not people seem to have forgotten how they got started not sure if they took money for it but they first started with fansubs and weren't even legit IIRC.



People always seem to bring this up, but I've never understood the point. It always seems to be brought up as a reason to not subscribe to them and use illegal sites instead. They've been a legitimate site for nearly ten years now, so why does it matter that they 'used' to be an illegitimate one?


Oh I'm from the old days where you had 4 or 5 groups subbing one show and sometimes you got to speak with them and get to know them. It's kinda bad to see someone's hard work you translating, typesetting, etc being on a site with a pay wall when they gave it out for free. Also almost 10 years of legitimacy with region blocking on the side does not make up for the time spent illegitimate.
Back to top
Display posts from previous:   
Reply to topic    Anime News Network Forum Index -> Site-related -> Talkback All times are GMT - 5 Hours
Goto page 1, 2  Next
Page 1 of 2

 


Powered by phpBB © 2001, 2005 phpBB Group