View previous topic :: View next topic |
Author |
Message |
|
Mune
Joined: 20 May 2004
Posts: 383
Location: Minnesota
|
Posted: Sun Nov 05, 2017 1:01 am
|
|
|
I was lucky enough not to have any installer come up. I just got an error, but this is still a sad day for Crunchyroll. It may even have a negative impact on the site and service because it shows a lack of security. Many people who have accounts, paid and non-paying, may have been compromised. Yet, that is not being addressed at all.
I'm glad Crunchyroll and it's parent company, Ellation, has taken charge of the situation in a timely manner. It shows that they took responsibility of the situation and how to solve the most important parts of this problem first. I'm hoping that they eventually address all of the issues.
|
Back to top |
|
|
Thorfinn
|
Posted: Sun Nov 05, 2017 1:53 am
|
|
|
Wow, so reassuring to see they said they'd prevent this from happening again and good to see they will improve their security in the futur-
OH WAIT, they didn't even bother to say that much. Are they hoping people forget about this, like everyone forgot about their encodimg issue they had, by the way, they still haven't fixed the vast majority of their catalogue yet, you know, the older stuff.
|
Back to top |
|
|
0nsen
Joined: 01 Nov 2014
Posts: 256
|
Posted: Sun Nov 05, 2017 5:00 am
|
|
|
People don't have long memories. The Sony hacks are long forgotten, it seems. So is the red ring of death and that time earlier this year ANN's .com domain got haxx0red. And who was this Snowden guy again? Animators being paid a pittance, KyoAni doing FMP..
I bet nobody cares about this by Christmas.
|
Back to top |
|
|
ArnisEnthusiast
Joined: 12 Jul 2017
Posts: 74
|
Posted: Sun Nov 05, 2017 7:06 am
|
|
|
So... if anything it was CloudFlare's fault? I thought that was really secure too.
|
Back to top |
|
|
mgosdin
Joined: 17 Jul 2011
Posts: 1302
Location: Kissimmee, Florida, USA
|
Posted: Sun Nov 05, 2017 8:55 am
|
|
|
Your security is only as good as the weakest link in the chain, that is normally the end user but in this case it was Cloudflare. Not much Crunchyroll can do if their intermediary has a problem. Targeting Cloudflare should be orders of magnitude more difficult than Crunchyroll ( or ANN which uses them as well ) proper, but still a way was found.
My advice would be to have a few third parties involved in your IT operation as possible. Not that anyone would take my advice.
Mark Gosdin
|
Back to top |
|
|
GoldCrusader
Joined: 25 Apr 2017
Posts: 1023
|
Posted: Sun Nov 05, 2017 9:20 am
|
|
|
Sounds like Cloudflare is the one having problems right now. They are the one transferring users right? Not much Crunchyroll could do.
|
Back to top |
|
|
Kadmos1
Joined: 08 May 2014
Posts: 13626
Location: In Phoenix but has an 85308 ZIP
|
Posted: Sun Nov 05, 2017 10:08 am
|
|
|
There is no really no such thing a perfectly secure server. Even if you add in all necessary security features, someone out there is smart enough to find a tiny hole in that barrier.
|
Back to top |
|
|
Erebus25
Joined: 10 Oct 2016
Posts: 10
|
Posted: Sun Nov 05, 2017 10:43 am
|
|
|
I guess there wasn't much CR could've done about it, but it still took them 2 and a half hours to take the site offline.
|
Back to top |
|
|
yurihellsing
|
Posted: Sun Nov 05, 2017 10:47 am
|
|
|
Thorfinn wrote: | Wow, so reassuring to see they said they'd prevent this from happening again and good to see they will improve their security in the futur-
OH WAIT, they didn't even bother to say that much. Are they hoping people forget about this, like everyone forgot about their encodimg issue they had, by the way, they still haven't fixed the vast majority of their catalogue yet, you know, the older stuff. |
Why not people seem to have forgotten how they got started not sure if they took money for it but they first started with fansubs and weren't even legit IIRC.
|
Back to top |
|
|
Northlander
Joined: 10 Feb 2009
Posts: 911
|
Posted: Sun Nov 05, 2017 12:39 pm
|
|
|
ArnisEnthusiast wrote: | So... if anything it was CloudFlare's fault? I thought that was really secure too. |
No, it's whoever hacked that site and put the EXE file out there who's at fault. Regardless of how secure anyone thinks Crunchy or Cloudflare should be, let's not pretend it's anyone's fault but whoever did this in the first place. The fact that someone thinks a VICTIM of a hacking episode should be to blame is.... an unappetizing attitude.
|
Back to top |
|
|
Lord of Fire
Joined: 28 Apr 2010
Posts: 16
|
Posted: Sun Nov 05, 2017 1:37 pm
|
|
|
Northlander wrote: |
ArnisEnthusiast wrote: | So... if anything it was CloudFlare's fault? I thought that was really secure too. |
No, it's whoever hacked that site and put the EXE file out there who's at fault. Regardless of how secure anyone thinks Crunchy or Cloudflare should be, let's not pretend it's anyone's fault but whoever did this in the first place. The fact that someone thinks a VICTIM of a hacking episode should be to blame is.... an unappetizing attitude. |
If that blame stems from irresponsible behavior, then yes, they should share part of the blame, especially if people were compromised due to the virus.
Now, I'm not saying CF failed to properly secure their servers, but if it turns out that they did pretty much gave hackers a free pass into their systems (intentional or not), then they should be held accountable for that.
|
Back to top |
|
|
slau783
Joined: 04 Feb 2004
Posts: 40
|
Posted: Sun Nov 05, 2017 1:47 pm
|
|
|
ArnisEnthusiast wrote: | So... if anything it was CloudFlare's fault? I thought that was really secure too. |
GoldCrusader wrote: | Sounds like Cloudflare is the one having problems right now. They are the one transferring users right? Not much Crunchyroll could do. |
This sounds like a classic case of phishing. Notice that it is reported that the configuration for Crunchyroll's Cloudflare was modified. Cloudflare itself was not hacked and is working appropriately. Most likely someone at Crunchyroll got an email from a hacker pretending to be Cloudflare. It would have a link to a login page to verify the account or some other urgent sounding claim. That person clicks the link and enter's Crunchyroll's login credentials. Now the hacker has all they need to go in and change the redirect to their own malicious website. This is incredibly common.
|
Back to top |
|
|
hickey92
Joined: 15 Sep 2012
Posts: 25
|
Posted: Mon Nov 06, 2017 5:32 am
|
|
|
yurihellsing wrote: |
Why not people seem to have forgotten how they got started not sure if they took money for it but they first started with fansubs and weren't even legit IIRC. |
People always seem to bring this up, but I've never understood the point. It always seems to be brought up as a reason to not subscribe to them and use illegal sites instead. They've been a legitimate site for nearly ten years now, so why does it matter that they 'used' to be an illegitimate one?
|
Back to top |
|
|
Blood-
Bargain Hunter
Joined: 07 Mar 2009
Posts: 24250
|
Posted: Mon Nov 06, 2017 7:15 am
|
|
|
@ hickey92 - I know, I roll my eyes whenever I see this. Guarantee you that 100 years from now some dumbass is going to write, "I can't support Crunchyroll because they started off illegit in the last century."
|
Back to top |
|
|
yurihellsing
|
Posted: Mon Nov 06, 2017 3:06 pm
|
|
|
hickey92 wrote: |
yurihellsing wrote: |
Why not people seem to have forgotten how they got started not sure if they took money for it but they first started with fansubs and weren't even legit IIRC. |
People always seem to bring this up, but I've never understood the point. It always seems to be brought up as a reason to not subscribe to them and use illegal sites instead. They've been a legitimate site for nearly ten years now, so why does it matter that they 'used' to be an illegitimate one? |
Oh I'm from the old days where you had 4 or 5 groups subbing one show and sometimes you got to speak with them and get to know them. It's kinda bad to see someone's hard work you translating, typesetting, etc being on a site with a pay wall when they gave it out for free. Also almost 10 years of legitimacy with region blocking on the side does not make up for the time spent illegitimate.
|
Back to top |
|
|
|