1  2  3  Next

Comments 1 to 50 out of 133:

1. andylee at 21:22 PM on 24 March, 2012
   John, this is sad news, but as a webhosting provider for 15 years it is my field of expertise and would be happy to help for free.
2. Martin at 21:26 PM on 24 March, 2012
   I tried to change my name by clicking on Update Profile form.
   I got an error message "That username has already been taken".
   
   I don't understand why anybody would do somtething like this. Afterall, everything we posted is public. Reposting anything I wrote on a russian website doesn#t make any sense.
3. Jsquared at 21:41 PM on 24 March, 2012
   Changing password via 'Update Profile Form' just worked for me.
   
   I think it's just another form of harassment.
4. andylee at 21:44 PM on 24 March, 2012
   It's just another skirmish in the climate wars just giving more credibility to the AGW case because of frightened fossil fuel interests.
   Either that, or just the usual Russians hacking for email lists. In either case, I have no fear, but others might.
5. CBDunkerson at 21:52 PM on 24 March, 2012
   Anyone else wondering if there is a connection to the CRU hack here?
   
   Given that this is a public discussion board the only 'benefit' the perpetrator(s) could hope to gain from this would be harassment of the site participants. Maybe 'behind the scenes' discussions about the administration of the site. Are the deluded and the deluders really that hard up for new material? They seemed to be doing 'just fine' churning out a constant stream of mindless arguments against reality.
6. jsam at 22:06 PM on 24 March, 2012
   SkS has proven to be too good at debunking. I was assuming you were always a target. I wonder if it'll end up in the hands of the delightful Delingpole and Watts as per climatenongate. I'm sure some brave denier will step forward and confess. :-))
   Moderator Response: [Riccardo] Anthony Watts is explicitly mentioned in the post as not willing to spread the stolen files. Let's be fair.
7. hank_ at 22:08 PM on 24 March, 2012
   From what I understand it's being referred to in the blogosphere as a 'breach of a security hole' at SKS. And blogs are talking about SKS's internal "The Consensus Project" in an unflattering way.
   Make sure you're using the latest version of your blogging software (ie; Wordpress, etc).
   Response: [JC] The "breach of security hole" is a falsehood provided by the hacker, trying to deflect from the illegal activity of hacking a website and publishing private details online. The entire user database was dumped. That is only possible via hacking or if one has the database password. Only I have that.
8. Lionel A at 22:28 PM on 24 March, 2012
   Some nasty people out there, I too would suspect the same hands as with the CRUhack. This does not come as a surprise. Keep up the good work which is obviously perceived as a threat.
9. jsam at 22:29 PM on 24 March, 2012
   Having just read that Anthony Watts is not posting the link I retract and apologise for my slight to him (post 6).
10. CBDunkerson at 22:38 PM on 24 March, 2012
    'Hacking' and 'breaching a security hole' are synonymous. Someone found a way to get around the SkS website security. The 'unflattering' things being said seem pathetic even by usual denier standards. They committed a crime for this? Really?
    
    Though reading the hacker's bizarrely delusional words (i.e. "This is an anonymous leak per the standard, but I will consider stepping bravely forward if I get caught.") I suppose I shouldn't be surprised about their bizarrely delusional actions.
11. pvincell at 22:43 PM on 24 March, 2012
    John, thanks for all the work to keep the credible, peer-reviewed science on climate change in the forefront. Have changed my password as suggested.
12. MarkR at 22:51 PM on 24 March, 2012
    #2 Martin, as the post says, some people chose to remain anonymous. With private information publically posted on the internet, they might not be any more.
    
    We've already seen that those hostile to climate science are willing to use crime, harrassment and intimidation.
    
    
    And thanks to Anthony Watts for doing the right thing.
13. CollinMaessen at 22:55 PM on 24 March, 2012
    I find it odd that they constantly try to get access to private information and then try to use that to smear people involved or attempt to undermine the science. As hacking software is taking a real risk and crossing a significant line.
    
    So with this I'll be waiting for some of the usual suspect to try to data mine the information and use it for just that. Although I'm pleasantly surprised by Watts not linking to the information.
14. TScanlon at 23:11 PM on 24 March, 2012
    The only part I'm concerned about is the spam mail that will inevitably hit my inbox as a result of this. I've already had some lovely threatening emails of late.
    
    Most of the blog talk is even less informed than usual. Clearly they haven't been moderators on forums before.
15. andylee at 23:18 PM on 24 March, 2012
    I don't think SKS is the only site on its server (or servers), so the entry point could have come through many other vectors. An sql injection attack may have allowed admin access to the website, and allowed uploading code that could browse the server with the webserver's permissions and reveal db passwords of all the sites and dump them and site contents to a remote machine.
    (Servers rarely have firewalls on outgoing traffic)
    
    Alternatively if any users account on the system was compromised via an ssh/ftp brute force attack, or via a keylogger trojan on their home machines, and the site isn't using suPHP to compartmentalize apache access, and could access any other world readable file belonging to other users' sites in the server's docroot, then that could reveal a db password if the server is not using suPHP to separate users' sites.
    If the hacker managed to get a shell account and if the kernel was old and yielded to a root exploit then they could have obtained ownership of the machine, and therefore ownership of all the sites and their databases.
    If root access was ever obtained, then nothing in the operating system can be trusted anymore, and needs wiping and reinstalling as it could just present the illusion of being your server (ala The Matrix)
    
    If SKS was the only site on the server then it could appear to be targeted, but if the server is shared then it seems more likely that it's just another random victim in the same way that hundreds of thousands of sites are broken into every year to provide email addresses, identity theft, proxy services and run as botnet controllers.
    
    Forensics should determine what happened, if they couldn't erase the logfiles.
16. DrTsk at 23:18 PM on 24 March, 2012
    Desperate people seeking desperate measures. We got nothing to fear. They can threat/spam all the want. I got enough spam already. Thanks google for throwing it away!
17. andylee at 23:27 PM on 24 March, 2012
    They won't get much joy from spamming my email address... it's been harvested to death for the last 15 years, and still going strong... I reported 300,000 spam messages to spamcop just since December!
18. Riccardo at 23:34 PM on 24 March, 2012
    People tend to use the same password for several different services. Having it hacked might be a problem.
19. R. Gates at 23:48 PM on 24 March, 2012
    An unfortunate event certainly, and quite possibly the work of the same individual or group that initiated the Climategate hack. If that is the case, their desperation is sad indeed. It is to his credit that Anthony Watts is refusing to link to the site, and we'll have to see how others in the skeptical side of things respond. What is most absurd of course is any notion that anything could be gained by such a hack, as though there were any secret "warmist" communications to be revealed. Nature is revealing quite plainly the anthropogenic effect of human activity on the planet, and try as they might, deniers have less and less wiggle room to spin their fantasy. This absurdly warm March over much of North America, stretching from Mexico all the way to the edge of the Arctic iperhaps has turned the heat up on certain groups to launch personal attacks as the facts and science continue to not support their denialist position.
20. MarkR at 00:05 AM on 25 March, 2012
    19 R Gates - America is just America, less than 2% of the globe. The heatwave looks spectacular, but could it be just the weather?
    
    Seems a bit early to say, until some does the proper analysis.
    
    But perhaps what is relevant is that it affects public understanding and what the media say. A March heatwave is reasonably annoying for climate science opponents, if we were getting the same anomalies at the height of summer though it would probably be a public relations disaster for them.
21. Paul from VA at 00:13 AM on 25 March, 2012
    Technical Question, were the passwords stored in plaintext, or did the hackers just get the hashes that they will then have to crack offline?
22. Ed Davies at 00:13 AM on 25 March, 2012
    I wonder if this hasn't been happening for a while. I use unique e-mail addresses within my domain for accounts such as this. I started getting spam on the address I was using for this site so changed it at the end of January. Trawling though my spam buckets seems to show that the earliest message was for 2012-01-22 but actual messages might have started earlier - that might have been when I cleared things out (I do so every few months). Filters now changed to watch a bit more carefully for spam on all the addresses I've ever used for this site.
    
    Of course, it's possible I've leaked the address myself somehow but it seems unlikely as it's "receive only".
23. Ed Davies at 00:16 AM on 25 March, 2012
    @Paul from VA: the post says “Although user passwords are encrypted in the database, it is unknown whether the hacker has been successful in decrypting passwords.”
24. andylee at 00:30 AM on 25 March, 2012
    If they are just unsalted MD5 passwords, 8 character alphanumeric passwords can be cracked in minutes using a GPU. They can, wait for it, run 100 billion attempts per second. As all accounts are tested practically simultaneously against the test hash, thousands of weak accounts are cracked in mere seconds.
    Salted hashes take much much longer, but any hash collision would produce a valid password.
    
    Bigger hashes such as SHA256 or SHA512 using a salt are currently practically impossible to crack.
    
    Medieval technology usually works much better on the soft and squidgy human owner!
25. R. Gates at 00:32 AM on 25 March, 2012
    Mark R.,
    
    I agree that it is the N. American March heat wave could be seen as "just weather" but such extreme record shattering warm events are consistent with the general trends expected over the coming years, decades, and centuries. Such events are Anthropocene weather. The human fingerprint is everywhere on the planet, and while of course there is always natural variabilty, it is impossible to any longer separate out those "just weather" events that do not contain some anthropogenic influence. This is true on both the micro and macro climate scales. The day in and day out weather of the planet exists under the Anthropocene background. It is all Anthopocene weather.
26. Homer Lane at 01:10 AM on 25 March, 2012
    Whenever it suits his purposes, Anthony Watts/WUWT has not scrupled to leak unilaterally leak personal information regarding WUWT posters.
    
    That is why pronouncements regarding ethics from Anthony should be discounted entirely.
    Moderator Response: [Dikran Marsupial] This is a poor way to respond to Anthony Watt's responsible and ethical stance on this issue. Please, no more of this sort of thing.
27. dana1981 at 01:17 AM on 25 March, 2012
    Anthony Watts immediately notified us when the hacker tried to post the stolen information on WUWT, and has not allowed it to be posted, so he deserves credit for doing the right thing. Unfortunately a couple of other blogs have allowed their dislike of SkS to trump their ethical standards.
28. Bernard J. at 01:45 AM on 25 March, 2012
    A little while ago the only other account I have that shared both my name and my old SkS password wouldn't log me in. I was quite puzzled about the strangeness of it, but I was able to reset using the 'forgotten password' function - the email address hadn't changed.
    
    It seems that I now I have a reason to explain that oddity...
    
    And this isn't the first time that I've had accounts do this after a site hack. Fortunately, after the first time I changed most of my log-in type accounts so that each had a unique combination of ID and password.
    
    I note that at least one hard-core Denialist is leaving the links (and updates) on his blog. It seems that the Denialati have very quickly forgotten their righteous words of umbrage after Peter Glieck's scoring of material from the Heartland group - and this hack is much more clearly illegal, and in many more ways.
    
    Ah, the stinking hypocrisy.
29. Sphaerica at 01:58 AM on 25 March, 2012
    EVERYONE is very strongly advised to immediately change their password to something unique to this site, and to change passwords on any other site where you used the same password as this one (and don't ever, ever do that again, because once one site is hacked they can go everywhere if you used the same password).
30. logicman at 02:46 AM on 25 March, 2012
    I would like to add my own voice to others in thanking Anthony Watts for not posting the hacked information.
    The hacker has caused some inconvenience, but has not found anything of value in the scientific debate. Facts, properly evaluated, cannot be outweighed by private conversations.
    As to the heatwave in America: it isn't local weather. Here in the UK we are also experiencing unseasonaly hot weather, as reported by the Guardian.
31. 2012 and all that at 02:51 AM on 25 March, 2012
    Thanks for notification of this... this is terrible news and I hope the cuplrits are discovered soon.
    
    As per your advice I've changed my details.
32. Dikran Marsupial at 03:00 AM on 25 March, 2012
    I would also like to thank Anthony Watts and the other bloggers who have refused to share the links; it is greatly appreciated. I hope the hacker draws the conclusion from their response that his or her actions were not in any way justifiable, especially revealing contributors private details, that was absolutely reprehensible.
33. Doc Snow at 03:23 AM on 25 March, 2012
    Luckily, I'd used a different password here--now changed per the update form.
    
    Other than that, I don't much care; anyone who spends a little time can find my real name and location.
    
    Which, of course, doesn't make the violation any less unethical--especially since others here may have reason to feel quite differently on this issue than I do.
34. Bob Loblaw at 03:24 AM on 25 March, 2012
    No spam or unexpected emails in my inbox from this, but profiles changed just in case.
    
    Apart from risks of harassment, due to private email addresses being exposed, there is also the possibility that the perpetrators just wish to scare people away from participating in SkS. Those that have chosen to participate anonymously (or pseudonomously) may not feel comfortable with the idea that their personal or work lives are at risk.
    
    Clearly, someone in the denialsphere is looking at SkS as "the enemy". This is the result of someone that considers SkS to be a serious opponent, so I hope that all contributors continue to participate.
35. John Hartz at 03:40 AM on 25 March, 2012
    "The only thing we have to fear, is fear itself!"
36. John Hartz at 03:45 AM on 25 March, 2012
    Whatever the hacker's motive, the net result will be to make the all-volunteer SkS athor team even more commited to its mission.
37. Daniel J. Andrews at 03:48 AM on 25 March, 2012
    Password changed just fine. Thanks. I'm not worried about spam as that's my throwaway email address.
    
    Good on Anthony for his refusal to host the stolen material. That's two complimentary things I've heard about him today from sites that have challenged some of his posts in the past.
38. Dan at 04:03 AM on 25 March, 2012
    Oh, good. I miss all the hate mail I used to get when Tim ball unsuccessfully sued me and my University for a million denier dollars. dan.johnson@Leth.ca
39. Rob Honeycutt at 04:13 AM on 25 March, 2012
    I'm sure there are people pouring over the comments looking for the information that links SkS to Maurice Strong, the Rothchild's, Al Gore and other sources of massive funding. They're going to be sorely disappointed.
40. muoncounter at 04:14 AM on 25 March, 2012
    'Breaching a security hole' is a delightful euphemism. Let's insist it be called what it is: This is theft, a crime in most places. Anyone receiving these stolen goods is just as criminal.
41. arch stanton at 05:22 AM on 25 March, 2012
    Well, wasn’t that ethical of them.
    
    John and the rest of you here – after you are done feeling outraged, disgusted, violated and inconvenienced - you should take it as a complement IMO.
42. monkeyorchid at 05:52 AM on 25 March, 2012
    Might be a good idea to send out an email to all members with a heading other than "skeptical science posts", as I tend to regard these emails as non-urgent, to be checked at leisure. It'd be good to send a message with a heading like "Skeptical science user details hacked" so that you catch everyone's attention quickly!
    
    I certainly won't be backing off, and very much doubt that anyone else will be either. I'm impressed by the display of integrity by Anthony Watts ... I only hope that perhaps he'll start to see just how low his "side" have sunk, and that perhaps he considers his position on other matters with similar care.
43. dana1981 at 06:23 AM on 25 March, 2012
    arch stanton @41 - I personally view it as a compliment that the hacker felt SkS was important and influential enough to be worth hacking!
44. dana1981 at 06:24 AM on 25 March, 2012
    I also feel bad that this event has overshadowed Peter Hadfield's excellent Monckton debate video. Please everyone, don't forget about that post!
45. John Russell at 06:26 AM on 25 March, 2012
    Password changed successfully.
    
    I do hope the denial crowd spend hours and hours trawling through every comment on SkS. You never know they might learn something!
46. joabbess at 06:34 AM on 25 March, 2012
    I am annoyed, but sadly not very surprised, that Skeptical Science has been hacked. The better you are, the higher profile target you become for those who disrespect climate change science, it seems.
    
    It continues to appall me that somebody with such excellent information technology skills should use them for such a worthless and destructive activity. It appears that sabotage is the last resort of those who are losing the academic argument, or who have the most to lose from the policy decided on the basis of climate change science, because of their stocks and share holdings in mining and energy.
47. chris at 06:35 AM on 25 March, 2012
    My Profile won't let change my password. It says:
    ----------------------------
    Profile Update Error
    
    Your update wasn't completed because one or more errors occurred. Please resubmit after making the following changes:
    
    That username has already been taken
    ----------------------------
    
    any suggestions?
48. joabbess at 06:39 AM on 25 March, 2012
    @chris #47
    
    This worked for me. Maybe it can work for you too ?
    
    I used the "Forgot Password" option, and then got an email with the password in, and was able to login and then change my password via the Update Profile form :-
    
    http://www.skepticalscience.com/profile.php?a=updateprofileform
    
    You might want to refresh your browser cache before trying any of this.
49. Albatross at 07:29 AM on 25 March, 2012
    Without naming names, the two guilty parties thus far who have (without pause) posted links to people's personal and private information that was obtained illegally by hacking, appear to be representative of a larger group of "skeptic" blogs and groups who have an agenda against climate scientists and science in general.
    
    It is unfortunate that some "skeptics", seemingly unable to make substantiated and scientifically based counter argument to the theory of AGW, are forced to engage and endorse criminal behaviour. To me these desperate and extreme efforts underscore the vacuity of their arguments and that this is absolutely no longer about the science (or scientific integrity) for most "skeptics" and those who deny the theory of AGW, but rather them pursuing an ideologically-driven agenda. Some might go so far as to say that the hacking of CRU and now SkS is tacit admission by the "skeptics" and those in denial about AGW are losing.
    
    Continually refuting the constant barrage of misinformation and deception from "skeptics" is tiresome (bit necessary) and it takes much more time and effort to refute a myth than "skeptics" spend fabricating them. The sheer volume of misinformation that is being disseminated by "skeptics" and contrarians is one of the reasons that SkS needs a team of volunteers.
    
    I have no doubt that this latest hack will only strengthen the resolve of John Cook and his team to continue standing up for the science and the pursuit of truth.
    
    Thanks everyone here for their kind words and support, and thanks to Anthony Watts for taking the high road.
50. MattJ at 07:29 AM on 25 March, 2012
    I am glad John announced this, and a little curious just what "persona details" the hackers think they can get. As others have already speculated, emails have some value (they can be resold to spammers). But I am little more concerned if those "personal details" include passwords. Hackers could then use that to try to see if any users have used the same password somewhere else, for their login to a site with more interesting, e.g. financial data.
    
    Or it could be just an attack on the site for its position on AGW, which has made a lot of powerful enemies out of certain unscrupulous organizations and people.
    
    As for its being on a Russian site, there are two things we must not forget about today's post-Soviet Russia: 1) entire generations have been brought up to admire not civic leaders, not politicians, do-gooders or capitalists, but the Mafia and the Mafia-like structure of the KGB 2) there really are huge criminal networks of hackers taking advantage of loose law enforcement in Russia to run their hacking from there. This hacking is not the casual hacking of bored teenagers, it is very focused on criminal intents.
    
    Like Sphaerica says, we should change passwords and retire the one used on this site.

1  2  3  Next

You need to be logged in to post a comment. Login via the left margin or if you're new, register here.