FurAffinity Bomb-Dropping

[magedragonfire]

I know at least a couple of people on my flist here do work on or have accounts with FA, so I figure this is worth passing on:

Turns out Dragoneer is a beastiality and rape apologist, and Zaush is an alleged multiple rapist, and your private messages are open to all admins who care to read them. There's been a whole saga brewing over the past week, so I hear, but all of the pertinent details are summed up over here with links to screengrabs highlighting all of the above. I'm too disgusted to say much more about it, frankly, but I will say that it's high time the community found another spot for arts.

Comments

[minitsu.livejournal.com]

,.....AAAAAAAAAAAAAAAAAAHHHHHHH I don't even want to click those screenshots because it will probably only make me froth with rage and frothing rage is only good when you can take it out on the guilty party.

[magedragonfire.livejournal.com]

Yeeeeah, it's pretty ragetastic, and not even counting the original stupidity and subsequent backpedalling, the comments from people defending the assholes are just...

Mmrph. Well, this post is a condensed version, too, anyways - it's linked in the post I linked up above. It's a better and more clear write-up, but definitely has triggery sorts of things within.

[palmer-kun.livejournal.com]

Anyone with database access would be able to read PMs or anything else. It's just a simple database lookup.

However, this looks like the site code was designed expressly to go through PMs, which is a different issue altogether.

I would strongly suggest that anyone who is on FA change any passwords that are the same as their FA password.

If the code lets him check PMs... it just as easily could let him check passwords.

I know for a fact this is a simple matter - I've done it myself as a forum admin (as part of tracking down and banning socks).

Unless the forums were using a standard forum package (where the code prevents password snooping from the get go), it's quite likely you're exposed.

[magedragonfire.livejournal.com]

Apparently the foundations of the site were built on rather shaky and insecure ground as is. Hackerfolk have been poking all sorts of holes in it over the past few months, I guess.

Still, I think the security issues here are the least of anyone's worries.

[raptor41887.livejournal.com]

Seriously? I am tired of this shit. I don't even care if it's true. I'm just tired of everyone crying OMG CONSPIRACY.

[magedragonfire.livejournal.com]

I've not heard any cries of conspiracies, personally. All I know is that the above information has been verified, and besides that, Dragoneer has been digging himself even deeper in comments made about the issue.