A member who has not participated in a while contacted me and explained that he was told that Owners can read Member and Forum Participants PM and Emails.

THAT IS NOT TRUE. WE CAN NOT ACCESS YOUR PM, Email or Password.

I hope the aforementioned member will tell me who started that nasty rumor as I requested.

To help further squash doubts...Here's the password hash the server uses for MY account for MY current password "804b61d6905026d0420d9d8013814dec"

Go ahead, try and get my password from that :)

Is it drunkcat ?:)

That may have to be my next one :)

Reading someones E mail requires hacking into their system from a remote location or actually having physical control of their machine

Trying to break the forum password encryption is pointless. Anyone with admin access can get around a users password in less than a minute. Down side is that the user will normally know it happened and once done, is not reversible.

Reading someones Personal/Private Messages on a board that uses PhP (Vbulletin uses PhP) takes less than 30 seconds for anyone with admin access to the control panel. Every Personal/Private Message you send is stored in the Forum Personal Message Data base and remains there until the data base is purged or deleted.

There is no such thing as a Private Message on the internet.

Edited to add that NO I did not start the rumor.

Interesting, I am running that info past a "Communications" officer of our security and intelligence services for his take on the situation, he hacks for a living.

Personally if anyone can find my password please tell me what it is because I have long forgotten it. :)

Let me put it to you this way Al.
You aren't allowed near the Admin panel.

"Edited to add that NO I did not start the rumor."
Sure looks like your trying to validate the rumor.

1)I have too much respect for any registered user to violate their privacy.
2) I'm not a hacker, my original statement is true.
3)I will put a guarantee in the guidelines that we will not read Private Messages (even if I become a hacker and could). If we violate that guideline, the affected registered user can take legal action.

Thanks for posting and welcome to BPN!

Interesting, I am running that info past a "Communications" officer of our security and intelligence services for his take on the situation, he hacks for a living.

Personally if anyone can find my password please tell me what it is because I have long forgotten it. :)


Sorry,
Another thing we can't do is access your Password. We can re-assign a temporary password for you if necessary.
Once you log on, change it to a password of your choice through the User CP.

James

Thanks for clarifying all of this Mr. Shadle.

I can have the system send you a link that will reset the password if you click on the link and a new one will be automatically sent to you. We don't see what it is and the software handles it all. If you dont' click on the link, nothing happens and the link expires.


Interesting, I am running that info past a "Communications" officer of our security and intelligence services for his take on the situation, he hacks for a living.

Personally if anyone can find my password please tell me what it is because I have long forgotten it. :)

I can have the system send you a link that will reset the password if you click on the link and a new one will be automatically sent to you. We don't see what it is and the software handles it all. If you dont' click on the link, nothing happens and the link expires.

Chris,
Thanks for setting the record straight.

James I was joking about my password, I have all my passwords neatly stored in a folder called PASSWORDS, old age does that to you.

If I find out anything interested from my friendly "Spook" I will not post it but send it to you via PM.

This is quite a storm in a tea cup or as we Aussies call it simple "#@%t stirring" I would not worry too much about it.

Shoot more worry less. :)

While technically, anything anyone puts online is probably vulnerable, the business of this site is pretty clear: have fun and learn with photography. There really shouldn't be anything in PMs that should be all that interesting to a hacker. I know the ones I've received and sent are not, and many I encouraged the sender to put it in the forums. There has been a lot of accusations going around. I have received emails from an individual making a lot of claims and clearly has an axe to grind about BPN. The best thing to do with people like these is ignore them. I left other forums, especially unmoderated rec.photo* because the trolls and people who want to trash everything infected in too many discussions. BPN has been a great place for discussions, and photography in general.

Ignore the trolls, and don't send any message you wouldn't want all to see, then one has nothing to fear.

I wonder on the lighter side, how many BPN members have a password of: birds, or birdphotography?

Roger

I wonder on the lighter side, how many BPN members have a password of: birds, or birdphotography?

Bloody **** Roger, how did you find out my password so easily, I am going to change it to BPN, work that one out! :)

There is no such thing as a Private Message on the internet. Edited to add that NO I did not start the rumor.

Al, Considering that this was your first post we were smart enough to figure out that you did not start the rumor...

This is the message on the Password Recovery page: "If you have forgotten your username or password, you can request to have your username emailed to you and to reset your password. When you fill in your registered email address, you will be sent instructions on how to reset your password."

The reason that we don't send out emails with passwords is because we CANNOT. A hashed password can NEVER be recovered. It's impossible. We're not talking about standard encryption. We're talking about MD5 or SHA1 hashing with a Salt Key.

I develop web and software applications for a living and have worked with encryption and hashing for many years.

Oh and by the way, I'd better not catch as much as a Ping from your buddy ;)

"Edited to add that NO I did not start the rumor."
Sure looks like your trying to validate the rumor.


James,

Greetings. This is remarkably unfair to Al. He only speaks of first principles of the web. The initiator of this "rumor" need only assume that Owners have admin access, which is fairly easy to assume.

It reminds me of a story of when Carly Fiorina was CEO of HP (she's a candidate for Senator here in CA). She was embarrassed that some of her phone mail was published on the internet where she said some unkind words. She discovered that since phone mail was stored digitally, of course, there were backups. Probably many backups. At both the originator location of the phone mail and the receiver location of the phone mail. Anyone with admin permissions in either place could access those backups (there were many so she never found out who). The moral of this story is don't say (in phone mail) or write things (in any form on the web) that you really don't want to see the light of day, cuz there is certainly the opportunity for that to happen.

Making a statement that you won't is good, but you can't change the technical fact that you could.

Cheers,

-Michael-

James,

Greetings. This is remarkably unfair to Al. He only speaks of first principles of the web. The initiator of this "rumor" need only assume that Owners have admin access, which is fairly easy to assume.
-Michael-
I also believe that James is not being fair at all to Al, there is nothing wrong with knowing a little about how these PM system works, especially in my case, since I am not PhP literate. :(

Any ways, if I would feel that if my PM's are being read by some Mod. then I wouldn't bother sending them, there is nothing ''sick'' in them so I'll keep sending them when I need it. :D

James,

Greetings. This is remarkably unfair to Al. He only speaks of first principles of the web. The initiator of this "rumor" need only assume that Owners have admin access, which is fairly easy to assume.

It reminds me of a story of when Carly Fiorina was CEO of HP (she's a candidate for Senator here in CA). She was embarrassed that some of her phone mail was published on the internet where she said some unkind words. She discovered that since phone mail was stored digitally, of course, there were backups. Probably many backups. At both the originator location of the phone mail and the receiver location of the phone mail. Anyone with admin permissions in either place could access those backups (there were many so she never found out who). The moral of this story is don't say (in phone mail) or write things (in any form on the web) that you really don't want to see the light of day, cuz there is certainly the opportunity for that to happen.

Making a statement that you won't is good, but you can't change the technical fact that you could.

Cheers,

-Michael-

Michael,
Had that not been his one and only post on BPN I would have thought differently.
Thanks James

This only my observation/opinion so you can take it with the proverbial grain of salt. It is not meant to offend or otherwise get anyone's knickers in a wad.


I have been a moderator and administrator of several UBB/php forums since 1995.
I've seen just about every thing that can pop up in internet forums-- some good -- some bad and one of the most common is someone accsuing the administrators of the board of reading pms,editing members posts etc.

Usually this issue pops up when a forum has recently had some sort of schism or has developed highly polarized segments of the forum community that are intent on pushing the boundaries of the forum rules etc.

99% of the time, these rumors are caused by sour grapes from former members or someone that has had their feelings hurt and feels tghey have been treated unfairly.

While the administrators control panel in these types of forums has several features that can be abused (has nothing to do with reading hex code, hacking passwords or anything that arcane)

it boils down to you either believe the folks running a forum or you don't.

If you don't then its time to move on--

I would find it hard to believe that someone would risk their reputation and perhaps their ability to earn a living in the field in a very high profile international photography forum, such as this one, just to read a PM etc.

This would be doubly so considering this forum uses real names and not "web handles".

If the person has any proof that such actions are happening, then they need to grow a backbone and present it to the forum members so members can make an informed decision -- otherwise, it should be exposed as an unsubstantiated rumor and dismissed.

This only my observation/opinion so you can take it with the proverbial grain of salt. It is not meant to offend or otherwise get anyone's knickers in a wad.


I have been a moderator and administrator of several UBB/php forums since 1995.
I've seen just about every thing that can pop up in internet forums-- some good -- some bad and one of the most common is someone accsuing the administrators of the board of reading pms,editing members posts etc.

Usually this issue pops up when a forum has recently had some sort of schism or has developed highly polarized segments of the forum community that are intent on pushing the boundaries of the forum rules etc.

99% of the time, these rumors are caused by sour grapes from former members or someone that has had their feelings hurt and feels tghey have been treated unfairly.

While the administrators control panel in these types of forums has several features that can be abused (has nothing to do with reading hex code, hacking passwords or anything that arcane)

it boils down to you either believe the folks running a forum or you don't.

If you don't then its time to move on--

I would find it hard to believe that someone would risk their reputation and perhaps their ability to earn a living in the field in a very high profile international photography forum, such as this one, just to read a PM etc.

This would be doubly so considering this forum uses real names and not "web handles".

If the person has any proof that such actions are happening, then they need to grow a backbone and present it to the forum members so members can make an informed decision -- otherwise, it should be exposed as an unsubstantiated rumor and dismissed.


Bravo!!! You nailed it.

You don't have to use PMs if you don't want to. Each person has the ability to disable private messaging in their settings.

http://www.birdphotographers.net/forums/usercp.php and it's under general settings.

Correct me if I am wrong, but it would seem that the only folks worried about this matter would be folks trying to spread either their bitterness and hatred or rumors or untruths. I long ago disabled PMs because they are to cumbersome for me. I use e-mail instead. And yes, a good hacker can read all of them if they have nothing better to do.

Correct me if I am wrong, but it would seem that the only folks worried about this matter would be folks trying to spread either their bitterness and hatred or rumors or untruths. I long ago disabled PMs because they are to cumbersome for me. I use e-mail instead. And yes, a good hacker can read all of them if they have nothing better to do.

Artie,

Greetings. I reread the OP:


A member who has not participated in a while contacted me and explained that he was told that Owners can read Member and Forum Participants PM and Emails.


And I think what's happened is there are two conversations going on here. One conversation is about Owners can read PM and one conversation is about Owners do read PM (the rumor).

Not to be misunderstood - my comments were about the former, due to permissions associated with Administration of forum software, of course, PM can be read by administrators. (hacking has nothing to do with it)

Actually reading PM is another matter altogether. And I would be pretty ticked off myself if I was accused of doing so, as this would be plainly an insult to the administrator's integrity.

I really haven't seen anything in this thread implying inappropriate behavior of the Owners. (Even Al Woodard's singular message just seems to me to be just nerding off...). ymmv

Cheers,

-Michael-

What in bloody **** would be interesting enough concerning this site for someone-anyone to bother to hack into or use admin privilages to get into PMs. I can't believe some of the crap that floats around.