News

Hacked? Not quite.

We had a report yesterday that a user's password was reset without their knowledge. While this was the only single issue that we were informed of, we decided to take the website off-air and do some further investigations.

We have since discovered that our process for password resets was open to tampering. If a user's username could be guessed, then their password could be reset. The new password was then sent to the user as normal via email. So if your username was easy to guess, your password could be reset. Your account on the system remained secure - it just had a new password. Annoying!

While we have been offline, we decided to upgrade the security over all passwords in the system as a precautionary measure. We, therefore, have reset all user's passwords to a random value. To gain access to your login, you will need to select the menu item Forgotten Password from the MyWalk menu. An email will be sent to you to confirm the change - simply click on the link in the email and your password will be reset and mailed back to you. At this point you can login to the system and then modify your password to whatever you like by selecting Change Password under the MyWalk menu.

Use sensible, strong passwords - your name, car rego, dogs name are not good choices. Use a mixture of uppercase, lowercase characters, make it long and add some numbers or other characters in. In essence, make it hard to guess.

We have no reason to believe that any data within the system has been stolen or compromised. And note, we do not store yours or your donor's credit card information in our databases. You information is secure. We will be making a few other small changes to the system and these will be mostly invisible to you as users of the site.

Now back to walking!

For our Geek readers - the security for all passwords in the system has been upgraded with SHA512 encryption algorithm designed by the U.S. National Security Agency (NSA) - which is considered among the strongest of encryption coding techniques being used in digital systems (being a member of the SHA-2 Family algorithms). You can read about SHA2 on Wikipedia here if you have 10mins free.

We're getting geared up for the next Melbourne Go the Extra Mile event to be held on May 11, 2013.

We'll be switching tack for this upcoming walk and targetting our efforts on what is a staggering national tragedy - teenage suicide. While our previous efforts have contributed funding toward overseas aid & welfare services, we felt it was time to look at supporting a local issue that is affecting families all across our country.

We've teamed up with the Christian agency, Focus on the Family Australia, to target the growing issue of teen suicide.

Focus have been working with families & their school aged kids providing expert training and evidence based programs for the past decade. They tackle some of the most challenging social issues including binge drinking, drugs, pornography, depression, bullying and teenage sexuality head on.

We're excited that we can provide support to Focus as they strive to make real a difference in the lives of young people and their families.

We look forward to some happy walking for 2013.