Open Discussions about the VoyeurWeb.com site
By katmandu
#3475
I got this from Katherine today:

"I am very sorry for the delay in responding to you but we have been
working our butts off to return VW back to you.

The site will be up within the week. . Please send me the original
email that you signed up to VW with, your username
and password so I can plug you into our new database. Once you go back
on line, you will have the option to change your password.

Just hang in there for a short while longer, if you can. An OUT OF
THIS WORLD Voyeurweb is coming back.

Looking forward to seeing you in the Voyeurweb Community again real soon."

What the heck you don't have this info? This looks fishy to me to give out my login and password information. What about my redclouds and home clips login and passwords, did you lose those too?
User avatar
By Jammer
#3492
I received the same email yesterday, and I posted this similar concern in the 'Memo to Katherine Lucas' thread...
Jammer wrote:Katherine

I recently received an email from you (supposedly) in response to the an email that was sent back on June 9th. I sent the original email because of a request that I saw on the VW page somewhere asking people to email you to find out what was going on. This, if I am not mistaken was before this BB was started. The reply I received appeared to be a form letter, and after apologizing for the delay in responding it asked me to supply you with my username and my password. This is where I get a little concerned. Was this email from you? I'm thinking that with everything that has been happening, this could be a trick to get me to reveal my password to someone for some devious purpose. After all, why would you, or VW for that matter, need my username and password? You already have them, do you not? If it's a matter of reassigning passwords to prevent unauthorized use, why wouldn't you simply send a message to the registered email all of your registered users as if they had forgotten their password. Perhaps with a link to a page that would let them select a new password. That would seem a much easier way of dealing with this then asking for individuals to send separate emails. So I'm thinking this is somehow a scam of some sorts and I wanted to make you, and other users aware of it. That is of course, unless this email was from you legitimately. In which case, I'd like to know why you would need that information...
...it is as yet, unanswered by Katherine or any one from VW.
By chancelot
#3529
rugrollers wrote:Bump.

I have not gotten this email, but it is certainly a valid and urgent concern that Admin/Katherine should address.
And the fact that VW (who is promising to come back soon ... VERY soon, It's ALMOST time now) is using a gmail address isn't an urgent concern?

For heaven's SAKE people, VW doesn't even have control over their own mail servers yet. If they did, "Katherine" wouldn't be using an @gmail addy and your emails would be coming in from @voyeurweb.com
By chancelot
#3531
katmandu wrote:I got this from Katherine today:

"I am very sorry for the delay in responding to you but we have been
working our butts off to return VW back to you.

The site will be up within the week. . Please send me the original
email that you signed up to VW with, your username
and password so I can plug you into our new database. Once you go back
on line, you will have the option to change your password.

Just hang in there for a short while longer, if you can. An OUT OF
THIS WORLD Voyeurweb is coming back.

Looking forward to seeing you in the Voyeurweb Community again real soon."

What the heck you don't have this info? This looks fishy to me to give out my login and password information. What about my redclouds and home clips login and passwords, did you lose those too?
Did it come from @voyeurweb, or @gmail?

If it came from gmail, well ANYBODY could have created that account.
By nicewithice
#3537
chancelot wrote:
rugrollers wrote:Bump.
If they did, "Katherine" wouldn't be using an @gmail addy and your emails would be coming in from @voyeurweb.com
I exactly thought the same yesterday, why using a gmail address ?
By skyteam
#3555
Looks like the same if voyeurweb.com is lost, somebody may have hijacked it and blackmailed the "real" Igor... So, @voyeurweb.com or @gmail.com is the same for me..

The only 2 questions are : 1/ when all the sites will come back (redclouds, homeclips and so)... 2/ will our nickname, login and password remain the same ?

More and amore people are now on VC... So, for me, VW is dead ! RIP...
User avatar
By Jammer
#3570
EllieRidgid wrote:Really, I just gave them my user names and passwords to all of the stuff.

Are you kidding me?

Now what happens?

This site seems more and more unsecure by the minute,

damnitalltohell.
I don't think you really have anything to worry about. I'm pretty sure not that email is from Katherine. When I got mine, I wasn't...I actually thought it was some sort of scam. But since both I and Katmandu have posted questions about it in different places and since Katherine has had more than ample time to reply to us, I feel it was legitimately from her. If it wasn't, I'm sure she would be all over it with denials and urging us not to reply to it...and possible theories of it being part of the VC conspiracy. To be honest, that's what my initial fears were. But since she hasn't responded to either post I'm assuming that she has chosen not to...and the only reason I can see for that is that she has not got a reasonable answer for needing the information she has requested. Perhaps you could help us all out and let us know if you receive any further correspondence from VW on this matter.
By zardoz1962
#3580
If you can supply your email (with header) to someone knowledgeable check if it was sent directly to you or through the PM system. That would help us know if it came from a copied user list or what.

I can't say without seeing the email, but I'm willing to bet it is not from VW or from VC. More likely it is from a email phisher who happens to be a VW viewer and is hoping that you use the same account and password for your VW account and your credit cards or bank account.

If you do, I would change them. If you do not, I would not worry.
User avatar
By Jammer
#3586
zardoz1962 wrote:If you can supply your email (with header) to someone knowledgeable check if it was sent directly to you or through the PM system. That would help us know if it came from a copied user list or what.

I can't say without seeing the email, but I'm willing to bet it is not from VW or from VC. More likely it is from a email phisher who happens to be a VW viewer and is hoping that you use the same account and password for your VW account and your credit cards or bank account.

If you do, I would change them. If you do not, I would not worry.
If it was not from Katherine or VW, then why have they not responded to the posts? You would think that they would reply quickly to this if the email was not sent by them. Katherine had responded to three other posts in that thread, including one of mine and hasn't addressed this.

And what's wrong with using the same password for everything I do? It's much easier to remember "1111" then it is to have multiple passwords with upper and lower case and numbers all mixed in. By using the same password, if I ever forget it, I can just look at the back of my debit card...I always write it down there in big black letters so it's easy to read without my glasses... :lol:
User avatar
By rugrollers
#3651
EllieRidgid wrote:The email addy header was found to be from DarknLadyJedi.

Not sure how to proceed further.

I have had problems with them in the past.

VW should really look into this guy, he has been playing both sides all along.
I think that's the first thing I have literally laughed out loud at so far. Thank you, Ellie!

Do please change all your passwords, though. I'm still very unclear on this whole business of KL emails asking for passwords.
By VWPublicRelations
#3670
rugrollers wrote:
EllieRidgid wrote:The email addy header was found to be from DarknLadyJedi.

Not sure how to proceed further.

I have had problems with them in the past.

VW should really look into this guy, he has been playing both sides all along.
I think that's the first thing I have literally laughed out loud at so far. Thank you, Ellie!

Do please change all your passwords, though. I'm still very unclear on this whole business of KL emails asking for passwords.
What! Of course, anyone who signs onto the passwords will have their password stored with VW and limited people will have to have access to it. I do not understand how this is being portrayed as something potentially sinister. Golly!
By VWPublicRelations
#3671
EllieRidgid wrote:Really, I just gave them my user names and passwords to all of the stuff.

Are you kidding me?

Now what happens?

This site seems more and more unsecure by the minute,

damnitalltohell.
What is insecure about giving the company that you are registered with your password. Somebody has to have some access to it, so that your identity can be verified, and if you lose it, it can be reset. This is absurd that giving username and password is being perceived as some security breach? Just please explain to me how it is a security breach
By zardoz1962
#3676
Again Katherine, you are just showing how little you know about the internet. OK, you are in PR and aren't supposed to know, but you really should run things by the people who do.

There are so many ways to spoof emails that no reputable company will EVER ask its users to email them their passwords. Seriously, how many emails a day do each of us get asking us to supply emails for credit cards, bank accounts, pay pal, amazon, Ebay, etc., etc., etc. How many of them actually come from those companies? Zero, right? How many of them send you routine emails saying they will never under any circumstance ask you to divulge password information? Don't you think that means something?

The "please send me your account and password" email has got to be the 2nd most popular scam, right after the Nigerian who wants to give me 41.7 million dollars.

This sends all your passwords in clear text. A copy of your of your password now sits in your outbox waiting for your email to be compromised. A copy now sits in the inbox of VW waiting for their email to be compromised. A copy was sent in clear text over the internet where there are 100 ways a nefarious person can intercept it. A copy was send over the wireless networks at both your end and mine. There are a dozen ways to write an email so it looks like it comes from VW but doesn't and a dozen ways to make it look like you are replying to VW but aren't. Sure you are not afraid of someone breaking into your VW account, but how many people foolishly use the same password and account name for VW and their bank account or credit card. I'll bet if you run a random 100 username/password combinations through the login pages to Citi Cards, Capitol One, Chase, and Bank of America, you will get at least one hit.

Most users are far to naive or inexperienced to recognize all the scams so you will find tens of thousands of websites advise pages telling users never to do what you have just asked them to do. No person should ever, under any circumstance email passwords like this. Passwords which are emailed (like temporary reset passwords) should be reset immediately and any professional website will force that.

Asking users to email their account names and password is a great big flashing red capitol letters sign reading "I DO NOT KNOW WHAT I AM DOING!" Go find yourself a professional programmer, preferably one with an emphasis in security, and he will not only give you a much better explanation of why this is a major no-no, along with examples from his own inbox, he will show you a dozen better and more secure ways to have accomplished the exact same thing.

Most probably he would suggest he would suggest you email each user an email with a passkey and a second email with a temporary password. The user enters the passkey and password into a webpage, which you can verify since you know to whom you mailed each. They can then validate a new (or old) account name and create a new password. All of this should be done using https, not http.

After that he will tell you that you should never under any circumstances store the passwords locally. In fact, if he is any good he will write your login and account system such that VW will never actually know the users password (easy to do by storing them as hashes, one-way encryptions, etc.). Any website programming book, even a basic one, will tell you never to store plaintext passwords.

Yes, complicated, but anyone who does not approach security seriously on the internet nowdays if foolish at best. This lackadaisical attitude toward basic, routine, well-accepted security practices makes me very, very concerned for the security of my account, my CC info, and my images I place on your server.
By Rigan
#3695
VWPublicRelations wrote:
EllieRidgid wrote:Really, I just gave them my user names and passwords to all of the stuff.

Are you kidding me?

Now what happens?

This site seems more and more unsecure by the minute,

damnitalltohell.
What is insecure about giving the company that you are registered with your password. Somebody has to have some access to it, so that your identity can be verified, and if you lose it, it can be reset. This is absurd that giving username and password is being perceived as some security breach? Just please explain to me how it is a security breach
The simple answer is another question. Would you give the pin number to your bank card to someone asking for it in an e-mail, even if it was the bank? Of course you wouldn't because although that information is somewhere in the system, it is not for public consumption. The info is there for the right person to find but their security level is very high and only a fool sends personal information in e-mails.
By wespen
#3701
I am slowly not trusting Katherine Lucas - who are you? are you really a woman?
Show us your tits and build up some trust here!!!
By zardoz1962
#3723
Bffi50 wrote:We are not stupid enough to give you usernames and passwords on an easily hacked Gmail account
I forgot that one. There have been many attempts to hack GMail, most famously one by the Chinese government to (successfully) compromise GMail accounts of Chinese dissidents (and don't think that means only governments can do this - China actually outsources this activity for better deniability). Even if you do everything right - never send passwords, store hashes, transmit on https, etc. with enough computer power anything is doable. There have been multiple cases of trojan viruses being used to link huge numbers of PCs to effectively make one of the most powerful computers on earth which can then be used to crack security of even the most hardened site.

I would not call GMail "easily hacked". Given most people's knowledge of internet security (this thread being an excellent case in point), GMail is probably far harder to hack than your average company server. It is such a big, obvious target though that it probably receives more attempts than any other email servers on earth. So I will agree there, the "never email passwords" goes double or triple for the big public email services.

Everything is hackable; the only question is how much resources will it take to do it. Like any thief, scammers will go for the low-hanging fruit. Your best defense is to make it hard enough to get that they decide to go on to an easier target.
By FAQ
#3725
VWPublicRelations wrote: What is insecure about giving the company that you are registered with your password. Somebody has to have some access to it, so that your identity can be verified, and if you lose it, it can be reset. This is absurd that giving username and password is being perceived as some security breach? Just please explain to me how it is a security breach
re-read zardoz1962 's post. Read it again. Have someone explain it to you. Go ask someone else to explain it again. Come back and read zardoz1962 's post to begin to understand why your request for passwords was unwise at best.

I do not know how many foolish people emailed their password to you, but they should change it as soon as possible, and if they do use that password at any other website, they need to start changing passwords there as well. You should be emailing them back, advising them of the same, and please do not just hit reply without deleting the previous emails in the string.

PR folks must get the same computer training as those HR folks requesting potential employees to hand over their Facebook passwords, i.e., none.
By yerdsyerds
#3772
Yes, Katherine - voyeurweb may have the user database, but the passwords are stored encrypted. Nobody at voyeurweb does, OR SHOULD ever know any of the users passwords... Bad practice so many different ways. And as stated in other posts, sending an unencrypted email with your password in it is just plain stupid, there is no other way to put it...
By Rigan
#3777
Hmm! Not sure what happened to my earlier post on the subject, maybe I was a little too critical for the VW censors - a little bit of a shock in itself!

My point is that asking for passwords is not sensible as its getting people's backs up! As far as I'm concerned its like giving out the pin number to my credit card to someone who e-mails me from my bank. Those who say the info is in the system are correct and if there are concerns about security from those behind the new VW then all they have to do is ensure that the first time anyone logs into the new Redclouds they are asked to change passwords. This isn't difficult to do and a setting can be made on the database for everyone. There is no need to ask for passwords!
By zardoz1962
#3830
Or to put it another way...

You just had your server contents stolen. Can you prevent that from happening again? No, not really. Too many people HAVE to have access in order to do their job and stealing bits is impossible to stop. Let alone all the operating system security flaws that may allow outside people access. Several times a year, flaws are found which compromise the logins or security of Windows, Linux, or MySQL. The only security is not to have the data in the first place.



If anyone cares, a hash is a simple calculation, easy to do forward but frightfully difficult to do backwards. Given a password, the hash can be calculated in a fraction of a second. Given a hash, the password can be calculated in several million years. Save the hash and VW never needs your password. They just check to see that it calculates the same hash every time.

Some people have been worried that VC has the old user database but this is why it does not matter. They only have account names and hashs. Every website uses a slightly different hash algorithm and so even if you used the exact same account name and password on every one of them, each has a different hash and knowing one sites hash does nothing to help you break into any of the other sites.
By Leadfingers
#3835
zardoz1962 wrote:Again Katherine, ...This lackadaisical attitude toward basic, routine, well-accepted security practices makes me very, very concerned for the security of my account, my CC info, and my images I place on your server.

What he said.
User avatar
By rugrollers
#3845
Bffi50 wrote:We are not stupid enough to give you usurnames and passwords on an easily hacked Gmail account
They are still asking for them, and of course most people are stupid enough -- actually, uninformed enough -- to comply.

How do we get them to stop doing this? How do we trust the site security if they don't? Do they pay no attention to the the BB? Am I not understanding something? Is there some reason they have to ask us for this over email?

One minute I'm hopeful, the next minute....

Aaarrrggghhh!

(Sorry, I'm emoticon-challenged)
By VWPublicRelations
#3869
Rigan wrote:Hmm! Not sure what happened to my earlier post on the subject, maybe I was a little too critical for the VW censors - a little bit of a shock in itself!

My point is that asking for passwords is not sensible as its getting people's backs up! As far as I'm concerned its like giving out the pin number to my credit card to someone who e-mails me from my bank. Those who say the info is in the system are correct and if there are concerns about security from those behind the new VW then all they have to do is ensure that the first time anyone logs into the new Redclouds they are asked to change passwords. This isn't difficult to do and a setting can be made on the database for everyone. There is no need to ask for passwords!
1. How else can we find you and verify your status with us without the username and passwords?

2. These usernames and passwords once identify you will be changed immediately. What is the big deal about that?

3. The username and password stealing was an inside job-- not an outside job-- someone who had access to the username and password database. Someone will always have to have access to this database even within the new VW Management. There will be more than one person, and a rotating schedule now as to who can access the database but nevertheless, at any point in time, there will always have to be at least one person with access to this info.

4. Your username and passwords are being asked to verify your status w/ RC, HC and Funbags-- once we find you, we will be sending you new username and you can create your own new password- MY GOD- WHAT IS WRONG WITH THAT??????????????????
By VWPublicRelations
#3870
Rigan wrote:
VWPublicRelations wrote:
EllieRidgid wrote:Really, I just gave them my user names and passwords to all of the stuff.

Are you kidding me?

Now what happens?

This site seems more and more unsecure by the minute,

damnitalltohell.
What is insecure about giving the company that you are registered with your password. Somebody has to have some access to it, so that your identity can be verified, and if you lose it, it can be reset. This is absurd that giving username and password is being perceived as some security breach? Just please explain to me how it is a security breach
The simple answer is another question. Would you give the pin number to your bank card to someone asking for it in an e-mail, even if it was the bank? Of course you wouldn't because although that information is somewhere in the system, it is not for public consumption. The info is there for the right person to find but their security level is very high and only a fool sends personal information in e-mails.
JUST MAKES NO SENSE. AS SOON AS WE CAN IDENTIFY YOU, THEN WE WILL ISSUE YOU A NEW USERNAME, AND YOU CAN GO ON AND CREATE A NEW PASSWORD.
By FAQ
#3880
VWPublicRelations wrote:
Rigan wrote:--snip--
There is no need to ask for passwords!
1. How else can we find you and verify your status with us without the username and passwords?

2. These usernames and passwords once identify you will be changed immediately. What is the big deal about that?

3. The username and password stealing was an inside job--snip--

4. Your username and passwords are being asked to verify your status w/ RC, HC and Funbags-- once we find you, we will be sending you new username and you can create your own new password- MY GOD- WHAT IS WRONG WITH THAT??????????????????
You still do not get it. You NEVER give anyone your password. There is simply no need to do so. Your techs can set up a simple script to have members login with their username/passwords to verify their account. The members NEVER need to email their password to anyone.

You admit you are not tech savvy. Stop trying to defend an indefensible technical position.

There are simple internet security rules: NEVER give out your password is number one. Never reply to spam requesting they stop sending you spam. Never open a file from someone you do not know, and did not expect to be receiving a file. Never click on a link in an email requesting you verify your information and account numbers. If you ignore these simple rules, you might as well send a cashier check to that Nigerian prince who will gladly give you a portion of their wealth.

STOP TELLING PEOPLE TO EMAIL YOU THEIR PASSWORDS!

Have someone else at RC/HC/FB be put in charge of verifying accounts. Stick with PR and party planning.
By DarknLadyJedi
#3899
VWPublicRelations wrote:1. How else can we find you and verify your status with us without the username and passwords?
You should have a database with usernames and encrypted passwords, along with an email contact for resetting lost passwords. Simply send out the mass emails telling everyone they need to reset their passwords.
VWPublicRelations wrote:2. These usernames and passwords once identify you will be changed immediately. What is the big deal about that?
The big deal is that even if they are changed at VW many people use the same passwords at many sites.
VWPublicRelations wrote:3. The username and password stealing was an inside job-- not an outside job-- someone who had access to the username and password database. Someone will always have to have access to this database even within the new VW Management. There will be more than one person, and a rotating schedule now as to who can access the database but nevertheless, at any point in time, there will always have to be at least one person with access to this info.
Having access to the encrypted database of passwords is no big deal, having access to the unencrypted passwords is tantamount to storing the credit card information where people can see it. No one should ever have access to users unencrypted passwords.
VWPublicRelations wrote:4. Your username and passwords are being asked to verify your status w/ RC, HC and Funbags-- once we find you, we will be sending you new username and you can create your own new password- MY GOD- WHAT IS WRONG WITH THAT??????????????????
Everything is wrong with that. As has been pointed out by several people, rule #1 NEVER GIVE OUT YOUR PASSWORD. Check any other site you belong to personally, especially anything you pay for. You will find they have a solid policy that says you should never give out your password and that no employee will ever ask you for your password.
By phantomcobra
#3907
Katherine, please send me your username and password to your bank or credit card so I can call them to verify who you are. Be sure to do so over an unencrypted email address that is easily spoofed. Thank you. :lol:
By lmatnme
#3916
If in fact you all have the frozen site, as you stated. Then you have the same account database you competitor had. The other site simply asked people login as usual and instructed us to change our password. Verification that they had the account information comes when your account expiration date is shown upon login. Ours was spot on which told us they had to correct accounts.

Anything short of VW proving to us they have OUR correct information sounds like a fishing scam to us.
By sracer
#3925
Ahhhh - for way too many years the #1 rule is NEVER email your password or username. Rule #2 - be very suspicious of anyone asking for either or both - especially if it's from an email account anyone can setup.

So, we are supposed to ignore basic security rule 1?

If passwords are stored encrypted (as they should be), you still have username and email address associated with the account. Simply do what hundreds of other sites do for lost password and/or username - send a temp password to email address on file for that username. Not sure of username? Same thing - ask for email address on file and have it sent to the one on file.

The problem with doing it that way is the presumption that one still has access to their membership database.

The other issue with "gotta have a new username" is many take pride in their creative name and are known by it. This new "scam" means once you register the new name, the old name will be fair game for anyone else.

Then we have the issue of how do you tie all the old posts to the new usernames. Think about it - something is starting to smell real bad.

If you don't have the membership records/database, just say so.
and so the "games" continue.

My expectation is that when the site returns, my username will be safe, along with payment records so it will be easy to request a new temp password to be sent to my email address on record. If I have to setup a new username that means they have no old records and some important information has been withheld - because it also means they have no record of what my memberships are.

Sunday - should the sites show up, gonna take a slow cautious approach because each time I feel Katherine is being honest and doing her best, something happens to make me wonder about the wisdom of it. The only thing that can be counted on is that 42 is the answer.
By cerebio
#3952
I concur. Asking for passwords is not a correct approach. Please heed the suggestions made by some sensible people in this discussion.
By VWPublicRelations
#7075
phantomcobra wrote:Katherine, please send me your username and password to your bank or credit card so I can call them to verify who you are. Be sure to do so over an unencrypted email address that is easily spoofed. Thank you. :lol:

Sure I can send you several which have been deactivated and mean nothing. Get real!
By VWPublicRelations
#7076
katmandu wrote:I got this from Katherine today:

"I am very sorry for the delay in responding to you but we have been
working our butts off to return VW back to you.

The site will be up within the week. . Please send me the original
email that you signed up to VW with, your username
and password so I can plug you into our new database. Once you go back
on line, you will have the option to change your password.

Just hang in there for a short while longer, if you can. An OUT OF
THIS WORLD Voyeurweb is coming back.

Looking forward to seeing you in the Voyeurweb Community again real soon."



What the heck you don't have this info? This looks fishy to me to give out my login and password information. What about my redclouds and home clips login and passwords, did you lose those too?

Oh please- your old username and pw have been deactivated. They do not even work-- this was for identification and verification purposes only. Go back and check the original email confirmation that you got when you first subscribed to the site-- that has your log on info sent to you in an email! Just whatever!
By larslives
#7167
I sent you my user name and password for redclouds several weeks ago and have still not heard anything back. Have they been entered into the data base??
By VWPublicRelations
#7205
larslives wrote:I sent you my user name and password for redclouds several weeks ago and have still not heard anything back. Have they been entered into the data base??
I am sorry that I missed your email. Would you kindly send me another one to katherinelucas@voyeurweb.com so I can verify. Thank you.
By Leadfingers
#7211
Why are we still sending user credentials back and forth?

Katherine posted an update over a week ago saying that the user database had been "recovered". So why does anyone need to send their credentials anywhere? Why does Katherine continue to claim that people will need to re-register?

This is one of the BIG questions that needs to be addressed clearly. In my opinion.
By DrIsIn
#7215
I sent an email about being a long time member. I did not include any password info. The reply said I was good and would be hearing as soon as things were up. Am I good to go?
By Leadfingers
#7217
Again, Why is VW staff spending time hand-checking user credentials when you claim to have the old database, and there are clearly other areas that that time could be spent on?

/boggle
Monica Said

Monica Lewinsky said she was voting Republican bec[…]

The True African-American

ill educated? an attorney who has charged and jai[…]

nobody worshipped George, except his family. the o[…]

Yes, it is good to assemble money (if done legally[…]

Thank you. We’ve never posted photographs but I’ll[…]

"Kamala Harris is at the center of a new plag[…]

Winter Mailing Address

When winter arrives, Mr Forbes will be receiving p[…]

Seven or eight states give out driver's licenses t[…]