Got this from a club member. No idea of the validity or not.

http://www.cyberwarnews.info/2012/01/28/bmw-motorcycle-owners-of-america-hacked-and-thousands-of-accounts-leaked-by-xdev-b4lc4nh4ck/

Haven't heard of any issues. A few weeks back there was concern about some of the latest vBulletin sites having problems. We're not running the latest version, so we might be somewhat immune. But I'm sure, smarter people behind the scenes know more about what might have or have not been going on. Stay tune!

Might be a good time to change your password. I just did.

I noticed that wildcards are no longer being acknowledged in the search box ("*").

Please read more here: http://www.bmwmoa.org/forum/showthread.php?t=58115

A corresponding discussion thread is here: http://www.bmwmoa.org/forum/showthread.php?t=58114

Haven't heard of any issues. A few weeks back there was concern about some of the latest vBulletin sites having problems. We're not running the latest version, so we might be somewhat immune. But I'm sure, smarter people behind the scenes know more about what might have or have not been going on. Stay tune!

MOA's version of VB is older software, running a version with known security flaws. At the least they need to be up to 3.8.5, right now it's 3.8.2.

And we pay an IT guy full time to watch over this stuff.

So the e-mail I've received from BMWMOA is legit ?????? I'm assuming everyone else received the same e-mail....

So the e-mail I've received from BMWMOA is legit ?????? I'm assuming everyone else received the same e-mail....
Yes, you can check post 5 in this thread.

I recieved a message last night from Brewmiester reporting the hack. I have changed my username and passorwd to what you now see. I am pleased to see that my avatar and other trite commentary has transferred.

Carry on.

I recieved a message last night from Brewmiester reporting the hack. I have changed my username and passorwd to what you now see. I am pleased to see that my avatar and other trite commentary has transferred.

Carry on.

I think you should edit your post and not tell us (the world) what your before and after was... just sayin'

I heard it from LDRider forum. Haven't received a mail from MOA on this. I took necessary precautions.

I wonder why not every member received an e-mail from BMWMOA:confused: Are some of us more important than others :heh

I wonder why not every member received an e-mail from BMWMOA:confused: Are some of us more important than others :heh

I'm quite confident every member was sent an e-mail.

Some users are paranoid and put in bogus addresses.
Some users forgot to update an old address
Some users will have the message end up in their spam filter

If you want me to send you a copy directly send me a pm with your address.

I wonder why not every member received an e-mail from BMWMOA:confused: Are some of us more important than others :heh

I got mine so maybe that means........ :brow Changed my password though but keeping same username. Maybe we get a bit cavalier regarding any public forum (just think of all the stuff thousands of folks put on Facebook). Anyway, hope this all amounts to nothing more than a wake-up call. - Bob

Hey man if they steal my identity will they incur my debts as well?
I can pile some up right quick.
Just askin. ;)

I wonder why not every member received an e-mail from BMWMOA:confused: Are some of us more important than others :heh

I'm quite confident every member was sent an e-mail.

Some users are paranoid and put in bogus addresses.
Some users forgot to update an old address
Some users will have the message end up in their spam filter

If you want me to send you a copy directly send me a pm with your address.And for more members than we want, we don't have an e-mail address on file. Of course, that is NOT true for forum users. To register for the forum, an e-mail address is required. Rob is right, thou, about the above. We hope all forum users find out about the hack and change their password.

tb

The example of listing the spam threads has been deleted at the request of the poster....The request from the MOD Team remains... Thanks.

The Mod team is on it and it isn't going to be fun PLEASE don't re-post threads and send members down the rabbit hole.
Attention if a member sees a suspicious site and it looks like the Moderators are not on it use the Report Post Button.
NEVER click on one of the links in one of these spam posts. They are most likely embedded re-directs.

Hats off to the mods for responding so quickly. I awoke to find the forum was virtually filled with spam, some rather innocuous in content and some inappropriate. Less than 2 hours later it's apparently all gone. I'm sure it took someone or some team of people a fair bit of time to clean this up.

Will this continue, due to the recent hacking?

Hats off to the mods for responding so quickly. I awoke to find the forum was virtually filled with spam, some rather innocuous in content and some inappropriate. Less than 2 hours later it's apparently all gone. I'm sure it took someone or some team of people a fair bit of time to clean this up.

Will this continue, due to the recent hacking?

It will be a tough slog for a bit, me thinks.

While all the issues would be resolved in hours with a forum upgrade there is a very good chance that the interface between the forum and back end of the member management / e-commerce system would break.

I'm willing to wager that someone is doing validation testing on the interface with the latest version of VB but that takes time and money as one needs to set up a test lab discover any issues and then fix them before upgrading the DB.

In the interim I think the fastest way to stop the spam is to turn off the self-registration feature, all new forum logins would have to be validated by a human.

There are people working on this in the last few days the forum has been updated to 3.8.6. I'm confident they'll get this sorted out as quickly as they can. In the mean time kudos to the mods for rapid clean up.

This morning I saw all the spam crap on the forum and logged out. When I went to log in a few hours later, I got an error message that would not allow me to log in.
Submitted the lost password form and tried the new one, same error massage.
Now an hour or so later I can log in with the new password, but am unable to update it.
Is this part of the repair?

Bob, we have been working today to clean up the mess. Can you tell me if you were trying to change your password here, in the forum, or over on the club's main site, under Account Management? Thanks!

There's a lot going on behind the scenes. Yes, just about everyone was "locked out" for a bit. There are some software upgrades going on and stepping through those takes quite a bit of tweaking. We were stable with the forum software for some time but because of the hack into the database last month, the decision was made to move the forum versions along to try and take advantage of new security patches, etc. Being that this is above my understanding of how forums/software works, that's about all that I know.

Hang in there, things will get better!

Bob, we have been working today to clean up the mess. Can you tell me if you were trying to change your password here, in the forum, or over on the club's main site, under Account Management? Thanks!


Darryl,
I was in account management. I just looged on again and was able to change it. Thanks to all of you behind the scenes for the hard work.

I am more than a little incensed at how this is being handled by the organization. I would expect a full responsible accounting of what is going on and not have to go to a forum to find out what other's think is going on.

Very poor management. Is this a cover up?

This is probably the first time I have thought of quitting the Club. Right now I feel as much a member to the BMWOA as I feel being a member of Costco.

I am more than a little incensed at how this is being handled by the organization. I would expect a full responsible accounting of what is going on and not have to go to a forum to find out what other's think is going on.

Forum Liason DarrylRi posted <a href=http://www.bmwmoa.org/forum/showthread.php?t=58115">this thread</a> soon after the intrusion was discovered. This isn't about "what others think is going on," but what BMWMOA thinks is going on. It seems quite reasonable to me.

Very poor management. Is this a cover up?

YMMV. Mine is they're doing pretty well here. I like the distinction between the first thread (what happened) and this one (what everyone thinks)

I am more than a little incensed at how this is being handled by the organization. I would expect a full responsible accounting of what is going on and not have to go to a forum to find out what other's think is going on.

Very poor management. Is this a cover up?

This is probably the first time I have thought of quitting the Club. Right now I feel as much a member to the BMWOA as I feel being a member of Costco.

Good morning,

Cover up? What's to cover?

Here's the issue as I see it.

Background: The MOA runs a membership e-commerce system. These systems are very expensive (think six figures) and take a ton of time to implement. The MOA invested the time and effort to get the member database integrated with a system that allows us to preregister for the rally, join, renew and buy some swag from the Country Store.

That's a HUGE member benefit that in this day and age the average user thinks should perform like a utility, i.e. always be there. I see this with IT at work because people have no idea what it really takes to "keep the lights on." Especially with regards to costs and delivery time.

Along the way we rolled out the forum using V-Bulletin. VB is recognized as one of the gold standards of forum software. It's run by many sites larger than this and some of the chartered clubs also run VB.

The challenge was and still is how do you maintain a member database for the e-commerce and have the same user id and log in work across the forum. The easy way out is to purchase the forum module from the e-commerce vendor but when you compare it to VB it is painfully bad.

The solution involves a custom interface between the two databases. This is not off the shelf stuff and it isn't something that some geek in a closet can do in a day, or perhaps even a week. IIRC the original interface took months.

As an admin of a VB forum I can testify that they offer patches and updates on a frequent basis. They are very quick to provide information and a patch on urgent security issues. They're so good that as a volunteer admin sometimes I have a hard time keeping up. That's because a good admin doesn't just load patches willy-nilly, first the DB is backed up and the patch might even be run on a test system first. The MOA has very good VB Admins, sometimes I go to them for advice on my system.

The elephant in the room is the interface. Every patch and update to either system carries the risk that the interface will need to be re-coded. This is something that's much easier to deal with if it can be planned, tested and validated, vs being built due to a system down issue. Break fixing sucks.

So to sum it up, the MOA admin team is challenged to keep both systems current and the interface working just right; plus you've got 90 days until rally registration opens which is a big hit on the system. Because of the need to test and validate every patch it's completely understandable that they got caught by a hacker, the same thing happened to my board but as it's smaller I just took it off line for five days. Our admins don't have the luxury of being able to do that.

Ultimately what happened is someone got into the VB database and pulled out username, email (in plain text) and passwords (in hash keys). That's all they got.

What the admin team has been able to do is update the forum to the latest update for this version. This should have closed the leak. I'm willing to wager they're working on updating to the most current version which is a huge job, plus the user interface will change. If you want to see what it looks like check out the YB forum. (http://www.yankeebeemers.org/forum/index.php) It is also quite possible that they'll stay with this version as long as VB is supporting it; If I was running the show that would be a strong consideration, especially with rally registration coming up. At the very least I'd get the ball rolling on testing so the upgrade trigger could be pulled on my schedule, not some hackers.

The worst thing that will happen to the users is more spam. If you use gmail, comcast etc chances are you won't even notice, it'll just be more load on their spam boxes. You should watch out for the ones that do get through, they will not be offering to grow your unit, they'll have a link that they want you to click.

These emails could even look like they came from the MOA with instructions to click here to update your personal information.

DO NOT DO THAT. :nono

There has been plenty of discussion on passwords and such, by now you really should have changed your password to something different but most importantly you should change your password on *every* site that you've subscribed to or made a purchase from using the same e-mail address you used here.

The other golden rule is never, ever check the box labeled "save information for later" or "save credit card". While it sounds convenient that's the info the hackers are always after.

So no, no conspiracy, but at the most technical level there is perhaps one or two people on the board and one or at best two people in the office who really understand how this works, the bulk of it is managing the vendors.

I hope this provides some understanding as to what is likely going on in the back room. No conspiracy at all. There's no need for an adversarial attitude either, folks that run services like this care more about performance and up-time than you do so calling them out or talking about cancelling your membership only adds to the acid in the gut. It will not provide any positive motivation for the guys in the trenches.

good morning,

cover up? What's to cover?

Here's the issue as i see it.

Background: The moa runs a membership e-commerce system. These systems are very expensive (think six figures) and take a ton of time to implement. The moa invested the time and effort to get the member database integrated with a system that allows us to preregister for the rally, join, renew and buy some swag from the country store.

That's a huge member benefit that in this day and age the average user thinks should perform like a utility, i.e. Always be there. I see this with it at work because people have no idea what it really takes to "keep the lights on." especially with regards to costs and delivery time.

Along the way we rolled out the forum using v-bulletin. Vb is recognized as one of the gold standards of forum software. It's run by many sites larger than this and some of the chartered clubs also run vb.

The challenge was and still is how do you maintain a member database for the e-commerce and have the same user id and log in work across the forum. The easy way out is to purchase the forum module from the e-commerce vendor but when you compare it to vb it is painfully bad.

The solution involves a custom interface between the two databases. This is not off the shelf stuff and it isn't something that some geek in a closet can do in a day, or perhaps even a week. Iirc the original interface took months.

As an admin of a vb forum i can testify that they offer patches and updates on a frequent basis. They are very quick to provide information and a patch on urgent security issues. They're so good that as a volunteer admin sometimes i have a hard time keeping up. That's because a good admin doesn't just load patches willy-nilly, first the db is backed up and the patch might even be run on a test system first. The moa has very good vb admins, sometimes i go to them for advice on my system.

The elephant in the room is the interface. Every patch and update to either system carries the risk that the interface will need to be re-coded. This is something that's much easier to deal with if it can be planned, tested and validated, vs being built due to a system down issue. Break fixing sucks.

So to sum it up, the moa admin team is challenged to keep both systems current and the interface working just right; plus you've got 90 days until rally registration opens which is a big hit on the system. Because of the need to test and validate every patch it's completely understandable that they got caught by a hacker, the same thing happened to my board but as it's smaller i just took it off line for five days. Our admins don't have the luxury of being able to do that.

Ultimately what happened is someone got into the vb database and pulled out username, email (in plain text) and passwords (in hash keys). That's all they got.

What the admin team has been able to do is update the forum to the latest update for this version. This should have closed the leak. I'm willing to wager they're working on updating to the most current version which is a huge job, plus the user interface will change. If you want to see what it looks like check out the yb forum. (http://www.yankeebeemers.org/forum/index.php) it is also quite possible that they'll stay with this version as long as vb is supporting it; if i was running the show that would be a strong consideration, especially with rally registration coming up. At the very least i'd get the ball rolling on testing so the upgrade trigger could be pulled on my schedule, not some hackers.

The worst thing that will happen to the users is more spam. If you use gmail, comcast etc chances are you won't even notice, it'll just be more load on their spam boxes. You should watch out for the ones that do get through, they will not be offering to grow your unit, they'll have a link that they want you to click.

These emails could even look like they came from the moa with instructions to click here to update your personal information.

Do not do that. :nono

there has been plenty of discussion on passwords and such, by now you really should have changed your password to something different but most importantly you should change your password on *every* site that you've subscribed to or made a purchase from using the same e-mail address you used here.

The other golden rule is never, ever check the box labeled "save information for later" or "save credit card". While it sounds convenient that's the info the hackers are always after.

So no, no conspiracy, but at the most technical level there is perhaps one or two people on the board and one or at best two people in the office who really understand how this works, the bulk of it is managing the vendors.

I hope this provides some understanding as to what is likely going on in the back room. No conspiracy at all. There's no need for an adversarial attitude either, folks that run services like this care more about performance and up-time than you do so calling them out or talking about cancelling your membership only adds to the acid in the gut. It will not provide any positive motivation for the guys in the trenches.

+1

Rather than mud slinging, we should all say a big THANK YOU to Kurt, Darryl, and Gary for working hard all week to contain and clean up the mess. Many on the forum have no idea how much clean up was necessary because these guys were on top of it.

Kudos to them!

Rather than mud slinging, we should all say a big THANK YOU to Kurt, Darryl, and Gary for working hard all week to contain and clean up the mess. Many on the forum have no idea how much clean up was necessary because these guys were on top of it.

Kudos to them!

:bow

Thanks to all involved and thank you Rob for the detail.

+1 in thanks for all the hard work that has gone into dealing with this.

As to mud slinging...one word - PARODY...even around here no one could be that clueless so it must have been a parody the rest of you did not understand.

Right?!? :brad

I would have said something sooner but I was to busy
:rofl

I am not sure if this is related but I thought I would post this in the event that others are seeing similar "probes" after the hacking incident:


I received a text on my cell from a number 92500 telling me that my yahoo account had been modified to remove my cell number. (I never linked a cell number to my yahoo account
There was a mysterious gmail asking me about a cute kitten. This was followed by an e-mail from Rob Nye about spam
I received a call on my cell from 406-530-5319 which I let roll to voice mail. I googled the number and found this thread in a google support forum http://www.google.com/support/forum/p/Places/thread?tid=4c9cd8606f1b4fa7&hl=en


I did not respond to any of these unsolicited messages but I was wondering if other members are seeing similar unusual activity. My goal is to determine if these incidents are related to the hack or if I have another security issue that is brewing.

Thanks,

dick

Dick,

I've only had one little glitch so far, and it was only an attempt by another "user" who tried to log in to my account here with another user name and login/password. Not sure if there was anything else out there as my AVG filter does regular scans and I've not been checking the results of that on a daily basis...though a few days ago it did isolate a number of suspicious files...

Cheers!

I am not sure if this is related but I thought I would post this in the event that others are seeing similar "probes" after the hacking incident:


I received a text on my cell from a number 92500 telling me that my yahoo account had been modified to remove my cell number. (I never linked a cell number to my yahoo account
There was a mysterious gmail asking me about a cute kitten. This was followed by an e-mail from Rob Nye about spam
I received a call on my cell from 406-530-5319 which I let roll to voice mail. I googled the number and found this thread in a google support forum http://www.google.com/support/forum/p/Places/thread?tid=4c9cd8606f1b4fa7&hl=en


I did not respond to any of these unsolicited messages but I was wondering if other members are seeing similar unusual activity. My goal is to determine if these incidents are related to the hack or if I have another security issue that is brewing.

Thanks,

dick

The cute kittens email was a result of the hack, they spoofed one of the addresses to make it look like it came from someone you know.

The text stuff shouldn't be related. Did you have your cell phone number in your MOA account profile (not forum but the rally reg side)?

The rest of this post is for all to consider....


As I mentioned previously this is what folks will need to be on the look out for; bogus emails trying to get you to click a link.


If your anti-virus software is a few years old it's time to upgrade.

I would also like to take a moment to mention that you can get FREE excellent anti-virus software from Microsoft (http://windows.microsoft.com/en-US/windows/products/security-essentials). I figure that if anyone can handle keeping windows clean it's Microsoft. Another huge benefit is it doesn't bog your system down like Norton.

So update your anti-virus software and watch out for suspicious emails, if it looks fishy chances are it is.

not a hint of anything here. But, now that I have said it :whistle - Bob

The cute kittens email was a result of the hack......

thanks for the feedback Rob - I was hoping the second cute kitten e-mail was from you :hug

If your anti-virus software is a few years old it's time to upgrade.

I would also like to take a moment to mention that you can get FREE excellent anti-virus software from Microsoft (http://windows.microsoft.com/en-US/windows/products/security-essentials). I figure that if anyone can handle keeping windows clean it's Microsoft. Another huge benefit is it doesn't bog your system down like Norton.

So update your anti-virus software and watch out for suspicious emails, if it looks fishy chances are it is.

I'm going to add to this. If your anti-virus, anti-malware software is more than a few DAYS out of date, you need to update. Also, I'm going to disagree with Rob a bit: if Microsoft *really* knew how to keep Windows safe, they wouldn't have half the security problems they do. :stick

Microsoft Security Essentials is a good product for the price: free, but it's only available for Windows Vista or 7. According to a number of tests Norton Anti-Virus and Norton Internet Security Suite are toward the very top of independent tests. In my use of a number of different suites, Norton is almost invisible - it has technology that uses idle CPU cycles to do much of it's work. No security product gives 100% protection from all the threats today: viruses, malware, root kits, etc. An "internet security suite" adds a better firewall, dangerous website warnings, email spam detection, and other features to the typical "anti-virus" package.

Yes, you do have to pay for annual subscriptions for all the commercial products, but if you buy on sale, and get the multi-PC packages, you can get many of them for $20/PC/year - sometimes less. Just one nasty breach of your PC will cost you many times the full retail cost of any brand name security product.

Here's a pretty good article on security suites by PC Magazine: http://www.pcmag.com/article2/0,2817,2369749,00.asp. Unfortunately Windows Defender was not included in this test.

Here are their tests of anti-virus packages: http://www.pcmag.com/article2/0,2817,2372364,00.asp

And, an article on how to avoid scams: http://www.pcmag.com/article2/0,2817,2373975,00.asp

Think of a current generation security suite as ATGATT for your computer. :brow

P.S. AVG Anti-Virus Free 2012 has tested very well for malware, rootkits, ans scareware. Key word here: free.

thanks for the feedback Rob - I was hoping the second cute kitten e-mail was from you :hug

It was or the reply all with the tag as spam instructions was the one I sent.

It was or the reply all with the tag as spam instructions was the one I sent.

:ha