Welcome Guest
Log In | Register )
You last visited December 9, 2016, 9:55 pm
All times shown are
Eastern Time (GMT-5:00)

Major Lottery Post security upgrade

Topic closed. 35 replies. Last post 3 years ago by Romancandle.

Page 1 of 3
510
PrintE-mailLink
Todd's avatar - Cylon 2.gif
Chief Bottle Washer
New Jersey
United States
Member #1
May 31, 2000
23274 Posts
Online
Posted: July 23, 2013, 6:40 pm - IP Logged

OK, so today Lottery Post had a big security upgrade. It is something I have literally been working on for months, and today I finally made the cutover to the new security system.

This upgrade was extremely important, in the following respects:

  1. It enforces stricter passwords that are case-sensitive, and for the security-conscious can now be up to 200 characters in length. These types of passwords are great if you use a password manager (for example, LastPass) that generates random passwords for the websites where you maintain accounts. (For the record, everyone should be using a password manager like LastPass.)
  2. I have gotten rid of the ability to send yourself a password reminder, and instead I have changed the "forgotten password" feature to a change password feature. That means that it is now impossible for anyone to get a hold of your password, even if they gain access to your e-mail inbox. They can still change your Lottery Post password if they have access to your inbox (and know your LP Username), but they cannot discover the password that you used.
  3. Most importantly, I have changed the Lottery Post server so that it uses one of the computer industry's best-possible hashing algorithms — called Bcrypt — to store password hashes. Lottery Post maintains very tight security protocols, but even if someone were to find a way to hack into the Lottery Post database and steal the entire user database, there would be no way to pull out or reconstruct the passwords. If I used an older hashing scheme to store the passwords it would be possible for a hacker to use programs to work out the passwords, but not so with the hashing in place now.

A major security upgrade like this is a very large, complex undertaking, and is a project I have been very carefully working on for months. When implementing new security, there are no second chances — everything needs to go well on the first shot. So I was probably more nervous about this upgrade than anything I have done in years.

I have never had, nor do I foresee, the Lottery Post database being hacked, but then again I'm sure most of the other companies that have suffered security breaches felt that way before the intrusion. I would rather not see Lottery Post among the Web sites that had their passwords hacked, so this upgrade was entirely a proactive move on my part.

After installing the upgrades this afternoon, many of you experienced an issue with log in failing. That's because your account was not yet converted over to the new security system. (See If you can't log in, please read this, posted today at 2:11 pm Eastern Time.) At this point all the active memberships are converted over, and the system is finishing converting the rest. It will be completely finished this evening.

The security upgrades also reach into the Chat system, and I have even beefed up the security there. As someone using Chat, you'd never know the difference, but from the system's perspective it is much, much harder for a hacker to breach or exploit.

If you are interested in learning more about password security, I'd suggest Googling password salting and hashing.

Other updates

While the new security system was the biggest upgrade, there were a number of other minor things that were included in today's upgrade.

  • The VTracs Results page now separates the Illinois My3 results from the regular Pick 3 results, and the My3 VTracs history is now available by clicking on the game name on the VTracs results page.
  • There is now built-in support for Windows 8.1 start screen live tiles. If you pin Lottery Post to the Windows 8.1 start screen, you will get news updates right on your start screen. I also created support and graphics for all the new tile sizes. (Windows 8.1 will be available for Window 8 users to download in the coming months. It will be a free upgrade from Microsoft.)
  • The new spell checker that replaced the now-defunct Google spell checker was part of this upgrade, but I was able to install it two days ago rather than waiting until today.
  • I upgraded to the latest release of jQuery, as I always try to do when performing a big upgrade. jQuery is part of the code that makes up each page, so new releases often help fix bugs and increase performance in various areas.
  • I upgraded the mobile device detection to include the latest mobile devices and browsers, which helps when you browse Lottery Post uses anything other than a desktop computer.
  • A ton of other minor wording changes, tweaks, etc. Many of these minor changes have been finished for a while, but sitting around waiting for today's upgrade to install. Again, many of these will go unnoticed by most people, but they improve the overall quality of the site.

I am happy and relieved to finally get this upgrade out of the way. If you experience any problems, just drop me a note and let me know.

    konane's avatar - wallace
    Atlanta, GA
    United States
    Member #1265
    March 13, 2003
    3333 Posts
    Offline
    Posted: July 23, 2013, 7:11 pm - IP Logged

    Thank you for all your hard work to make Lottery Post the epic site it's always been, and for keeping LP members info secure. Smile

    Good luck to everyone!

      Win$500Quick's avatar - Lottery-050.jpg
      Florida
      United States
      Member #77815
      August 1, 2009
      3460 Posts
      Offline
      Posted: July 23, 2013, 7:13 pm - IP Logged

      Thank you for all your hard work to make Lottery Post the epic site it's always been, and for keeping LP members info secure. Smile

      I Agree!

      Guess Who's Back?

        hearsetrax's avatar - 0118

        United States
        Member #52345
        May 21, 2007
        2659 Posts
        Offline
        Posted: July 23, 2013, 7:29 pm - IP Logged

        +1

          Avatar

          United States
          Member #94616
          July 24, 2010
          4735 Posts
          Offline
          Posted: July 23, 2013, 7:45 pm - IP Logged

          OK, so today Lottery Post had a big security upgrade. It is something I have literally been working on for months, and today I finally made the cutover to the new security system.

          This upgrade was extremely important, in the following respects:

          1. It enforces stricter passwords that are case-sensitive, and for the security-conscious can now be up to 200 characters in length. These types of passwords are great if you use a password manager (for example, LastPass) that generates random passwords for the websites where you maintain accounts. (For the record, everyone should be using a password manager like LastPass.)
          2. I have gotten rid of the ability to send yourself a password reminder, and instead I have changed the "forgotten password" feature to a change password feature. That means that it is now impossible for anyone to get a hold of your password, even if they gain access to your e-mail inbox. They can still change your Lottery Post password if they have access to your inbox (and know your LP Username), but they cannot discover the password that you used.
          3. Most importantly, I have changed the Lottery Post server so that it uses one of the computer industry's best-possible hashing algorithms — called Bcrypt — to store password hashes. Lottery Post maintains very tight security protocols, but even if someone were to find a way to hack into the Lottery Post database and steal the entire user database, there would be no way to pull out or reconstruct the passwords. If I used an older hashing scheme to store the passwords it would be possible for a hacker to use programs to work out the passwords, but not so with the hashing in place now.

          A major security upgrade like this is a very large, complex undertaking, and is a project I have been very carefully working on for months. When implementing new security, there are no second chances — everything needs to go well on the first shot. So I was probably more nervous about this upgrade than anything I have done in years.

          I have never had, nor do I foresee, the Lottery Post database being hacked, but then again I'm sure most of the other companies that have suffered security breaches felt that way before the intrusion. I would rather not see Lottery Post among the Web sites that had their passwords hacked, so this upgrade was entirely a proactive move on my part.

          After installing the upgrades this afternoon, many of you experienced an issue with log in failing. That's because your account was not yet converted over to the new security system. (See If you can't log in, please read this, posted today at 2:11 pm Eastern Time.) At this point all the active memberships are converted over, and the system is finishing converting the rest. It will be completely finished this evening.

          The security upgrades also reach into the Chat system, and I have even beefed up the security there. As someone using Chat, you'd never know the difference, but from the system's perspective it is much, much harder for a hacker to breach or exploit.

          If you are interested in learning more about password security, I'd suggest Googling password salting and hashing.

          Other updates

          While the new security system was the biggest upgrade, there were a number of other minor things that were included in today's upgrade.

          • The VTracs Results page now separates the Illinois My3 results from the regular Pick 3 results, and the My3 VTracs history is now available by clicking on the game name on the VTracs results page.
          • There is now built-in support for Windows 8.1 start screen live tiles. If you pin Lottery Post to the Windows 8.1 start screen, you will get news updates right on your start screen. I also created support and graphics for all the new tile sizes. (Windows 8.1 will be available for Window 8 users to download in the coming months. It will be a free upgrade from Microsoft.)
          • The new spell checker that replaced the now-defunct Google spell checker was part of this upgrade, but I was able to install it two days ago rather than waiting until today.
          • I upgraded to the latest release of jQuery, as I always try to do when performing a big upgrade. jQuery is part of the code that makes up each page, so new releases often help fix bugs and increase performance in various areas.
          • I upgraded the mobile device detection to include the latest mobile devices and browsers, which helps when you browse Lottery Post uses anything other than a desktop computer.
          • A ton of other minor wording changes, tweaks, etc. Many of these minor changes have been finished for a while, but sitting around waiting for today's upgrade to install. Again, many of these will go unnoticed by most people, but they improve the overall quality of the site.

          I am happy and relieved to finally get this upgrade out of the way. If you experience any problems, just drop me a note and let me know.

          WOW! Not only are you leading the way in making sure this is the best site out there - you take the time to SHARE everything with us so our experience can be the best possible.  THANKS

            noise-gate's avatar - images q=tbn:ANd9GcR91HDs4UJhjxO7cmeMQWZ5lB_FOcMLOGicau4V74R45tDgPWrr
            Bay Area - California
            United States
            Member #136477
            December 12, 2012
            4110 Posts
            Offline
            Posted: July 23, 2013, 9:03 pm - IP Logged

            OK, so today Lottery Post had a big security upgrade. It is something I have literally been working on for months, and today I finally made the cutover to the new security system.

            This upgrade was extremely important, in the following respects:

            1. It enforces stricter passwords that are case-sensitive, and for the security-conscious can now be up to 200 characters in length. These types of passwords are great if you use a password manager (for example, LastPass) that generates random passwords for the websites where you maintain accounts. (For the record, everyone should be using a password manager like LastPass.)
            2. I have gotten rid of the ability to send yourself a password reminder, and instead I have changed the "forgotten password" feature to a change password feature. That means that it is now impossible for anyone to get a hold of your password, even if they gain access to your e-mail inbox. They can still change your Lottery Post password if they have access to your inbox (and know your LP Username), but they cannot discover the password that you used.
            3. Most importantly, I have changed the Lottery Post server so that it uses one of the computer industry's best-possible hashing algorithms — called Bcrypt — to store password hashes. Lottery Post maintains very tight security protocols, but even if someone were to find a way to hack into the Lottery Post database and steal the entire user database, there would be no way to pull out or reconstruct the passwords. If I used an older hashing scheme to store the passwords it would be possible for a hacker to use programs to work out the passwords, but not so with the hashing in place now.

            A major security upgrade like this is a very large, complex undertaking, and is a project I have been very carefully working on for months. When implementing new security, there are no second chances — everything needs to go well on the first shot. So I was probably more nervous about this upgrade than anything I have done in years.

            I have never had, nor do I foresee, the Lottery Post database being hacked, but then again I'm sure most of the other companies that have suffered security breaches felt that way before the intrusion. I would rather not see Lottery Post among the Web sites that had their passwords hacked, so this upgrade was entirely a proactive move on my part.

            After installing the upgrades this afternoon, many of you experienced an issue with log in failing. That's because your account was not yet converted over to the new security system. (See If you can't log in, please read this, posted today at 2:11 pm Eastern Time.) At this point all the active memberships are converted over, and the system is finishing converting the rest. It will be completely finished this evening.

            The security upgrades also reach into the Chat system, and I have even beefed up the security there. As someone using Chat, you'd never know the difference, but from the system's perspective it is much, much harder for a hacker to breach or exploit.

            If you are interested in learning more about password security, I'd suggest Googling password salting and hashing.

            Other updates

            While the new security system was the biggest upgrade, there were a number of other minor things that were included in today's upgrade.

            • The VTracs Results page now separates the Illinois My3 results from the regular Pick 3 results, and the My3 VTracs history is now available by clicking on the game name on the VTracs results page.
            • There is now built-in support for Windows 8.1 start screen live tiles. If you pin Lottery Post to the Windows 8.1 start screen, you will get news updates right on your start screen. I also created support and graphics for all the new tile sizes. (Windows 8.1 will be available for Window 8 users to download in the coming months. It will be a free upgrade from Microsoft.)
            • The new spell checker that replaced the now-defunct Google spell checker was part of this upgrade, but I was able to install it two days ago rather than waiting until today.
            • I upgraded to the latest release of jQuery, as I always try to do when performing a big upgrade. jQuery is part of the code that makes up each page, so new releases often help fix bugs and increase performance in various areas.
            • I upgraded the mobile device detection to include the latest mobile devices and browsers, which helps when you browse Lottery Post uses anything other than a desktop computer.
            • A ton of other minor wording changes, tweaks, etc. Many of these minor changes have been finished for a while, but sitting around waiting for today's upgrade to install. Again, many of these will go unnoticed by most people, but they improve the overall quality of the site.

            I am happy and relieved to finally get this upgrade out of the way. If you experience any problems, just drop me a note and let me know.

            Anyone with half a brain can see that you take enormous pride in your creation Todd,it goes without saying that you put in the time and  effort to see it grow.This is not lost on us who visit this site and gain a certain level of satisfaction knowing that the Chief Bottle Washer is in the trenches at all times.
            As Tina Turner once sang " You Simply the best"..Thanks a lot.

              STORM's avatar - Rean
              Ga Fl Sc Nc All States 819* 290 160** 1958 Ryde!
              United States
              Member #57922
              January 23, 2008
              9314 Posts
              Offline
              Posted: July 23, 2013, 9:13 pm - IP Logged

              OK, so today Lottery Post had a big security upgrade. It is something I have literally been working on for months, and today I finally made the cutover to the new security system.

              This upgrade was extremely important, in the following respects:

              1. It enforces stricter passwords that are case-sensitive, and for the security-conscious can now be up to 200 characters in length. These types of passwords are great if you use a password manager (for example, LastPass) that generates random passwords for the websites where you maintain accounts. (For the record, everyone should be using a password manager like LastPass.)
              2. I have gotten rid of the ability to send yourself a password reminder, and instead I have changed the "forgotten password" feature to a change password feature. That means that it is now impossible for anyone to get a hold of your password, even if they gain access to your e-mail inbox. They can still change your Lottery Post password if they have access to your inbox (and know your LP Username), but they cannot discover the password that you used.
              3. Most importantly, I have changed the Lottery Post server so that it uses one of the computer industry's best-possible hashing algorithms — called Bcrypt — to store password hashes. Lottery Post maintains very tight security protocols, but even if someone were to find a way to hack into the Lottery Post database and steal the entire user database, there would be no way to pull out or reconstruct the passwords. If I used an older hashing scheme to store the passwords it would be possible for a hacker to use programs to work out the passwords, but not so with the hashing in place now.

              A major security upgrade like this is a very large, complex undertaking, and is a project I have been very carefully working on for months. When implementing new security, there are no second chances — everything needs to go well on the first shot. So I was probably more nervous about this upgrade than anything I have done in years.

              I have never had, nor do I foresee, the Lottery Post database being hacked, but then again I'm sure most of the other companies that have suffered security breaches felt that way before the intrusion. I would rather not see Lottery Post among the Web sites that had their passwords hacked, so this upgrade was entirely a proactive move on my part.

              After installing the upgrades this afternoon, many of you experienced an issue with log in failing. That's because your account was not yet converted over to the new security system. (See If you can't log in, please read this, posted today at 2:11 pm Eastern Time.) At this point all the active memberships are converted over, and the system is finishing converting the rest. It will be completely finished this evening.

              The security upgrades also reach into the Chat system, and I have even beefed up the security there. As someone using Chat, you'd never know the difference, but from the system's perspective it is much, much harder for a hacker to breach or exploit.

              If you are interested in learning more about password security, I'd suggest Googling password salting and hashing.

              Other updates

              While the new security system was the biggest upgrade, there were a number of other minor things that were included in today's upgrade.

              • The VTracs Results page now separates the Illinois My3 results from the regular Pick 3 results, and the My3 VTracs history is now available by clicking on the game name on the VTracs results page.
              • There is now built-in support for Windows 8.1 start screen live tiles. If you pin Lottery Post to the Windows 8.1 start screen, you will get news updates right on your start screen. I also created support and graphics for all the new tile sizes. (Windows 8.1 will be available for Window 8 users to download in the coming months. It will be a free upgrade from Microsoft.)
              • The new spell checker that replaced the now-defunct Google spell checker was part of this upgrade, but I was able to install it two days ago rather than waiting until today.
              • I upgraded to the latest release of jQuery, as I always try to do when performing a big upgrade. jQuery is part of the code that makes up each page, so new releases often help fix bugs and increase performance in various areas.
              • I upgraded the mobile device detection to include the latest mobile devices and browsers, which helps when you browse Lottery Post uses anything other than a desktop computer.
              • A ton of other minor wording changes, tweaks, etc. Many of these minor changes have been finished for a while, but sitting around waiting for today's upgrade to install. Again, many of these will go unnoticed by most people, but they improve the overall quality of the site.

              I am happy and relieved to finally get this upgrade out of the way. If you experience any problems, just drop me a note and let me know.

                                                                                                     B-R-I-L-L-I-A-N-T... *Much Appreciation*

                                                                                                                           

              I'm Expecting God to Do BIG Things.. 


                United States
                Member #116268
                September 7, 2011
                20244 Posts
                Offline
                Posted: July 23, 2013, 9:36 pm - IP Logged

                Awesome work. Thumbs Up

                  Nikkicute's avatar - nnjx1k
                  Wisconsin
                  United States
                  Member #123290
                  February 17, 2012
                  3052 Posts
                  Online
                  Posted: July 23, 2013, 9:39 pm - IP Logged

                  Thank You!!!Smiley

                    tastylovebug's avatar - DSC 0097b.jpg
                    Ohio
                    United States
                    Member #114639
                    August 4, 2011
                    3535 Posts
                    Offline
                    Posted: July 23, 2013, 9:50 pm - IP Logged

                    Thank You Todd!! ahh even though i don't understand anything right now due to amsterdam and grey goose....but i get the gist of it and will read it later...i'm celebrating early for my birthday next week.....

                     Month of December 3374 6491 8259 2365 5808 0260 7368 4662 9057 9022 4754 6039 3811 2774 1576 5265 7900 8524 2995 1791 7558 4218 4393 2791 9548 3306 8114 5890 0702 2667 6191 9552 9898 5657 1592

                    hh

                      Totem's Angel's avatar - kanji for_peace.jpg
                      Stone Mountain
                      United States
                      Member #1198
                      February 26, 2003
                      1113 Posts
                      Offline
                      Posted: July 23, 2013, 10:17 pm - IP Logged

                      Awesome!  Thanks, Todd!  :-)

                      Life is Good!  Be Blessed...~Totem's Angel~ Blue Angel

                        Astekblue's avatar - Tarlor
                        Kentucky
                        United States
                        Member #35086
                        March 12, 2006
                        10374 Posts
                        Offline
                        Posted: July 23, 2013, 10:19 pm - IP Logged

                        Well   Done     Todd     Hurray!

                         

                         

                        I can see where that would  be  a big  relief to get all that done   White Bounce

                         

                         

                        Thanks

                          jarasan's avatar - new patrick.gif
                          Harbinger
                          D.C./MD.
                          United States
                          Member #44103
                          July 30, 2006
                          5583 Posts
                          Offline
                          Posted: July 23, 2013, 11:15 pm - IP Logged

                          Just think hashing used to be a breakfast thing!!!!!!!!

                          Thanks Todd.

                          Hyper

                            rdgrnr's avatar - walt
                            Way back up in them dadgum hills, son!
                            United States
                            Member #73904
                            April 28, 2009
                            14903 Posts
                            Offline
                            Posted: July 23, 2013, 11:48 pm - IP Logged

                            Thanks for all your hard work, Todd.

                            It's appreciated.

                              Avatar
                              MO
                              United States
                              Member #106928
                              February 27, 2011
                              925 Posts
                              Offline
                              Posted: July 24, 2013, 12:03 am - IP Logged

                              Thank you soooooooo much!!!!!! Thumbs Up