Welcome Guest
Log In | Register )
You last visited December 5, 2016, 1:37 pm
All times shown are
Eastern Time (GMT-5:00)

Major Lottery Post security upgrade

Topic closed. 35 replies. Last post 3 years ago by Romancandle.

Page 2 of 3
510
PrintE-mailLink
weshar75's avatar - Lottery-042.jpg
Mcminnville, Oregon
United States
Member #3013
December 13, 2003
3047 Posts
Offline
Posted: July 24, 2013, 12:21 am - IP Logged

Thank you Todd!-weshar75

US Flag

    HIMSELF's avatar - darksword

    United States
    Member #368
    May 25, 2002
    77 Posts
    Offline
    Posted: July 24, 2013, 2:20 am - IP Logged

    hey i got in  ......worked  this time   ......now if i can only remember what i did

      dallascowboyfan's avatar - tiana the-princess-and-the-frog.jpg
      Oklahoma
      United States
      Member #82391
      November 12, 2009
      6290 Posts
      Offline
      Posted: July 24, 2013, 7:15 am - IP Logged

      Thanks ToddThumbs Up

      I Love Pink & Green 1908

        Avatar

        United States
        Member #122468
        February 1, 2012
        530 Posts
        Offline
        Posted: July 24, 2013, 8:12 am - IP Logged

        Thanks Todd for your dedication to making this site extra secure. Your efforts are greatly appreciated. I'm so glad you created this site.

          calabs's avatar - bass fret.jpg

          United States
          Member #27050
          November 26, 2005
          40272 Posts
          Online
          Posted: July 24, 2013, 8:52 am - IP Logged

          OK, so today Lottery Post had a big security upgrade. It is something I have literally been working on for months, and today I finally made the cutover to the new security system.

          This upgrade was extremely important, in the following respects:

          1. It enforces stricter passwords that are case-sensitive, and for the security-conscious can now be up to 200 characters in length. These types of passwords are great if you use a password manager (for example, LastPass) that generates random passwords for the websites where you maintain accounts. (For the record, everyone should be using a password manager like LastPass.)
          2. I have gotten rid of the ability to send yourself a password reminder, and instead I have changed the "forgotten password" feature to a change password feature. That means that it is now impossible for anyone to get a hold of your password, even if they gain access to your e-mail inbox. They can still change your Lottery Post password if they have access to your inbox (and know your LP Username), but they cannot discover the password that you used.
          3. Most importantly, I have changed the Lottery Post server so that it uses one of the computer industry's best-possible hashing algorithms — called Bcrypt — to store password hashes. Lottery Post maintains very tight security protocols, but even if someone were to find a way to hack into the Lottery Post database and steal the entire user database, there would be no way to pull out or reconstruct the passwords. If I used an older hashing scheme to store the passwords it would be possible for a hacker to use programs to work out the passwords, but not so with the hashing in place now.

          A major security upgrade like this is a very large, complex undertaking, and is a project I have been very carefully working on for months. When implementing new security, there are no second chances — everything needs to go well on the first shot. So I was probably more nervous about this upgrade than anything I have done in years.

          I have never had, nor do I foresee, the Lottery Post database being hacked, but then again I'm sure most of the other companies that have suffered security breaches felt that way before the intrusion. I would rather not see Lottery Post among the Web sites that had their passwords hacked, so this upgrade was entirely a proactive move on my part.

          After installing the upgrades this afternoon, many of you experienced an issue with log in failing. That's because your account was not yet converted over to the new security system. (See If you can't log in, please read this, posted today at 2:11 pm Eastern Time.) At this point all the active memberships are converted over, and the system is finishing converting the rest. It will be completely finished this evening.

          The security upgrades also reach into the Chat system, and I have even beefed up the security there. As someone using Chat, you'd never know the difference, but from the system's perspective it is much, much harder for a hacker to breach or exploit.

          If you are interested in learning more about password security, I'd suggest Googling password salting and hashing.

          Other updates

          While the new security system was the biggest upgrade, there were a number of other minor things that were included in today's upgrade.

          • The VTracs Results page now separates the Illinois My3 results from the regular Pick 3 results, and the My3 VTracs history is now available by clicking on the game name on the VTracs results page.
          • There is now built-in support for Windows 8.1 start screen live tiles. If you pin Lottery Post to the Windows 8.1 start screen, you will get news updates right on your start screen. I also created support and graphics for all the new tile sizes. (Windows 8.1 will be available for Window 8 users to download in the coming months. It will be a free upgrade from Microsoft.)
          • The new spell checker that replaced the now-defunct Google spell checker was part of this upgrade, but I was able to install it two days ago rather than waiting until today.
          • I upgraded to the latest release of jQuery, as I always try to do when performing a big upgrade. jQuery is part of the code that makes up each page, so new releases often help fix bugs and increase performance in various areas.
          • I upgraded the mobile device detection to include the latest mobile devices and browsers, which helps when you browse Lottery Post uses anything other than a desktop computer.
          • A ton of other minor wording changes, tweaks, etc. Many of these minor changes have been finished for a while, but sitting around waiting for today's upgrade to install. Again, many of these will go unnoticed by most people, but they improve the overall quality of the site.

          I am happy and relieved to finally get this upgrade out of the way. If you experience any problems, just drop me a note and let me know.

          You always continue to amaze me with your computer savvy....! Type  Thanks Todd for keeping our info safer!

          BTW, when I saw the first "Other updates", I got REALLY excited seing VTracs in the description.  For a brief moment, I thought it was about the VTrac search engine!!  Big Smile

          Lep

            Avatar
            Saint Louis MO
            United States
            Member #110754
            May 11, 2011
            2649 Posts
            Offline
            Posted: July 24, 2013, 9:06 am - IP Logged

            Thumbs Up

            Remember to flip 6's 9's, mirror front and end #'s, and do front/back3 for a hit!


              United States
              Member #116268
              September 7, 2011
              20244 Posts
              Offline
              Posted: July 24, 2013, 9:08 am - IP Logged

              Thumbs Up

                     I Agree!

                MADDOG10's avatar - smoke
                Beautiful Florida
                United States
                Member #5709
                July 18, 2004
                20108 Posts
                Offline
                Posted: July 24, 2013, 10:27 am - IP Logged

                Todd, thanks for the updates...!

                                                             

                                                               "  When Injustice Becomes Law, Resistance Becomes Duty "

                  star69's avatar - DiscoBallGlowing
                  sebring,florida
                  United States
                  Member #81
                  September 22, 2000
                  1626 Posts
                  Offline
                  Posted: July 24, 2013, 10:41 am - IP Logged

                  Todd, Thank You!!! 

                    Kola's avatar - image
                    Blundering Time Traveler

                    United States
                    Member #28945
                    December 25, 2005
                    1527 Posts
                    Online
                    Posted: July 24, 2013, 1:23 pm - IP Logged

                    Thanks Todd !

                    Legend says that The Craggy One was once asked about the Lottery Circle and the aged Lottery LoreKeeper whispered in his gravelly eloquence,"It is known among our kind that 2 successive draws are in reality the 2 center-points of 2 intersecting circles that share a common radius - a Root Center. This Vesica Piscis is the creative womb for all numbers, the Still Point from which two draws will unite & a new one is born. This "perfect" space is a wormhole through Time(Change). Master its proportions & your numerical predictions will not falter". 

                      helpmewin's avatar - dandy
                      u$a
                      United States
                      Member #106665
                      February 22, 2011
                      19771 Posts
                      Offline
                      Posted: July 24, 2013, 2:23 pm - IP Logged

                      OK, so today Lottery Post had a big security upgrade. It is something I have literally been working on for months, and today I finally made the cutover to the new security system.

                      This upgrade was extremely important, in the following respects:

                      1. It enforces stricter passwords that are case-sensitive, and for the security-conscious can now be up to 200 characters in length. These types of passwords are great if you use a password manager (for example, LastPass) that generates random passwords for the websites where you maintain accounts. (For the record, everyone should be using a password manager like LastPass.)
                      2. I have gotten rid of the ability to send yourself a password reminder, and instead I have changed the "forgotten password" feature to a change password feature. That means that it is now impossible for anyone to get a hold of your password, even if they gain access to your e-mail inbox. They can still change your Lottery Post password if they have access to your inbox (and know your LP Username), but they cannot discover the password that you used.
                      3. Most importantly, I have changed the Lottery Post server so that it uses one of the computer industry's best-possible hashing algorithms — called Bcrypt — to store password hashes. Lottery Post maintains very tight security protocols, but even if someone were to find a way to hack into the Lottery Post database and steal the entire user database, there would be no way to pull out or reconstruct the passwords. If I used an older hashing scheme to store the passwords it would be possible for a hacker to use programs to work out the passwords, but not so with the hashing in place now.

                      A major security upgrade like this is a very large, complex undertaking, and is a project I have been very carefully working on for months. When implementing new security, there are no second chances — everything needs to go well on the first shot. So I was probably more nervous about this upgrade than anything I have done in years.

                      I have never had, nor do I foresee, the Lottery Post database being hacked, but then again I'm sure most of the other companies that have suffered security breaches felt that way before the intrusion. I would rather not see Lottery Post among the Web sites that had their passwords hacked, so this upgrade was entirely a proactive move on my part.

                      After installing the upgrades this afternoon, many of you experienced an issue with log in failing. That's because your account was not yet converted over to the new security system. (See If you can't log in, please read this, posted today at 2:11 pm Eastern Time.) At this point all the active memberships are converted over, and the system is finishing converting the rest. It will be completely finished this evening.

                      The security upgrades also reach into the Chat system, and I have even beefed up the security there. As someone using Chat, you'd never know the difference, but from the system's perspective it is much, much harder for a hacker to breach or exploit.

                      If you are interested in learning more about password security, I'd suggest Googling password salting and hashing.

                      Other updates

                      While the new security system was the biggest upgrade, there were a number of other minor things that were included in today's upgrade.

                      • The VTracs Results page now separates the Illinois My3 results from the regular Pick 3 results, and the My3 VTracs history is now available by clicking on the game name on the VTracs results page.
                      • There is now built-in support for Windows 8.1 start screen live tiles. If you pin Lottery Post to the Windows 8.1 start screen, you will get news updates right on your start screen. I also created support and graphics for all the new tile sizes. (Windows 8.1 will be available for Window 8 users to download in the coming months. It will be a free upgrade from Microsoft.)
                      • The new spell checker that replaced the now-defunct Google spell checker was part of this upgrade, but I was able to install it two days ago rather than waiting until today.
                      • I upgraded to the latest release of jQuery, as I always try to do when performing a big upgrade. jQuery is part of the code that makes up each page, so new releases often help fix bugs and increase performance in various areas.
                      • I upgraded the mobile device detection to include the latest mobile devices and browsers, which helps when you browse Lottery Post uses anything other than a desktop computer.
                      • A ton of other minor wording changes, tweaks, etc. Many of these minor changes have been finished for a while, but sitting around waiting for today's upgrade to install. Again, many of these will go unnoticed by most people, but they improve the overall quality of the site.

                      I am happy and relieved to finally get this upgrade out of the way. If you experience any problems, just drop me a note and let me know.

                      how you get the password Hat


                        United States
                        Member #128790
                        June 2, 2012
                        5431 Posts
                        Offline
                        Posted: July 24, 2013, 3:27 pm - IP Logged

                        how you get the password Hat

                        What happened to you? You got lost finding your way back home?  lol

                        MIA for a month now What?

                          haymaker's avatar - Lottery-012.jpg
                          Egg Harbor twp.south Jersey shore
                          United States
                          Member #112968
                          June 29, 2011
                          3854 Posts
                          Offline
                          Posted: July 24, 2013, 4:25 pm - IP Logged

                          Todd, thanks, you are THE MAN!

                          And that new spell checker is "ZAPP" ! lightning fast !

                          Extraordinary Popular Delusions & the Madness of Crowds    -- Charles Mackay  LL.D.

                            helpmewin's avatar - dandy
                            u$a
                            United States
                            Member #106665
                            February 22, 2011
                            19771 Posts
                            Offline
                            Posted: July 24, 2013, 6:03 pm - IP Logged

                            What happened to you? You got lost finding your way back home?  lol

                            MIA for a month now What?

                            Orlando No misspellings found.

                              maximumfun's avatar - Lottery-030.jpg
                              Lavender Rocket

                              United States
                              Member #124616
                              March 16, 2012
                              2642 Posts
                              Offline
                              Posted: July 24, 2013, 7:15 pm - IP Logged

                              wow.  Todd - my head spun while reading your post.  Thank you once again for all your hard work and dedication to this site!