Oculus Developer Center Security Update

Share and discuss any and all Oculus related topics.

Oculus Developer Center Security Update

Postby cybereality » Tue Apr 01, 2014 1:18 pm

As an ongoing commitment to security for our internal systems, we regularly run security audits to identify vulnerabilities. Over the weekend we discovered a vulnerability that potentially allowed for SQL injection within the Oculus Developer Center.

When we discovered the vulnerability, we took down our systems as a precautionary effort and applied the required fixes. As an added security measure, we’re requiring all Developer Center users to change their passwords upon next login.

Please know that no credit card or address information is stored in the Developer Center database, and we don’t have any reason to believe that any personal or confidential information was taken before we discovered the issue.

Sorry for the inconvenience and if you have any questions, please email support@oculus.com.

Sincerely,

- The Oculus Team
Oculus VR - Community Manager
User avatar
cybereality
Team Oculus Team Oculus
 
Posts: 8273
Joined: Thu Feb 14, 2013 2:54 pm
Location: Cyberspace

Re: Oculus Developer Center Security Update

Postby kevinw729 » Tue Apr 01, 2014 1:21 pm

Thanks for giving us the update on the reason - appreciated. Keep up the excellent work guys.
Image
** Brand New Book **
"The Out-of-Home Immersive Entertainment Frontier: Expanding Interactive Boundaries in Leisure Facilities"
http://www.gowerpublishing.com/isbn/9781472426956
User avatar
kevinw729
 
Posts: 1012
Joined: Sat Jun 01, 2013 6:24 am

Re: Oculus Developer Center Security Update

Postby RirtualVeality » Tue Apr 01, 2014 1:21 pm

lol! April Fools!! Heh........O_O ...oh.
User avatar
RirtualVeality
 
Posts: 439
Joined: Fri Jun 21, 2013 4:22 pm

Re: Oculus Developer Center Security Update

Postby densohax » Tue Apr 01, 2014 1:21 pm

cybereality wrote:As an ongoing commitment to security for our internal systems, we regularly run security audits to identify vulnerabilities. Over the weekend we discovered a vulnerability that potentially allowed for SQL injection within the Oculus Developer Center.

When we discovered the vulnerability, we took down our systems as a precautionary effort and applied the required fixes. As an added security measure, we’re requiring all Developer Center users to change their passwords upon next login.

Please know that no credit card or address information is stored in the Developer Center database, and we don’t have any reason to believe that any personal or confidential information was taken before we discovered the issue.

Sorry for the inconvenience and if you have any questions, please email support@oculus.com.

Sincerely,

- The Oculus Team



It's time for you to accept bitcoins. ;)
User avatar
densohax
 
Posts: 277
Joined: Fri Mar 29, 2013 10:47 am

Re: Oculus Developer Center Security Update

Postby kingtut » Tue Apr 01, 2014 2:10 pm

Thanks for the update! Much appreciated.
kingtut
 
Posts: 119
Joined: Fri Mar 29, 2013 6:12 pm
Website: http://kingtut666.wordpress.com
Location: London, UK

Re: Oculus Developer Center Security Update

Postby sneakypoo » Tue Apr 01, 2014 2:22 pm

densohax wrote:It's time for you to accept bitcoins. ;)

Why? Do bitcoins somehow magically fix security issues and protect your password and e-mail from would be attackers?
sneakypoo
 
Posts: 194
Joined: Thu Aug 22, 2013 12:12 pm

Re: Oculus Developer Center Security Update

Postby Ibrinar » Tue Apr 01, 2014 2:29 pm

Ah makes sense. I assume passwords were properly salted and hashed?
Ibrinar
 
Posts: 134
Joined: Sat Apr 13, 2013 4:48 am

Re: Oculus Developer Center Security Update

Postby cybereality » Tue Apr 01, 2014 2:30 pm

Passwords are encrypted, but we just wanted to be on the safe side. Thanks.
Oculus VR - Community Manager
User avatar
cybereality
Team Oculus Team Oculus
 
Posts: 8273
Joined: Thu Feb 14, 2013 2:54 pm
Location: Cyberspace

Re: Oculus Developer Center Security Update

Postby densohax » Tue Apr 01, 2014 2:43 pm

sneakypoo wrote:
densohax wrote:It's time for you to accept bitcoins. ;)

Why? Do bitcoins somehow magically fix security issues and protect your password and e-mail from would be attackers?


No bitcoins shop are victims of a lot of hacking. it was a joke and you did not get it.
User avatar
densohax
 
Posts: 277
Joined: Fri Mar 29, 2013 10:47 am

Re: Oculus Developer Center Security Update

Postby luciferous » Tue Apr 01, 2014 2:50 pm

I got really excited, thought we were getting a new Forum.
User avatar
luciferous
 
Posts: 431
Joined: Fri Mar 29, 2013 11:35 am

Re: Oculus Developer Center Security Update

Postby DieKatzchen » Tue Apr 01, 2014 3:00 pm

Well that explains the mysterious downtime. Glad to see you guys are on top of things.
User avatar
DieKatzchen
 
Posts: 168
Joined: Tue Apr 23, 2013 12:39 pm

Re: Oculus Developer Center Security Update

Postby erick » Tue Apr 01, 2014 3:06 pm

cybereality wrote:Passwords are encrypted

Encrypted or hashed?
erick
 
Posts: 122
Joined: Fri Mar 29, 2013 12:37 pm
Location: Virginia, USA

Re: Oculus Developer Center Security Update

Postby Hadtstec » Tue Apr 01, 2014 3:07 pm

Thanks for keeping us in the loop :-)
DK1 | DK2 | GearVR
User avatar
Hadtstec
 
Posts: 326
Joined: Thu May 30, 2013 3:13 am
Website: http://www.hadtstec.com

Re: Oculus Developer Center Security Update

Postby cybereality » Tue Apr 01, 2014 3:08 pm

erick wrote:Encrypted or hashed?

I guess technically it would be hashed.
Oculus VR - Community Manager
User avatar
cybereality
Team Oculus Team Oculus
 
Posts: 8273
Joined: Thu Feb 14, 2013 2:54 pm
Location: Cyberspace


Return to “Oculus General Discussion”


Who is online

Users browsing this forum: Ced, Darcanis, floppy, gaelhonorez, Google [Bot], HomerS66, JaMiR, kojack, Mecatronico, missionv, proyb64, robvld, RorschachPhoenix, rupy, saviornt, SDM, Sharkku, Snappahead, ThreeDeeVision, whitedragon101 and 106 guests