Oculus Developer Center Security Update

Discussion for Oculus and all things VR.

Oculus Developer Center Security Update

Postby cybereality » April 1st, 2014, 1:18 pm

As an ongoing commitment to security for our internal systems, we regularly run security audits to identify vulnerabilities. Over the weekend we discovered a vulnerability that potentially allowed for SQL injection within the Oculus Developer Center.

When we discovered the vulnerability, we took down our systems as a precautionary effort and applied the required fixes. As an added security measure, we’re requiring all Developer Center users to change their passwords upon next login.

Please know that no credit card or address information is stored in the Developer Center database, and we don’t have any reason to believe that any personal or confidential information was taken before we discovered the issue.

Sorry for the inconvenience and if you have any questions, please email support@oculus.com.

Sincerely,

- The Oculus Team
Oculus - Community Manager
User avatar
cybereality
Team Oculus Team Oculus
 
Posts: 14176
Joined: February 14th, 2013, 1:54 pm
Location: Cyberspace

Re: Oculus Developer Center Security Update

Postby kevinw729 » April 1st, 2014, 1:21 pm

Thanks for giving us the update on the reason - appreciated. Keep up the excellent work guys.
Image
** New Book **
"The Out-of-Home Immersive Entertainment Frontier: Expanding Interactive Boundaries in Leisure Facilities"
http://www.gowerpublishing.com/isbn/9781472426956
User avatar
kevinw729
 
Posts: 1287
Joined: June 1st, 2013, 6:24 am

Re: Oculus Developer Center Security Update

Postby RirtualVeality » April 1st, 2014, 1:21 pm

lol! April Fools!! Heh........O_O ...oh.
User avatar
RirtualVeality
 
Posts: 626
Joined: June 21st, 2013, 4:22 pm

Re: Oculus Developer Center Security Update

Postby densohax » April 1st, 2014, 1:21 pm

cybereality wrote:As an ongoing commitment to security for our internal systems, we regularly run security audits to identify vulnerabilities. Over the weekend we discovered a vulnerability that potentially allowed for SQL injection within the Oculus Developer Center.

When we discovered the vulnerability, we took down our systems as a precautionary effort and applied the required fixes. As an added security measure, we’re requiring all Developer Center users to change their passwords upon next login.

Please know that no credit card or address information is stored in the Developer Center database, and we don’t have any reason to believe that any personal or confidential information was taken before we discovered the issue.

Sorry for the inconvenience and if you have any questions, please email support@oculus.com.

Sincerely,

- The Oculus Team



It's time for you to accept bitcoins. ;)
User avatar
densohax
 
Posts: 284
Joined: March 29th, 2013, 10:47 am

Re: Oculus Developer Center Security Update

Postby kingtut » April 1st, 2014, 2:10 pm

Thanks for the update! Much appreciated.
kingtut
 
Posts: 119
Joined: March 29th, 2013, 6:12 pm
Website: http://kingtut666.wordpress.com
Location: London, UK

Re: Oculus Developer Center Security Update

Postby sneakypoo » April 1st, 2014, 2:22 pm

densohax wrote:It's time for you to accept bitcoins. ;)

Why? Do bitcoins somehow magically fix security issues and protect your password and e-mail from would be attackers?
sneakypoo
 
Posts: 215
Joined: August 22nd, 2013, 12:12 pm

Re: Oculus Developer Center Security Update

Postby Ibrinar » April 1st, 2014, 2:29 pm

Ah makes sense. I assume passwords were properly salted and hashed?
Ibrinar
 
Posts: 134
Joined: April 13th, 2013, 4:48 am

Re: Oculus Developer Center Security Update

Postby cybereality » April 1st, 2014, 2:30 pm

Passwords are encrypted, but we just wanted to be on the safe side. Thanks.
Oculus - Community Manager
User avatar
cybereality
Team Oculus Team Oculus
 
Posts: 14176
Joined: February 14th, 2013, 1:54 pm
Location: Cyberspace

Re: Oculus Developer Center Security Update

Postby densohax » April 1st, 2014, 2:43 pm

sneakypoo wrote:
densohax wrote:It's time for you to accept bitcoins. ;)

Why? Do bitcoins somehow magically fix security issues and protect your password and e-mail from would be attackers?


No bitcoins shop are victims of a lot of hacking. it was a joke and you did not get it.
User avatar
densohax
 
Posts: 284
Joined: March 29th, 2013, 10:47 am

Re: Oculus Developer Center Security Update

Postby luciferous » April 1st, 2014, 2:50 pm

I got really excited, thought we were getting a new Forum.
User avatar
luciferous
 
Posts: 557
Joined: March 29th, 2013, 11:35 am

Re: Oculus Developer Center Security Update

Postby DieKatzchen » April 1st, 2014, 3:00 pm

Well that explains the mysterious downtime. Glad to see you guys are on top of things.
User avatar
DieKatzchen
 
Posts: 173
Joined: April 23rd, 2013, 12:39 pm

Re: Oculus Developer Center Security Update

Postby erick » April 1st, 2014, 3:06 pm

cybereality wrote:Passwords are encrypted

Encrypted or hashed?
erick
 
Posts: 122
Joined: March 29th, 2013, 12:37 pm
Location: Virginia, USA

Re: Oculus Developer Center Security Update

Postby Hadtstec » April 1st, 2014, 3:07 pm

Thanks for keeping us in the loop :-)
DK1 | DK2 | GearVR | CV1 Pre-Ordered

"I reject your reality and substitute my own"
User avatar
Hadtstec
 
Posts: 341
Joined: May 30th, 2013, 3:13 am
Website: http://www.hadtstec.com

Re: Oculus Developer Center Security Update

Postby cybereality » April 1st, 2014, 3:08 pm

erick wrote:Encrypted or hashed?

I guess technically it would be hashed.
Oculus - Community Manager
User avatar
cybereality
Team Oculus Team Oculus
 
Posts: 14176
Joined: February 14th, 2013, 1:54 pm
Location: Cyberspace


Return to “General”


Who is online

Users browsing this forum: agenttoff, aluniras, Clodo, Doma, dzucker, Fredz, GoesTo11, haydxn, Jose, kamorigis, KNP54, Lionreza, Maoooo, Mcgruff, Nevarakka, notsram, onefang, PadraicB, slemke, smilertoo, Tgaud, Tininai, tranceology3, vmccurley, Vrprete, w_benjamin, whoa182, Zoomie and 7 guests