Oculus Developer Center Security Update

Share and discuss any and all Oculus related topics.

Oculus Developer Center Security Update

Postby cybereality » April 1st, 2014, 1:18 pm

As an ongoing commitment to security for our internal systems, we regularly run security audits to identify vulnerabilities. Over the weekend we discovered a vulnerability that potentially allowed for SQL injection within the Oculus Developer Center.

When we discovered the vulnerability, we took down our systems as a precautionary effort and applied the required fixes. As an added security measure, we’re requiring all Developer Center users to change their passwords upon next login.

Please know that no credit card or address information is stored in the Developer Center database, and we don’t have any reason to believe that any personal or confidential information was taken before we discovered the issue.

Sorry for the inconvenience and if you have any questions, please email support@oculus.com.

Sincerely,

- The Oculus Team
Oculus - Community Manager
User avatar
cybereality
Team Oculus Team Oculus
 
Posts: 11461
Joined: February 14th, 2013, 1:54 pm
Location: Cyberspace

Re: Oculus Developer Center Security Update

Postby kevinw729 » April 1st, 2014, 1:21 pm

Thanks for giving us the update on the reason - appreciated. Keep up the excellent work guys.
Image
** Brand New Book **
"The Out-of-Home Immersive Entertainment Frontier: Expanding Interactive Boundaries in Leisure Facilities"
http://www.gowerpublishing.com/isbn/9781472426956
User avatar
kevinw729
 
Posts: 1242
Joined: June 1st, 2013, 6:24 am

Re: Oculus Developer Center Security Update

Postby RirtualVeality » April 1st, 2014, 1:21 pm

lol! April Fools!! Heh........O_O ...oh.
User avatar
RirtualVeality
 
Posts: 564
Joined: June 21st, 2013, 4:22 pm

Re: Oculus Developer Center Security Update

Postby densohax » April 1st, 2014, 1:21 pm

cybereality wrote:As an ongoing commitment to security for our internal systems, we regularly run security audits to identify vulnerabilities. Over the weekend we discovered a vulnerability that potentially allowed for SQL injection within the Oculus Developer Center.

When we discovered the vulnerability, we took down our systems as a precautionary effort and applied the required fixes. As an added security measure, we’re requiring all Developer Center users to change their passwords upon next login.

Please know that no credit card or address information is stored in the Developer Center database, and we don’t have any reason to believe that any personal or confidential information was taken before we discovered the issue.

Sorry for the inconvenience and if you have any questions, please email support@oculus.com.

Sincerely,

- The Oculus Team



It's time for you to accept bitcoins. ;)
User avatar
densohax
 
Posts: 281
Joined: March 29th, 2013, 10:47 am

Re: Oculus Developer Center Security Update

Postby kingtut » April 1st, 2014, 2:10 pm

Thanks for the update! Much appreciated.
kingtut
 
Posts: 119
Joined: March 29th, 2013, 6:12 pm
Website: http://kingtut666.wordpress.com
Location: London, UK

Re: Oculus Developer Center Security Update

Postby sneakypoo » April 1st, 2014, 2:22 pm

densohax wrote:It's time for you to accept bitcoins. ;)

Why? Do bitcoins somehow magically fix security issues and protect your password and e-mail from would be attackers?
sneakypoo
 
Posts: 215
Joined: August 22nd, 2013, 12:12 pm

Re: Oculus Developer Center Security Update

Postby Ibrinar » April 1st, 2014, 2:29 pm

Ah makes sense. I assume passwords were properly salted and hashed?
Ibrinar
 
Posts: 134
Joined: April 13th, 2013, 4:48 am

Re: Oculus Developer Center Security Update

Postby cybereality » April 1st, 2014, 2:30 pm

Passwords are encrypted, but we just wanted to be on the safe side. Thanks.
Oculus - Community Manager
User avatar
cybereality
Team Oculus Team Oculus
 
Posts: 11461
Joined: February 14th, 2013, 1:54 pm
Location: Cyberspace

Re: Oculus Developer Center Security Update

Postby densohax » April 1st, 2014, 2:43 pm

sneakypoo wrote:
densohax wrote:It's time for you to accept bitcoins. ;)

Why? Do bitcoins somehow magically fix security issues and protect your password and e-mail from would be attackers?


No bitcoins shop are victims of a lot of hacking. it was a joke and you did not get it.
User avatar
densohax
 
Posts: 281
Joined: March 29th, 2013, 10:47 am

Re: Oculus Developer Center Security Update

Postby luciferous » April 1st, 2014, 2:50 pm

I got really excited, thought we were getting a new Forum.
User avatar
luciferous
 
Posts: 488
Joined: March 29th, 2013, 11:35 am

Re: Oculus Developer Center Security Update

Postby DieKatzchen » April 1st, 2014, 3:00 pm

Well that explains the mysterious downtime. Glad to see you guys are on top of things.
User avatar
DieKatzchen
 
Posts: 173
Joined: April 23rd, 2013, 12:39 pm

Re: Oculus Developer Center Security Update

Postby erick » April 1st, 2014, 3:06 pm

cybereality wrote:Passwords are encrypted

Encrypted or hashed?
erick
 
Posts: 122
Joined: March 29th, 2013, 12:37 pm
Location: Virginia, USA

Re: Oculus Developer Center Security Update

Postby Hadtstec » April 1st, 2014, 3:07 pm

Thanks for keeping us in the loop :-)
DK1 | DK2 | GearVR

"Nothing is hard and we have input to announce at this time!"
User avatar
Hadtstec
 
Posts: 334
Joined: May 30th, 2013, 3:13 am
Website: http://www.hadtstec.com

Re: Oculus Developer Center Security Update

Postby cybereality » April 1st, 2014, 3:08 pm

erick wrote:Encrypted or hashed?

I guess technically it would be hashed.
Oculus - Community Manager
User avatar
cybereality
Team Oculus Team Oculus
 
Posts: 11461
Joined: February 14th, 2013, 1:54 pm
Location: Cyberspace


Return to “Oculus General Discussion”


Who is online

Users browsing this forum: Ced, culturengine, dazed67, dekoomer, DrBarney, ejz6837, jcollins, kamorigis, KNP54, Locobox, MikeF, openupitsdave, pdawg17, RangerJoe, ricard2798, Twitchmonkey, ubermario, VRNATION, weasel47, wiliamtel, Zandil, zork2001 and 5 guests