# Post attributed to wrong user account



## kwilson (Feb 25, 2006)

[_This thread has been split from this thread in the Exchanging forum, and edited for continuity here.  mg_]

[This post] shows me as the poster. I didn't post this message. Something is wrong here. Will the actual poster please identify him/herself?

Kenny


----------



## Walt (Feb 27, 2006)

*Maybe Tug is able to find out who posted in your name!*



			
				kwilson said:
			
		

> The post #2 above shows me as the poster. I didn't post this message. Something is wrong here. Will the actual poster please identify him/herself?
> 
> Kenny



I wonder if TUG is able to find who did the posting?  And how could this happen?

Walt


----------



## Dave M (Feb 27, 2006)

*In my capacity as a BBS administrator*....

I believe there are only two possibilities for how someone posted using another's user name. One is that a second person used the same PC as the user, wherein the user didn't log off from the BBS prior to the other person using the PC. The other is that a second person has access to the user's password.

Other than the same-PC scenario, no one can post using someone else's user name without knowing that person's password. The system is so secure that even Makai Guy and I, as BBS system administrators, cannot access another person's BBS password.

The only solution when there is such a compromise is for the affected user to change his/her BBS password. Click on "User CP" on the left side of the above blue bar and then click on "Edit Email & Password".


----------



## Makai Guy (Feb 27, 2006)

The IP from which the post was entered is recorded for each post.  

The recorded IP for the post in question traces back to a different host than was used by KWilson when registering, or used for any other of his posts, as far as I can tell.

Doing a lookup by IP number, I have found one other user associated with this IP number, and have contacted him to see if this post was from him, and if so, to find out if there was anything odd that happened when he posted.

Edit: I believe the IP in question is in San Diego, and the other user associated with this IP lives nowhere near there.  My fear is that this one will also be a "phantom" post attributed to the wrong user.

Second Edit: The source has been identified.  The post was actually from John Chase, timeos2 here on the bbs, posted while far away from home on vacation.  The only other post we have from that IP was also from John and is correctly attributed to him.


----------



## Makai Guy (Feb 27, 2006)

*Mystery Solved!*

I asked John to use that terminal again and see if it logged him into the bbs automatically.  It did.  As Kenny.  John and Kenny must have been at the same resort in San Diego and used the same computer.

Kenny apparently had logged onto the public terminal in the resort's lobby, and used the "remember me" button when logging on, thus saving a login cookie for his account on the public computer.  When John later used the same public computer and went to the TUG BBS, it just automatically logged him on as Kenny as a result of the saved cookie.  We're all so used to logging in automatically from our home computers that John never noticed it had logged him into somebody else's account.  I asked John to log off the bbs when done to be sure the cookie was removed.

Moral of the story:

When logging in from something other than your own computer do not use the "remember me" button.   And be sure to log off the bbs when finished.


----------



## Keitht (Feb 27, 2006)

Were Kenny and John aware of each others presence at the resort?  It's not relevant to the issue - I'm just intrigued.


----------



## JeffV (Feb 27, 2006)

I have had this happen several times at resorts. When logging in it will give me a saved user name and password.  You can't believe how many don't have a clue about what they are doing on a computer.  The advice of NEVER use the remember me button on a public compter and ALWAYS log off can't be stressed enough.  I have seen people not log off after using a credit card or accessing personal financial information. 


			
				Makai Guy said:
			
		

> I asked John to use that terminal again and see if it logged him into the bbs automatically.  It did.  As Kenny.  John and Kenny must be at the same resort in San Diego this week.
> 
> Kenny apparently had logged onto the public terminal in the resort's lobby, and used the "remember me" button when logging on, thus saving a login cookie for his account on the public computer.  When John later used the same public computer and went to the TUG BBS, it just automatically logged him on as Kenny as a result of the saved cookie.  We're all so used to logging in automatically from our home computers that John never noticed it had logged him into somebody else's account.  I asked John to log off the bbs when done to be sure the cookie was removed.
> 
> ...


----------



## kwilson (Feb 27, 2006)

Thanks to the administrators for running this down. I apologize if I caused the problem. However, I am well aware of the dangers of the "remember me" button. I use library computers on every trip we make. I would be surprised if I actually clicked that button, but everyone makes mistakes. I did use the computer at San Diego Country Estates in December so that must be what and where it happened. Again, thanks for your help in explaining this, and I promise I will be especially careful in the future.


----------



## timeos2 (Feb 27, 2006)

Wow - That has been there since December?  I guess no one else went to TUG or at least didn't log in and post.


----------



## AwayWeGo (Feb 28, 2006)

*Clean-Slate Shut-Down Routine On Resort Computers*

We were in Orlando FL at Vacation Village At Parkway in January 2006, on RCI _Last Call_.  While goofing off & enjoying ourselves at the resort, I made use several times of the (free) 3-terminal Internet room upstairs in the check-in building. 

The way it works is, each terminal has its log-in name & password taped onto the monitor frame right above the glass screen.  As soon as you log in, an internal 15-minute clock starts running.  At the end of 15 minutes, the computer logs you off & in the process (I believe) does a clean sweep of the cache or wherever it is that the computer stores things like web-based user names, passwords, cookies, & all that stuff. 

If nobody is waiting, it's OK to log on for another 15-minute session & everything starts over fresh. 

-- Alan Cole, McLean (Fairfax County), Virginia, USA.


----------



## kwilson (Feb 28, 2006)

timeos2 said:
			
		

> Wow - That has been there since December?  I guess no one else went to TUG or at least didn't log in and post.




Yes, it was the second week in December. I am sure glad you're not a sinister person. You could have got me in a whole lot of trouble.  

Kenny


----------



## Sydney (Feb 28, 2006)

*This also happened to me.*

When we stayed at the Houses at Summer Bay, I went to the library nearby and went to the TUG website. I was automatically logged on as a well-known (to me) TUGger. I cleared the cookies and logged myself in. Can't remember who it was but am wondering if you by any chance stayed at Summer Bay or nearby in Feb 05 Kenny???
On the same terminal, I went to check email and someone else's account was also still logged in. Go figure.


----------



## Walt (Mar 1, 2006)

*Is there anyway to get the word out?*

Dave M

In this day and age more and more Tuggers are using the internet away from their home.  Anyone that is on vacation for 3 or more weeks may even be paying their credit card bills on line from a public computer.  While most people would not do so with someone standing behind them, they walk away form a public computer after conducting a Credit Card transaction without thinking about that they are leaving behind.

I do my personal transaction on my own laptop computer.  This may not be totally safe but I think it is worth the money, time and effort to bring a laptop on a vaction.

To read this thread and see that months have past and yet, something like this has happen, is very eye opening.

I think every Tugger should read how this happen.  Maybe this will wake some Tuggers up.

Perhaps a PM to all Tuggers to read this Thread.

Walt


----------



## Dave M (Mar 1, 2006)

Walt -

Although your suggestion is laudable, it's not something that we would deem appropriate. 

If we decided to send all TUGgers a message regarding this consumer issue, there are probably 50 more consumer issues for which we should also send warnings. How would we decide which to send and which not to send?

From a practical standpoint, if such a post as discussed herein caused a problem, we could quickly delete it. Also note that with over 60,000 posts, including those that have been pruned, this is the first report of such a problem.

Thus, although TUGgers should be careful when using websites from a public computer, especially bank, credit card and other financial websites, the minimal TUG issue is probably not worth sending a mass message.

Lastly, not everyone appreciates such unsolicited messages!


----------



## Walt (Mar 1, 2006)

*How about a Sticky in the Tug Lounge?*



			
				Dave M said:
			
		

> Walt -
> 
> Although your suggestion is laudable, it's not something that we would deem appropriate.
> 
> ...



Dave M

I'm sorry but I think this is an important issue.  Even you not did understand how this could happen.

2 months ago, at the Weston, the Credit Card problem happen to the person using the computer before me.  They minimize the window instead of closing it and didn't log out.  The person using the computer was Very Thankful I told them about it.

At least put it in the TUG Lounge as a Sticky.  Use a heading like " Are Public Computers Safe?

Walt


----------



## Dave M (Mar 1, 2006)

I agree that credit card (and similar personal info) safety is an important issue. However, warning consumers about such issues doesn't fit within TUG's role.

I believe it would certainly be appropriate for someone to start a thread in the Lounge suggesting that TUGgers use care when using public PCs.

And, yes, I did understand how it could happen. What actually happened was one of the two scenarios that I offered in my first post in this thread - *before* we found out what happened.


----------



## timeos2 (Mar 1, 2006)

kwilson said:
			
		

> Yes, it was the second week in December. I am sure glad you're not a sinister person. You could have got me in a whole lot of trouble.
> 
> Kenny


As it is I see a not so subtle hint that your user name was hijacked for unsavory reasons from one of the true conspiracy believers.  I hope the other conspiracy theories have a stronger basis in fact, but I seriously doubt it. Glad I found it by accident and cleared the auto login thanks to Dougs follow up check. Sorry for the one errant post.


----------



## LLW (Mar 2, 2006)

This also happened to me. I was at a resort using the public computer, logging into another timeshare site. It asked for a log in and I logged in, with my own username and password. It accepted that, but quickly changed the username to another user's who also frequented that site. I quickly logged out and re-logged in with my own name. I later found out the other user was at the resort during the same period.

Since then, after I use a public computer, I have not only paid special attention to logging out, closing windows, and having the computer not remembering my name, I also try to delete all cookies and temporary files when I leave. Some computers would not let me do that, probably for security reasons, but some would. 

My concern was not only with sites remembering cookies etc., but of subsequent users of that computer who somehow might be able to use those cookies and temporary files to get personal info from sites that I have used on that computer. I am not computer savvy and don't know if that is actually doable, but think I should take all the precaution that I can.


----------



## EileenSRN (Mar 2, 2006)

Although I do bring my laptop on vacation, I'm resisting paying for a wireless access provider. Consequently I occasionally use a hotel's computer. Part of my shut off process is to clear cookies, temp files and history from the browser before I close the browser. Afew times I couldn't get to them and asked the librarian if they would while I watched. I'm not really paranoid


----------



## T_R_Oglodyte (Mar 2, 2006)

One alternative if you have a laptop is to bring along an AOL sign-up disk.  Then install AOL.  You get 45 days free.  Then terminate the membership before 45 days.

ONe issue with that, though, is that even afrer unintalling AOL, AOL detritus is till itttered all over your operating system files.


----------



## Makai Guy (Mar 2, 2006)

T_R_Oglodyte said:
			
		

> ONe issue with that, though, is that even afrer unintalling AOL, AOL detritus is till itttered all over your operating system files.



Not a small issue, imho.  And the internet is filled with people complaining that after they discontinued AOL, they can't get AOL to stop billing them for service.


----------



## EileenSRN (Mar 2, 2006)

*I'll drink to that!!!*

We did the AOL thing last year in Feb and cancelled the week after we got back. We were still getting calls and attempts at billing us in June. My husband finally asked his business attorny's office to send them an email. It worked.





			
				Makai Guy said:
			
		

> Not a small issue, imho.  And the internet is filled with people complaining that after they discontinued AOL, they can't get AOL to stop billing them for service.


----------



## kwilson (Mar 2, 2006)

timeos2 said:
			
		

> As it is I see a not so subtle hint that your user name was hijacked for unsavory reasons from one of the true conspiracy believers.



John, I know I am the one who screwed up. And I owe and offer you thanks for explaining what happened for everyone. As far as I know no one took advantage of it for "unsavory" reasons. As for all the others, my face is red enough already, but if it serves to educate other Tuggers... Great! Please don't make more of this than is necessary.

Kenny


----------



## EdB (Mar 4, 2006)

kwilson said:
			
		

> John, I know I am the one who screwed up. And I owe and offer you thanks for explaining what happened for everyone. As far as I know no one took advantage of it for "unsavory" reasons. As for all the others, my face is red enough already, but if it serves to educate other Tuggers... Great! Please don't make more of this than is necessary.
> 
> Kenny



Kenny,

I am certain that John's reference was not to you, but to post #3 in this thread, which was the original thread from which the current one was split off.

The quote in that post refers to "the poster who is hiding behind the name of a bona fide Tugger..."

Gets confusing when threads are split like this.


----------

