@woofworks
Hahaha. Sorry sifu. You are the second person complaining that.

@Firdauz
Of course the people are concerned. It is their data that is in jeopardy.

@Josh Lim
No hard feelings but to be honest, after reading all the explanations from your team, I am still not 100% convinced with the security of your system (before and after my review).

I’m quoting Firdauz:
“What’s assumed as laziness and amateurish was in fact; our best decision at that particular time.“

That sounded ‘wrong’ but well, it could be me.

I missed something that I didn’t mention in my review. According to this and this, the minimum length of a password must be at least 6 or 7 characters to be considered as standard. Shorter passwords are considered WEAK and are more vulnerable.

However, I have tested and your system allows password as short as ONE character. I have one account’s password which is “a” and another account’s password which is “abc“.

1. security issues. How secure IS secure? (believe i asked that before)

2. Vulnerability of the system is not proven otherwise by just conducting a 24 hour manual monitoring and conclude a concrete guarantee..

I left myself anonymous this time around. I am sure the owner of this blog can find me. Thats because i do not wished to be contacted with regards to this except for the owner of this blog.

We did not expect this to happen – however, we and our system were not unprepared.

We first heard of the news through our RSS feeds, and 1 phone call from a friend. So, 2 members of the team stayed awake throughout the night to watch what people would do, and react as if needed. We kept track of what was happening – about 16 dummy accounts were created on the system from unique IPs, our hits rose drastically, and intrusions were detected from Malaysia, Indonesia & Singapore.

From our logs, we could see as various methods were tried: SQL injection, brute force attacks, URL guessing, and social engineering. The last method was a rather interesting, if futile attempt – someone pretended to be one of our more popular bloggers and requested us to reset their password, apparently having forgotten it. The e-mail header was spoofed to make it seem like it was a actual e-mail of that particular blogger, but we noticed that the reply-to address was another address entirely. To be sure, we checked with the blogger in question, and found that it wasn’t an actual request.

In summary, throughout all the intrusion attempts, no intruder got to do anything further than creating a few fake accounts on our system, which were easily cleared. Our current security system has now been proven effective in a trial by fire – so yes, Advertlets.com is indeed secure, and we can vouch for the protection of your data and password.

However, we will leave no stone unturned in our quest to take Advertlets further, and look forward to rolling out additional revenue and security features for our users, especially as our user base grows and we get more popular. Do let us know if you have any further questions, and thanks for your support!

Live updating is in session.

Thanks for the concern.

Cheers people.

@Boss Lepton
Thanks, boss.

@aw
Final review sounds like ‘the end’, uh? Maybe I’ll do a ‘post-review’ review after 1 or 2 months. As for now, it’s time to move on.

Hmmm…I wonder who should be my next ‘victim’. Or maybe I should blog about the birds and flowers for a little while.

@earl-ku
Their ‘cincai’ attitude was the one that raised my concerns. I hope they know which part ‘can’ cincai, and which part cannot.

LOL. “Free” is quite subjective. I guess I’m just utilizing my time.

If your predictions on the ‘hitman’ is true, please make a police report if you notice me not blogging for more than 48 hours. Thank you.

@mooiness
I have a feeling that at least 2 programmers are working on the pages I mentioned in this review. I notice some information on different pages are overlapping. Or maybe they just didn’t planned ‘what to have, and where to have it’ properly.

There is also a big contrast in design (look & feel) between all the pages.