Comments Have Been Restored

We at the Consumerist would like to thank you for sticking with us during this difficult time. This post is to inform you that the ability to comment on the site has been restored. As a precaution, your password has been reset. You will need to choose a new password. You can begin that process here. We’d like to thank everyone who reached out during this difficult time with messages of support and offers of help. Consumerist has a truly wonderful and loyal community and we’re glad to be able to welcome you back.

But first, we’d like to take a few moments to address some comments and questions:

Q: Is my password encrypted?
A: Yes

Q: Is Consumerist safe to visit?
A: At this time, the site has been scrubbed and declared clean by our security experts, and we have instituted additional new security measures that we believe make it safe and secure. We continue to monitor our security constantly, however, and will take the site down if new problems appear. You should always make sure you have anti-virus software installed and active on your computer when you visit any site on the Internet.

Q: What took so %$#%@ long?
A: There are bad people in the world and we are engaged in the business of fighting them. This does not make us rich; it does not make us popular, and the wins don’t always happen as quickly as we’d like. We’re sorry about the inconvenience and thank you again for sticking with us.

Q: How can we help you?
A: Consumerist accepts support in many ways. A note of support or encouragement is always welcome and is very much appreciated by our team. The members of the community who have reached out with something to make us smile during these past few days are considered heroic by all of us. Thank you so, so much. Criticism is read and considered thoughtfully, and informs our decisions and policies. We also accept donations from individual consumers. We are a non-profit, and all donations are tax deductible. We do not accept advertising, gifts, sponsorships, or donations from corporate interests.

Q: Is there anything else you can tell us about what happened?
A: Because of the nature of the investigation, we cannot – at this time – share further details. Those of you who are familiar with the site will know that Consumerist, to the best of our ability, does not disclose information that could, even inadvertently, aid people who wish to do harm to consumers. We strive to be as transparent and proactive as possible with our communications and we thank you for being patient and understanding.

Q: What do I do if I think my computer is infected?
A: If you are worried about a possible infection, you should use your anti-virus software to run a complete scan of your machine. If you don’t already have anti-virus protection on your computer, we strongly suggest you get some. And for additional suggestions on how to cleanse your machine, you can consult the StopBadware.org site.

Q: Who do I contact if I have a problem or a comment?
A: Please contact the Consumerist Security Team. (support@consumerist.com)

-Consumerist Security Team (support@consumerist.com)

Comments

Edit Your Comment

  1. El_Fez says:

    Hah! First!

    :)

    I guess there is some advantage to being on the West Coast and staying up until Midnight.

    • Laura Northrup says:

      Sleep is for the weak.

      • MeowMaximus says:

        Sleep is for those who are allergic to Caffeine…
        It is by caffeine alone I set my mind in motion
        It is by the beans of java that thoughts acquire speed
        The hands acquire shaking
        The shaking becomes a warning
        It is by caffeine alone I set my mind in motion.

  2. BrownLeopard says:

    This is why WordPress is bad, mmkay?

  3. Hungry Dog says:

    It was them anonimouse peoples hacking our systems again…or the Scientologists. Them fanatics hate free thinking and consumers.

  4. valen says:

    Reading The Consumerists without comments enabled was like watching a stand up comedian with the “mute” option on. It is surprising how much comments actually add to the site.

  5. truffleupagus says:

    I look forward to seeing people blame the OP because they didn’t do things the way the commenter would have done or it just “sound fishy”. Let the games begin!

    Also, welcome back.

  6. olddog1213 says:

    Glad to see you back. Missed you every day you were gone. You are one of the best sites on the entire web.

  7. Tim says:

    Two questions:

    – Why not use an external comment system? Something like Disqus or Facebook comments? Would that solve the issue?
    – What does this have to do with the recent switch to WordPress and WP Engine for your hosting? Just seems like this issue never came up before …

    • baltimoron says:

      I agree about using Disqus because of all the multiple login options it has but remember that not everyone uses facebook.

    • ScarletsWalk says:

      Disqus wreaks havoc on my system. And I don’t want to link to my FB account. Right track, wrong train.

    • Duffin (Ain't This Kitty Cute?) says:

      There’s also the fact that you get emailed when someone replies. The biggest thing that keeps me from contributing here more is the fact that you aren’t alerted AT ALL when someone replies to your comment. I asked a year ago for some sort of way to be alerted and they basically said they weren’t interested in doing that.

    • Rexy does not like the new system says:

      I will kill you if Facebook comments take over. Death to Facebook!

  8. mauispiderweb says:

    About time … needed my fix ;)

    • McRib wants to know if you've been saved by the Holy Clown says:

      I WAS GETTING WITHDRAWAL SYMPTOMS

      • Friendly Curmudgeon says:

        I have been way more productive at work without reading the comments.

        But now that they are back I was inspired to actually sign up and contribute.

        I’ve been reading the consumerist for just over 5 years and just signed up today!

  9. SilentAgenger says:

    Welcome back. It’s amazing how much the comments bring to this site, and how much they were missed once removed…’reminds me of that song: “Don’t know what you got, til it’s gonnnnnnnne” ;)

  10. Fubish says: I don't know anything about it, but it seems to me... says:

    Yay! Welcome back!

  11. HomerSimpson says:

    Gotta say it…

    WHOOHOO!

  12. PupJet says:

    I wonder how many people are going to ‘backlog’ their comments on previous ones we couldn’t comment on. LOL

  13. mikedt says:

    Hooray! I was really missing the snarky comments that go with the stories.

  14. RandomHookup says:

    Now, where was I?

  15. SavijMuhdrox says:

    Alright!

    Now i can stop making up imaginary witty comments in my head, and the snarky repartees that go along with them.. though i think there was defnlee more snark.. and less wit.. hmmmm..

  16. Willy_HSV says:

    Hawt Diggity Dayamn!!!!!!!! I’ve been missing the diverse comments on here!

  17. do-it-myself says:

    Oh Happy Day!

  18. Dave B. says:

    How’s that whole wordpress thing working out for you?

  19. ECA says:

    yea!!

  20. Charles Edward Winthrop III, Esquire, Investigator of the Unknown Music says:

    Yay, we’re back! That’s a most excellent birthday gift!

  21. triana says:

    I have been stuck in moderation. Roz, will you release me today so I can celebrate?

  22. JollySith says:

    Testing 1 2 3. Took about 20 min or so to get the reset password

  23. benbell says:

    Whew, I have alot of articles to go back and comment, argue and more!

  24. Tegan says:

    I missed you guys!!! I’m so glad we’re back!

  25. thisusedtobemoreinterestingandhelpful says:

    Finally it was getting boring just reading the stories and not the comments pointing out what was wrong with the OP/writer :-)

  26. MaxH42 needs an edit button says:

    Damn, I was home all week and looking forward to COMMENTING ON ALL THE THINGS ALL DAY EVERY DAY!

    Come to think of it, it was probably a good thing for the site that commenting wasn’t available this week…

  27. Joedragon says:

    Test

  28. Revanche says:

    Interesting…I was denied my password reset, but was able to (now) re-register with my preferred username, which had previously been taken.

    Yay me.

  29. dotsandloops says:

    Excellent! Now I have something to read at work again. Well, more to read at work.

  30. Hi_Hello says:

    anybody notice any weirdness with the email address attached to their consumerist account?

    one of my old consumerist (wasn’t the current during the hack) is my current for my hotmail.com

    look like something got in, send out an email to 3 emails that was to ‘no-reply’ because my hotmail are used for junk…and there’s no real email address they couldn’t taken and send to…

    it also go to the dummy google account tied to my hotmail. forgot I even had a google account tied to my hotmail…

  31. Martha Gail says:

    Yay! Comments are my favorite!

  32. mikedt says:

    It would have been nice if the “new” comments allowed editing. Comments were down for a week, you couldn’t have added that feature?

    • Kestris says:

      I think they had more important things on their minds during that week. Such as, oh I don’t know, protecting our passwords maybe?!?

  33. Fubish says: I don't know anything about it, but it seems to me... says:

    Comments have been missing a long time and now my snark is all rusty.

  34. Ophelia says:

    Hooray.

    But now I have a question. On my phone, I seem to always be directed to a mobile site, even though my user agent is set to desktop. It’s not so bad, except that none of the comments are threaded. Makes conversations very difficult to read. It’s there any way to force my account or phone browser to go to the full site?

  35. Wembley says:

    Finally a reason to be at work! Welcome back

  36. StatusfriedCrustomer says:

    Yaaaaaaaay! OMG, I had so many comments I wanted to post. Like the pregnancy test dispenser in the bar bathroom and the bar’s owner said “If this prevents even one child, it’s worth it!”

  37. Thunder Storm says:

    Sounds like a SQL injection.

  38. Applekid says:

    I am, however, disappointed I had to change my password from “fuckwhitey”

  39. DriveByLurker says:

    A: Because of the nature of the investigation, we cannot – at this time – share further details. Those of you who are familiar with the site will know that Consumerist, to the best of our ability, does not disclose information that could, even inadvertently, aid people who wish to do harm to consumers. We strive to be as transparent and proactive as possible with our communications…

    It was those bast@rds from {redacted}, wasn’t it? I’ll bet that they finally snapped after months of you dragging their name through the mud in every negative story.

  40. DadCooks says:

    Glad comments are back…

    However, in resetting your system you seem to have used an old profile backup as I had changed the special email address I use for Consumerist recently (about a month ago when you had your last problem, 6/25/12). I had to use my old address as the system did not recognize my changed email address.

    Also, did your security geeks check into people embedding links/redirects into their profile pictures?

    You might also consider not allowing live links to be embedded in comments, until that link is verified by a moderator.

  41. IndyJaws says:

    The hard work by the security team is greatly appreciated…nice to have you back at full strength!

  42. PunditGuy says:

    No avatar. I feel disassociated.

  43. akronharry says:

    Good to be back. It was kind of boring just being only able to read something and not being able to respond.

  44. umbriago says:

    I have to say, I missed being able to comment, and I missed reading comments, because (and this is true of only about 20% or so of sites I visit regularly) the commenters here are polite, well-informed, and often funnier than hell.

    So fine and dandy.

  45. Jane_Gage says:

    I wouldn’t solicit donations in a “sorry your computer was humped with virtual HIV” thread. It triggers the same annoyance that being upsold after complaining to an Indian call center about the service you already have does.

  46. Black Knight Rebel says:

    OMG It was Consumerist that gave me those fucking annoying viruses?!?!

    I was wondering where the hell they came from since I usually practice safe browsing. It took me a week to figure out why the hell I kept getting google redirects and why the iexplorer process kept opening up on its own.

    I think I finally cleaned it all out but man was this a needlessly stressful week or so.

    For anyone wanting a good scrubbing, my cleaning tools were as follows:
    rKiller
    Malwarebytes Anti-Malware
    SUPERAntiSpyware
    TDSSKiller
    aswMBR
    RogueKiller
    CCleaner (this one isn’t a malware/virus remover, but a generic cleaner. Use it to clean the registry, empty out temp files, and clean-wipe the “erased data” to be extra cautious)

    I’m STILL not sure that I’ve REALLY cleaned myself up but so far nothing is coming up on on scans so I’m cautiously optimistic.

    • bobosims says:

      I’m still fighting this. ran Malware Bytes, SuperAint, TDSS, asw, and CCleaner, caught a couple trojans and an installer, but I’m still getting random attempts to open IE, browser redirects, and, when I click on links in my outlook e-mail or internet shortcuts on my desktop, they all open in a new IE window but with the IE “InPrivate” functionality turned on. It’s frigging annoying, frustrating, and it’s cost me several days worth of time scanning, rescanning, uninstalling, reinstalling, etc… And yet I’m still fighting it. On my work computer (so I can’t do a clean reinstall without costing several other people each a day’s worth of time). It’s absurd.

      Consumerist.com needs to post information regarding the particular infections, clear solutions, etc… this crap about “we can’t share further details at this time” comes off as a cheap CYA solution. I get that they’re not going to give out specific info that would endanger an official law enforcement investigation, but some data needs to be shared, stat.

      I don’t normally get p*ssed at anyone (well, except maybe the idiot in the rusted pickup who pulls out in front of me in a 50 mph no-passing zone and won’t do more than 25 mph), but this nonesense has got to stop. At this point, I’m *this close* to cancelling my consumer reports subscription and washing my hands of the whole group. I get that they’re non-profit, etc… but this is absurd. Doing *something* would be better than hiding behind a veil of “we can’t say anything”.

      Thanks to black knight’s list I’m going to try the other tools that I haven’t run yet… maybe they will do the trick…

      • bbb111 says:

        “I’m still fighting this….”

        get a virus checker that boots from a CD so the machine is not booted using the infected operating system. Many of the virus checkers have this option.

        I’ve cleaned many machines this way that the installed checkers could not clean.

        • bobosims says:

          It seems that success has been had, thanks to your idea. I used the Avira rescue disc image (updated multiple times daily apparently), burned it to a CD and booted off the CD. Scan took a couple hours, but the last piece of the infection (TR/Rogue.kdv.678547) was sucessfully eliminated. It looks like (*crosses fingers and toes*) success was had! I’d recommend the Avira rescue disc image option to anyone still fighting with this.

      • Not Given says:

        http://www.bleepingcomputer.com/

        I’d just do a backup and clean reinstall, after getting cleared up. (Don’t want to backup your viruses.) I did one recently and I can’t believe how much faster everything runs. I thought I was going to need to replace my computer pretty soon. I think it will be a while, now.

        • Black Knight Rebel says:

          LOL
          That is a LAST resort option when your back is up against a wall. That’s like trying to kill a mouse by lighting your home on fire and re-building on the rubble and then commenting how how awesome it is that the walls are clean lol

          • bobosims says:

            Yes, it’s last resort. However, it is good advice for folks who’ve been using the same build for several years… windows gets corrupted enough in day-to-day operation that a clean install can breathe new life into a tired system. In my case my build is less than a year old and I’d rather not have to do a rebuild if I can help it (since it would take time away from several other folks to complete the process).

            When it comes to mice though, a flame thrower is more selective than burning the whole house… :-)

        • bobosims says:

          @Not Given: If it comes to having to do a clean install (shudder), I’m going to probably go with a product like Faronics Deep Freeze (http://www.faronics.com/standard/deep-freeze-2/) after I’ve got everything set back up. I’m using the enterprise version of Deep Freeze on a fleet of laptops that I have deployed across the country and it saves me *a lot* of time when it comes to support, etc… You have to thaw the drive whenever you make any changes and then refreeze it, but once you have it set the way you want it, you can do the thaw/update/freeze stuff on a scheduled basis).

          I’m going to do one more set of full scans once I hear some feedback (see my posts below), and if that doesn’t work I’ll go the bleepingcomputer route… thanks for the reminder about them. I just hate to add to their workload if I don’t have to…

      • Kestris says:

        “when I click on links in my outlook e-mail or internet shortcuts on my desktop, they all open in a new IE window but with the IE “InPrivate” functionality turned on. It’s frigging annoying, frustrating, and it’s cost me several days worth of time scanning, rescanning, uninstalling, reinstalling, etc… And yet I’m still fighting it.”

        That’s exactly what I went through.

        This is what we ended up having to do-(AFTER running various spyware proggies like Malwarebytes, TDSSKiller, etc)

        FROM THE MICROSOFT KNOWLEDGEBASE-

        disable In Private browsing option by adding a registry value in the computer. Here are the steps to do that:
        1. Click on Start -> All Programs -> Accessories -> Notepad

        2. Copy the text below (in bold, before the beginning of step 3) and paste it into the open notepad:

        Windows Registry Editor Version 5.00
        [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerPrivacy]
        “EnableInPrivateBrowsing”=dword:00000000

        3. Click on File and click on Save. Choose to save it on the Desktop. Change theSave as Type option to All Files and in the File Name field enterDisableInPrivateBrowsing.reg and click on Save.

        4. Close the Notepad file and double click the newly created DisableInPrivateBrowsing.reg file on your desktop. If there is a confirmation box that appears, click onYes or OK.

        5. Once it says that the information is successfully added to the registry, restart the computer once and check if In-Private browsing is off for you or not.

        • bobosims says:

          @Kestris: Bless you! I just did thsi successfully. I can’t help but think the root problem is a byproduct of the trojan infection, but at least it’s one big annoyance that I don’t have to deal with. Thank you!

          • Kestris says:

            We’re fairly certain that Happili changes the root of the InPrivate browser so it auto starts no matter if you manage to get rid of the Trojan itself.}:/

            But yes, we did this, with the intent of doing a complete wipe/reinstall if it didn’t fix it, but thankfully it did and I’ve had no issues since. Knock on wood.}:)

            • bobosims says:

              My inner engineer brain wants to know what the trojan creators found so appealing about setting the InPrivate browser function to launch… I mean, was it intentional, or was it an unintentional byproduct thanks to microsoft’s unique methods of coding/code patching/etc… there’s got to be a backstory there.

      • Black Knight Rebel says:

        It took me several scans and I discovered that sometimes when I clean up once with one scanner, if I used that same scanner again I’d find more. Very upsetting and it took me a while to feel comfortable again. I don’t use outlook (Gmail webapp) so I can’t confirm that you have the same thing I did, but hopefully my list helps.

        If you are technically inclined enough, you may also want to consider installing a Script-blocking extension to your browser so that this problem has a much lower chance of popping up again. The only issue with script-blockers is that they do in fact break your internet experience because there are many legitimate scripts that make sites functional that will become blocked. Don’t install one unless you are actually prepared to deal with that kind of hassle every day otherwise you run the risk of being double charged on your credit card on a site that uses scripts for that transaction.

        • bobosims says:

          @Black Knight Rebel: I am technically inclined… used to do virus removal/spyware removal/etc as a full time job, so I think a script blocker is probably in order. Any that you recommend? Any that are (fairly) easy to turn on and off at will?

          Also, in trying to fight this infection, I’ve run all of these scanners in regular mode and in safe mode. In both cases, after the initial discovery of two trojans (which I immediately quarantined), nothing else has come up, yet my anti-virus software continues to put up warnings when it blocks outbound internet requests (invariably a javascript extension hosted on one of several rotating servers), so that suggests that something is *still* resident somewhere. Any suggestions from your experience in a certain order, normal vs safe mode, which ones to run more than once, etc??? Anything you can offer in terms of what worked for you would be most valuable. Thanks!

          • Black Knight Rebel says:

            I’m glad you found a solution that worked for you.

            Well truth be told I tried in safe mode but even there I kept getting booted off (damn thing was forcing a shutdown immediately after reboot) so I went into my Recovery Partition and went back to the most recent restore point I made (about 2 days before I fought the infection) That Restore Point got me through the worst of it. Once back to a better position, I started doing scans in normal mode.

            I usually only go into Safemode or the Recovery Partition when the problem is desperate. Next Time I’ll also try the Avira Boot disc but for now I’m fine.

            As far as script blockers go, I’m on Firefox and I started using No Script and Ghostery. I have No Script set to block everything except sites I trust and ghostery is set to block trackers (but you can set it to do more if you want) I still let the sites run their advertising stuff but AdBlockPlus makes sure I only see ads for sites I like. In any case I only started using them recently so I’m sure I’m probably running them inefficiently at the moment but at least I know there are lots of incoming waves of crap being held at bay so I at least feel a little safer.

            • bobosims says:

              Most excellent! I’ll give those a try… it’s about time I learned something new. Thank you very much!

        • bobosims says:

          It seems that success has been had, thanks to bbb111’s idea of a bootable cd scanner utility. I went with the Avira rescue disc image (updated multiple times daily apparently), burned it to a CD and booted off the CD. Scan took a couple hours, but the last piece of the infection (TR/Rogue.kdv.678547) was sucessfully eliminated. It looks like (*crosses fingers and toes*) success was had! Probably wouldn’t hurt to do the same thing in you haven’t done so already.

    • ThatCatGuy says:

      …and yet the new password input wasn’t over ssl.

      Sigh.

    • Not Given says:

      Chrome alerted me but Superantispyware, Malwarebytes, Search & Destroy and MSE didn’t find anything.

    • Kestris says:

      Trojan.Happili got me. We think, knock on wood, we finally got rid of the damn thing.

    • Kestris says:

      TDSSKiller
      MalwareBytes
      SpyBot
      Hijackthis

      We are cautiously optimistic as well. Making a note of the others you used in case we didn’t get it all. The redirect trojan (called Trojan.Happili.XGEN) is extremely difficult to get rid of and can open backdoors to other malware and viruses that virus protection won’t detect since Happili ‘sends the virus protection to camp’ and itself can’t be detected by many virus protection programs as well.

      • bobosims says:

        I staked my hopes on TDSSKiller (based on the nature of this infection and its reputation), but thus far it’s not coughed up anything.

        MalwareBytes found the two initial trojans:
        Trojan.Happili (hiding in …AppDataLocalTemp1jfuweif.exe)
        and
        Trojan.Lameshield (hiding in …Local SettingsApplication Datawzhqsvqa.exe)

        But since then no other scanners have found everything.

        Any advice in terms of order, normal mode vs. safe mode (I’ve scanned in both with no difference/no results), etc that worked for you? I’m considering pulling the harddrive, mounting it externally, and scanning it that way so that it’s not actively running anything, but I don’t want to have anything make the jump from the external mount to the system that I’d be using to do the scanning…

        BBB111 (several comments above) suggested a bootable CD with scanners installed, and that seems like it might be a safer option than the external mounting. I’d welcome any feedback.

        • Kestris says:

          We did the scans in normal mode. Malwarebytes found Trojan.Happili, while TDSKiller found a few leftover files that had been taken over by the virus and sucessfully cleaned them off, which means we caught it early enough that it hadn’t had a chance to fully propagate.

          My external drive came up clean, so it appears to only affect the internal drive, so I don’t think you’ll have to worry about virus jumps. Pay attention to which files any scan says is suspect- some files can be legit files that Happili took over in order to hide itself, which makes it even more difficult to fully clear out if it’s been in the system long enough.

          My Trendmicro- fully updated- found nothing. What I’ve read about Trojan.Happili is that it is NOT detectable by many virus scan programs, such as McAfee or Trendmicro, which makes it even that much more destructive.

          If TDSSKiller is finding nothing after you ran Malwarebytes, chances are you caught it early enough that it hadn’t had a chance to propagate anywhere.

          • bobosims says:

            What gets me though is that I’m still getting random broswer redirects and random attempts at browser launching (my antivirus stops them and shows them to be attempts at running javascript (*.js) files from various websites… So *something* is still active… and thus far nothing is seeing it.

            Someone else here in this thread mentioned ProcMon, so I’m going to see if maybe that will show me where the requests are coming from within my system…

            • bobosims says:

              SpyHunter 4 has found another infected dll… maybe some progress. Per some reading I did on bleepingcomputer.com (though I haven’t started troubling them for personal help yet), I learned that CD/DVD drive emulators will mess with malware/trojan/rootkit scans, so I downloaded and ran their defogger utility first. Maybe that’s a useful tactic…

              • bobosims says:

                false excitement… saw SpyHunter and HitMan Pro both recommended on 2-viruses.com (a legit site). However, after running both programs scanners, both are paid products… spyhunter tried to offer me a discount after I clicked cancel, but something about paying software to remove malware just seems, well, scammy. So, back to free scanners, but with the defogger utility having been run.

            • bobosims says:

              posted this above in reply to bbb111 and Black Knight Rebel, but thought I’d put it here so that I wouldn’t leave any of my posts hanging…

              It seems that success has been had, thanks to bbb111′s idea of a bootable cd scanner utility. I went with the Avira rescue disc image (updated multiple times daily apparently), burned it to a CD and booted off the CD. Scan took a couple hours, but the last piece of the infection (TR/Rogue.kdv.678547) was sucessfully eliminated. It looks like (*crosses fingers and toes*) success was had! Probably wouldn’t hurt to do the same thing in you haven’t done so already.

  47. H3ion says:

    How can I miss you if you never go away? Welcome back.

  48. sqlrob says:

    Define “Encryption”

    Is it reversible (answer better be “no”)?
    What algorithm are you using? (answer better be one of the standard algorithms used for password hashing)
    What’s the salt length?
    Is it a high iteration count? (answer better be “yes”)

    • 180CS says:

      Remember that time that a game developer used x/2 to encrypt their MMOs packets?

      Good times….gooooood times. Now go change your passwords.

      • Kestris says:

        I changed my damn passwords everywhere because of this. I was taking no chances.

        • bobosims says:

          Yeah, I’m finally about to bit the bullet and go with a LastPass-type solution for my passwords… I’m getting tired of having to change so many of them when one of my regularly-used sites gets attacked (4 times in the past 12 months), and I can’t see the problem getting any less serious in the future.

          I’m *this close* to encasing the computer in concrete and taking up farming in some secluded, off-the-grid spot in the northwest… (and I’ve been a professional uber-geek for the past 20 years, so I should be used to this nonesense)…

          • Kestris says:

            LOL, I told my husband I’m tempted to just not go online whatsoever anymore, or one of these days he was going to come home to find my computer in the driveway in pieces.

            Becoming a Luddite is sounding better every day.

  49. snarfies says:

    PROTIP Consumerist: Security through obscurity does not work.

  50. Hayati, the wobbly says:

    YAY! :D

  51. 180CS says:

    Oh come on guys, let’s pull a Sony and maybe give everyone a free 6 month extension on consumer reports subscriptions? :D

    • bobosims says:

      yes, but you know it would then auto-renew at the full rate without warning… (speaking of things that annoy me… subscriptions that give me no other option than enrolling as auto-renew)

  52. GrillinBurgers says:

    Woohoo!

  53. dirtleg says:

    Welcome back all. Comments were missed, good humor is hard to find. Hope the issues and problems have been chased away. Twice within a month is getting a bit scary.

  54. HogwartsProfessor says:

    I didn’t mind waiting. I knew you’d get it fixed eventually. Although reading posts without commenting was kind of torture. I got around it by posting them on Facebook and commenting there. :)

  55. bitplayer says:

    You guys should just use discuss, all sites seem to use it now. That way you don’t have to deal with paswords,etc.

  56. DaveInIT says:

    The articles just didn’t seem as thorough w/out the comments section. I found myself upset when I scrolled thru an article only to find whitespace where my precious entertainme…err…comments were. :-)

    Seriously, love the site, y’all. Been reading for a few years now. Kudos for getting your issues addressed.

  57. Over the River says:

    Yes and no on Consumerist handling this whole affair.

    1. We weren’t informed there had been a breach until far too long after it happened.
    1.a. So our captured passwords are free to be used, yet we don’t know it yet.
    1.b. Any problems with malware are ours to figure out why, no help from Consumerist.

    2. We get cryptic articles hinting at a problem, but more to the point they disguised the problem which only served to throw us off.

    3. You were asking for donations while screwing us with a lack of information. Tacky, very tacky.

    4. Your Q & A leaves us with more questions than answers.
    4.a. “Q: Is my password encrypted? A: Yes” || So it wasn’t before? So it was weaker before? So it was before and we are using the same encryption as before. Your guess is as good as mine.
    4.b. “additional new security measures that we believe make it safe and secure” || “We believe” doesn’t give us a warm and fuzzy feeling. Did “we believe” it was OK before the breach?

  58. RvLeshrac says:

    Just an FYI, saying my password “was encrypted” is meaningless. Were you using ROT13 as the encryption?

  59. Mouse Tester says:

    yay… comments are back and secure access on https://consumerist.com now works! :))

  60. Fleiki says:

    What? I subscribed to Consumerist.com?

    Who knew?