twitter google

Possible Trouble with UFC Fight Pass

Possible Trouble with UFC Fight Pass

It was heralded as all kinds of awesome when it debuted, but now that the dust has settle a bit, reviews are mixed on the UFC’s new online subscription network UFC Fight Pass. But while opinions can vary, one thing that remains constant is web security – i.e., the safeguards put in place to make sure whatever login info you entered to join a particular site isn’t stolen by hackers. And according to Iain Kidd at BloodyElbow, UFC Fight Pass may be dropping the ball in that aspect.

Kidd has a background in web development, and after some investigating, he noticed flaws in how the site’s passwords are stored.

To elaborate, what usually happens when you set a password for a website is that password is encrypted and/or hashed; it’s turned into a string of numbers and letters much longer than your original password through a cryptographic process. The server never actually stores your password; it only ever stores this string of numbers and letters, and if someone gets access to the server they have to be able to crack this encryption to see your original password. UFC.TV simply has your unencrypted password stored somewhere. It’s possible the passwords are encrypted, and the UFC also stores & uses the decryption key on the server. This means anyone with access to the server can decrypt your password anyway, though, making it pointless from a security standpoint.

If that sounds like a lot of technical mumbo-jumbo and you’re not sure what the worst-case scenario could be, Kidd explains.

Hackers love it when sites do this, because it allows them to create and sell huge ‘dumps’ of emails with matching passwords. Unscrupulous groups then buy these dumps, and start trying that combination anywhere an email address is used as a login name. Do you use the same password for your PayPal account? Your Xbox live account? Your Amazon account? Hackers could now have access to accounts they can use to purchase things using your credit cards, all because one site didn’t properly protect your password; UFC.TV.

Hopefully, UFC Fight Pass evolves a bit more and this situation is addressed. Otherwise, there could be a lot of unhappy UFC fans out there.

 

 

Follow MMAConvert

Fight Cards

UFC Fight Night 96: Lineker vs. Dodson

Event Date: October 1, 2016
Broadcast: Fox Sports 1, UFC Fight Pass

UFC 204: Bisping vs. Henderson 2

Event Date: October 8, 2016
Broadcast: PPV, Fox Sports 1, UFC Fight Pass

UFC Fight Night 97: Lamas vs. Penn

Event Date: October 15, 2016
Broadcast: UFC Fight Pass

Bellator 162

Event Date: October 21, 2016
Broadcast: Spike TV

The Ultimate Fighter: Latin America 3 Finale

Event Date: November 5, 2016
Broadcast: TBD

Bellator 163: Koreshkov vs. Lima

Event Date: November 11, 2016
Broadcast: Spike Sports