twitter google

Possible Trouble with UFC Fight Pass

Possible Trouble with UFC Fight Pass

It was heralded as all kinds of awesome when it debuted, but now that the dust has settle a bit, reviews are mixed on the UFC’s new online subscription network UFC Fight Pass. But while opinions can vary, one thing that remains constant is web security – i.e., the safeguards put in place to make sure whatever login info you entered to join a particular site isn’t stolen by hackers. And according to Iain Kidd at BloodyElbow, UFC Fight Pass may be dropping the ball in that aspect.

Kidd has a background in web development, and after some investigating, he noticed flaws in how the site’s passwords are stored.

To elaborate, what usually happens when you set a password for a website is that password is encrypted and/or hashed; it’s turned into a string of numbers and letters much longer than your original password through a cryptographic process. The server never actually stores your password; it only ever stores this string of numbers and letters, and if someone gets access to the server they have to be able to crack this encryption to see your original password. UFC.TV simply has your unencrypted password stored somewhere. It’s possible the passwords are encrypted, and the UFC also stores & uses the decryption key on the server. This means anyone with access to the server can decrypt your password anyway, though, making it pointless from a security standpoint.

If that sounds like a lot of technical mumbo-jumbo and you’re not sure what the worst-case scenario could be, Kidd explains.

Hackers love it when sites do this, because it allows them to create and sell huge ‘dumps’ of emails with matching passwords. Unscrupulous groups then buy these dumps, and start trying that combination anywhere an email address is used as a login name. Do you use the same password for your PayPal account? Your Xbox live account? Your Amazon account? Hackers could now have access to accounts they can use to purchase things using your credit cards, all because one site didn’t properly protect your password; UFC.TV.

Hopefully, UFC Fight Pass evolves a bit more and this situation is addressed. Otherwise, there could be a lot of unhappy UFC fans out there.

 

 

Follow MMAConvert

Fight Cards

Bellator 185: Mousasi vs. Shlemenko

Event Date: October 20, 2017
Broadcast: Spike

UFC Fight Night 118: Cerrone vs. Till

Event Date: October 21, 2017
Broadcast: TBD

UFC Fight Night 119: Brunson vs. Machida

Event Date: October 28, 2017
Broadcast: TBD

Bellator 186: Bader vs. Vassell

Event Date: November 3, 2017
Broadcast: Spike

UFC 217: Bisping vs. St-Pierre

Event Date: November 4, 2017
Broadcast: PPV, Fox Sports 1, UFC Fight Pass

Bellator 187: McKee vs. Moore

Event Date: November 10, 2017
Broadcast: Spike