You can no longer keep your solutions. You will always be able to download them directly from our site. See details on the frequently asked questions page.

Wow, that's really GREAT! At last! Thank you!!!

very good=) thanks!

Actually bad news. Many people have been chosen passwords for timus considering that nothing really useful can be done if someone will get their password.

Now game rules have changed. It is now possible to exploit other's weak passwords.

Any ideas how to close this hole?

I suggest to limit number of problems solutions to which can be downloaded during some period of time.

For example, allow to get solutions for only one problem at any single day (any number of solutions to this problem may be downloaded). Needs to download own solutions are very occasional. So for any legal purpose it would be enough but this rule would be very limiting for getting all sources of another person.

I also suggest the following set of rules to increase security of dowdloading sources.

1. Complicate procedure of changing e-mail in personal settings:
 * when change of e-mail requested, letter with random confirmation code is sent to old e-mail.
 * actually change e-mail either on that code or without code but in one month from request.
2. For the first downloaded source of the day letter with random confirmation code is sent to e-mail. Getting source is possible only with this code. After this for one day it is possible to download sources without e-mail confirmation using only account password.

I think, all this is superfluous, I'm too lazy even to enter my password every time before downloading my solutions. I think, if a man wants to secure his solutions, he should just to change password to more powerful...

Yes, I've done it but there are more than 60000 acconts on Timus, and less than 0.1% of them read the forum.

It is more important for top-100 or top-1000 accounts. There are many of them with last AC year of two ago. They do not visit Timus now but their solutions are open for an attack.

It is not a question of security of solutions of single man. It is a question of security of solutions of Top-100.

Now an easy way to get to the first page of Timus ranklist appeared.

Then, to my mind, the better way of actions for admins is to automatically generate and apply strong passwords for TOP-100 - TOP-1000, and send them to authors via e-mail

Good idea.

What about the following?
1. E-mail field in user information is optional. It is impossible to change password if e-mail is not set.
2. Some e-mail do not exist anymore. It is impossible for such user to get new password.

Edited by author 24.02.2009 16:57

Interesting that there is no penalty for discovering others' judge_ids and passwords.

There is section 272 of the Criminal Code of the Russian Federation, but it is about "information protected by the law". I doubt that judge_ids and passwords fall into this definition (second link for more information).

Links to the section and comments (in Russian):
http://www.az-design.ru/Projects/AZLibrCD/Law/CrimnLaw/UKRF97/ukrf272.shtml
http://www.crime-research.ru/library/Belous3.htm

Great! =)

Thank you very much!
"My hard drive is broken, how can I restore my solutions?" - it is just about me =)

PS: 22-th of February is my birthday =)