Talk About Vulnerable

Jul 6, 2011, 8:20 am
#1
Joined: Dec 2, 2007
Location: New Attnam
Interests: bananas
Posts: 2,299
Various usernames and passwords...

capristo: *****
slob: *****
Herself: *****
lampshade: *****
Blob: *****
Somagu: *****
Seriyu: *****
hihanhu: *****
Knoppi: *****
Konork: *****
Ischaldirh: *****
Full_Metal_Wolf: *****
ShinMajin: *****
Unknown_Entity: *****
covaks: *****
Battleguy: *****

//ASK ERNOMOUSE OR BORED FOR YOUR PASSWORD. IRC IS THE BEST OPTION? // -ERNOMOUSE

Please sort your security out and change ur passwords as I have access to all details such as emails etc... too, you're lucky I'm a whitehat.

p.s. I've changed the password to the account I'm using to post this message to prove a point, new password is *****

Not after causing any damage, as I say, I'm a whitehat. I'm a good guy who finds the security issue before the bad guys.

Herxode
http://twitter.com/Herxode
Jul 6, 2011, 1:02 pm
#2
Joined: Jan 11, 2008
Posts: 1,019
Fucking hell capristo, why the fuck are the passwords plaintext?!? This is the same bullshit reason that Lulzsec was able to hack all of the Sony user accounts on the Playstation Network once they got all the way in.

Also thanks, but couldn't this have been done a smidge more discreetly? Like, emails to folks with their passwords, and a note on the forums that you've gotten ahold of stuff and check your emails for the proof or something? Not that this is not a good way to get people's attention, but hell, you're posting with the admin's account which is already a pretty damn good sign shit is broke bad.
Jul 6, 2011, 1:24 pm
#3
Joined: Jul 6, 2011
Posts: 7
Although on the bit about being discreet, I do understand people online have a history of not giving a shit until shit breaks publically and reveals much stuff people tried to keep secure, so I don't blame you for this route - I just think people would have taken you plenty seriously if you'd done it the way I suggested above (and also because you hacked into the admin's account, which of things to take seriously is pretty damn high up there).
Jul 6, 2011, 2:28 pm
#4
Joined: Dec 4, 2007
Occupation: Perfect Soldier
Location: Astragius Galaxy
Interests: Fiana, Peace, Melons
Posts: 1,057
aaahahahahahah holy fuck. This is what we get for using a custom forum.
Proudly bringing disaster and mental scarring to Attnam since '05!

"You have a rather pleasant chat about finite superarmpits with Sanae the shrine maiden."

You hear distant shuffling.

The Enner Beast tells you to COOL IT!!
Jul 6, 2011, 5:59 pm
#5
skunk


Joined: Apr 28, 2010
Posts: 2
That's a nice thing to remind me that this place exists.
Jul 6, 2011, 7:20 pm
#6
Joined: Dec 2, 2007
Location: New Attnam
Interests: bananas
Posts: 2,299
BDR wrote
Fucking hell capristo, why the fuck are the passwords plaintext?!? This is the same bullshit reason that Lulzsec was able to hack all of the Sony user accounts on the Playstation Network once they got all the way in.

They're not plaintext. They're only encrypted using md5 which means he must've been able to use a rainbow table (this is also why only certain passwords were accessible). Now - how he got the md5 values in the first place I'm not really sure. The problem with changing the encryption algorithm is everybody will have to reset their passwords... which I guess is probably worth it now

Sorry guys.
Jul 7, 2011, 12:14 am
#7
Joined: Jul 6, 2011
Posts: 7
Well, I'm glad you saw this at any rate. Just get this ship fixed up and tighten the bolts that are loose so people can't retrace this guy's steps.
Jul 13, 2011, 9:16 pm
#8
Joined: Dec 2, 2007
Occupation: Big Daddy
Location: Under a pile of my own offspring
Interests: Caves
Posts: 612
Great. Now all my top secret plans for world domination are known. I guess transfecting the genetic pathway to produce psilocybin into all of the worlds food crops would have been pretty hard to pull off anyway.....

Well, Back to the old drawing board.
Jump to