Talk About Vulnerable

https://attnam.com/topics/Talk-About-Vulnerable

The Cathedral of Attnam > Website News

Show all posts
#1 Jul 6, 2011, 8:20 am Hide

capristo

Various usernames and passwords...

capristo: *****
slob: *****
Herself: *****
lampshade: *****
Blob: *****
Somagu: *****
Seriyu: *****
hihanhu: *****
Knoppi: *****
Konork: *****
Ischaldirh: *****
Full_Metal_Wolf: *****
ShinMajin: *****
Unknown_Entity: *****
covaks: *****
Battleguy: *****

//ASK ERNOMOUSE OR BORED FOR YOUR PASSWORD. IRC IS THE BEST OPTION? // -ERNOMOUSE

Please sort your security out and change ur passwords as I have access to all details such as emails etc... too, you're lucky I'm a whitehat.

p.s. I've changed the password to the account I'm using to post this message to prove a point, new password is *****

Not after causing any damage, as I say, I'm a whitehat. I'm a good guy who finds the security issue before the bad guys.

Herxode
http://twitter.com/Herxode
#2 Jul 6, 2011, 1:02 pm Hide

BDR

Fucking hell capristo, why the fuck are the passwords plaintext?!? This is the same bullshit reason that Lulzsec was able to hack all of the Sony user accounts on the Playstation Network once they got all the way in.

Also thanks, but couldn't this have been done a smidge more discreetly? Like, emails to folks with their passwords, and a note on the forums that you've gotten ahold of stuff and check your emails for the proof or something? Not that this is not a good way to get people's attention, but hell, you're posting with the admin's account which is already a pretty damn good sign shit is broke bad.
#3 Jul 6, 2011, 1:24 pm Hide

BDR-bugged

Although on the bit about being discreet, I do understand people online have a history of not giving a shit until shit breaks publically and reveals much stuff people tried to keep secure, so I don't blame you for this route - I just think people would have taken you plenty seriously if you'd done it the way I suggested above (and also because you hacked into the admin's account, which of things to take seriously is pretty damn high up there).
#4 Jul 6, 2011, 2:28 pm Hide

Somagu

aaahahahahahah holy fuck. This is what we get for using a custom forum.
#5 Jul 6, 2011, 5:59 pm Hide

BLATANTLY NOT ARCANE

That's a nice thing to remind me that this place exists.
#6 Jul 6, 2011, 7:20 pm Hide

capristo

BDR wrote
Fucking hell capristo, why the fuck are the passwords plaintext?!? This is the same bullshit reason that Lulzsec was able to hack all of the Sony user accounts on the Playstation Network once they got all the way in.

They're not plaintext. They're only encrypted using md5 which means he must've been able to use a rainbow table (this is also why only certain passwords were accessible). Now - how he got the md5 values in the first place I'm not really sure. The problem with changing the encryption algorithm is everybody will have to reset their passwords... which I guess is probably worth it now

Sorry guys.
#7 Jul 7, 2011, 12:14 am Hide

BDR-bugged

Well, I'm glad you saw this at any rate. Just get this ship fixed up and tighten the bolts that are loose so people can't retrace this guy's steps.
#8 Jul 13, 2011, 9:16 pm Hide

slob

Great. Now all my top secret plans for world domination are known. I guess transfecting the genetic pathway to produce psilocybin into all of the worlds food crops would have been pretty hard to pull off anyway.....

Well, Back to the old drawing board.