#1
Jul 6, 2011, 8:20 am
Hide
Various usernames and passwords...
capristo: *****
slob: *****
Herself: *****
lampshade: *****
Blob: *****
Somagu: *****
Seriyu: *****
hihanhu: *****
Knoppi: *****
Konork: *****
Ischaldirh: *****
Full_Metal_Wolf: *****
ShinMajin: *****
Unknown_Entity: *****
covaks: *****
Battleguy: *****
//ASK ERNOMOUSE OR BORED FOR YOUR PASSWORD. IRC IS THE BEST OPTION? // -ERNOMOUSE
Please sort your security out and change ur passwords as I have access to all details such as emails etc... too, you're lucky I'm a whitehat.
p.s. I've changed the password to the account I'm using to post this message to prove a point, new password is *****
Not after causing any damage, as I say, I'm a whitehat. I'm a good guy who finds the security issue before the bad guys.
Herxode
http://twitter.com/Herxode
#2
Jul 6, 2011, 1:02 pm
Hide
Fucking hell capristo, why the fuck are the passwords plaintext?!? This is the same bullshit reason that Lulzsec was able to hack all of the Sony user accounts on the Playstation Network once they got all the way in.
Also thanks, but couldn't this have been done a smidge more discreetly? Like, emails to folks with their passwords, and a note on the forums that you've gotten ahold of stuff and check your emails for the proof or something? Not that this is not a good way to get people's attention, but hell, you're posting with the admin's account which is already a pretty damn good sign shit is broke bad.
#3
Jul 6, 2011, 1:24 pm
Hide
Although on the bit about being discreet, I do understand people online have a history of not giving a shit until shit breaks publically and reveals much stuff people tried to keep secure, so I don't blame you for this route - I just think people would have taken you plenty seriously if you'd done it the way I suggested above (and also because you hacked into the admin's account, which of things to take seriously is pretty damn high up there).
#4
Jul 6, 2011, 2:28 pm
Hide
aaahahahahahah holy fuck. This is what we get for using a custom forum.
#5
Jul 6, 2011, 5:59 pm
Hide
That's a nice thing to remind me that this place exists.
#6
Jul 6, 2011, 7:20 pm
Hide
BDR wrote
Fucking hell capristo, why the fuck are the passwords plaintext?!? This is the same bullshit reason that Lulzsec was able to hack all of the Sony user accounts on the Playstation Network once they got all the way in.
They're not plaintext. They're only encrypted using md5 which means he must've been able to use a rainbow table (this is also why only certain passwords were accessible). Now - how he got the md5 values in the first place I'm not really sure. The problem with changing the encryption algorithm is everybody will have to reset their passwords... which I guess is probably worth it now
Sorry guys.
#7
Jul 7, 2011, 12:14 am
Hide
Well, I'm glad you saw this at any rate. Just get this ship fixed up and tighten the bolts that are loose so people can't retrace this guy's steps.
#8
Jul 13, 2011, 9:16 pm
Hide
Great. Now all my top secret plans for world domination are known. I guess transfecting the genetic pathway to produce psilocybin into all of the worlds food crops would have been pretty hard to pull off anyway.....
Well, Back to the old drawing board.