Thread: Hacked?

Division by zero - Wikipedia, the free encyclopedia. Yep

On a side note; this may actually be part of something more serious than many of you realize. Sure, we're just a straight razor discussion forum. Small fries, right?
Thing is, most people (even we IT folk that supposedly know better) reuse passwords. Your password -- and email! -- you use on this site may be the same across potentially dozens of richer, higher value targets. Getting a round of passwords and email addresses for this site may in fact yield access to bank accounts, credit reports...or even high-value corporate targets.
However, the fact that they were unable to get into MY account (is there any sign they cracked anyone else's?) indicates that they failed this time and the best they could manage was to vandalize the front page. Hardly elite hacker stuff, that, but we also shouldn't be blase about the fact they targeted THIS site instead of something with potential of value.

S*hhhhh, re-using passwords is a trade seceret :-) and recaptia is not that big of a deturent anymore.

Originally Posted by DarthLord

On a side note; this may actually be part of something more serious than many of you realize. Sure, we're just a straight razor discussion forum. Small fries, right?
Thing is, most people (even we IT folk that supposedly know better) reuse passwords.

The passwords are stored encrypted with salts, so they are not accessible by hacking into an account. The database where the encrypted values are stored is also not accessible through the exploit they used to replace the homepage.

The passwords and the salts were accessible on any forum that used tapatalk last year for several months. I patched it on SRP within hours of that buggy version verified nobody had tried to access the leaked data, but tapatalk didn't fix it for a long time so many other forums were exposed without ever realizing it. Still, unencrypting passwords isn't that easy and takes resources.

The login attempts that have increased in the past few months are completely different - they are probing for weak passwords by brute force. We block these after 5 unsuccessful attempts and send notification. It happens on every forum where the login names are publicly visible from the posts, except that most forums chose not to send notification to their members and if they do the block they do it silently.
We send the email notification because it's an enhancement of the security - few people have emailed us back that they have updated their password as a result, which is a good thing.

Thanks, that's what I was expecting to see for security.
Just throwing my two cents in

Originally Posted by whoever

Thanks, that's what I was expecting to see for security.
Just throwing my two cents in

If a cracker wanted to do something, there's not much most people or institutions could do - period. A good hacker, worth his salt, you wouldn't even know they were here unless it was designed that way. A good virus is not designed to commit suicide unless it's work has been completed, but to potentially mine data and self-propagate.

Gugi has more knowledge in his toe-nail clippings than this dweeb who took down the homepage for what, two hours with a bad cut and paste job where he left his signature on it?

Originally Posted by DarthLord

On a side note; this may actually be part of something more serious than many of you realize. Sure, we're just a straight razor discussion forum. Small fries, right?
Thing is, most people (even we IT folk that supposedly know better) reuse passwords. Your password -- and email! -- you use on this site may be the same across potentially dozens of richer, higher value targets. Getting a round of passwords and email addresses for this site may in fact yield access to bank accounts, credit reports...or even high-value corporate targets.
However, the fact that they were unable to get into MY account (is there any sign they cracked anyone else's?) indicates that they failed this time and the best they could manage was to vandalize the front page. Hardly elite hacker stuff, that, but we also shouldn't be blase about the fact they targeted THIS site instead of something with potential of value.

My thoughts exactly. And about the same week (maybe two weeks later?) hackers cracked/stole emails and passwords from computers in a wing of the Whitehouse, I believe it was the press wing? I might be a little fuzzy on those details... I've slept since then lol. But thats close to what the news was saying.

Anywho. I remember the news blurb mentioned that wasn't considered a classified system, so there wasn't a risk of sensitive documents being leaked. As you said, access to that system likely wasn't the goal. They were more than likely after account info that lazy people recycle, and have access to higher level systems. For example... an I.T. guy that might manage multiple systems in the WH.

Originally Posted by Crawler

My thoughts exactly. And about the same week (maybe two weeks later?) hackers cracked/stole emails and passwords from computers in a wing of the Whitehouse, I believe it was the press wing? I might be a little fuzzy on those details... I've slept since then lol. But thats close to what the news was saying.

Anywho. I remember the news blurb mentioned that wasn't considered a classified system, so there wasn't a risk of sensitive documents being leaked. As you said, access to that system likely wasn't the goal. They were more than likely after account info that lazy people recycle, and have access to higher level systems. For example... an I.T. guy that might manage multiple systems in the WH.

Hillary Clinton and many other politicians private email servers, IMO, are a staggering breach of security IMO. Hillary Clinton, whom I quite like, as the Secretary of State of the United States of America, deleting a server full of emails, years of communications, with no ability to actually find out what she had been discussing or with who, let alone the lack of security, logs, audit trails, is absolutely beyond my comprehension that this occurred, and am surprised this isn't a major scandal in the US.

This one just baffles my mind in it's sheer stupidity and arrogance...

So you like the Hilllabeast , yet abhor her tactics? Or, do you abhor the thing and also abhor the tactics? A bit confused. Not really, though!

Originally Posted by sharptonn

So you like the Hilllabeast , yet abhor her tactics? Or, do you abhor the thing and also abhor the tactics? A bit confused. Not really, though!