Lila Feuer Posted August 28, 2016 https://www.rockpapershotgun.com/2016/08/27/9-3-million-accounts-compromised-in-epidemic-of-forum-hacks-funcom-epic-and-more/ I notice they bring up vBulletin. Is this site at risk? 0 Share this post Link to post
Cupboard Posted August 28, 2016 Forum software is so old I doubt any bots would have luck figuring out how to hack it 0 Share this post Link to post
Clonehunter Posted August 28, 2016 Other than this being a show of force, is there anything of value being taken? Sounds like the only real threat is getting email spam. 0 Share this post Link to post
Linguica Posted August 28, 2016 I'm sure this site is "at risk." But all passwords are hashed with bcrypt, and all the private messages are encrypted with a secret key which is itself stored in a pretty secure area. So I don't think it's PARTICULARLY at risk. 0 Share this post Link to post
Cupboard Posted August 28, 2016 this could be a bad time to ask DW for a release of its tax returns? 0 Share this post Link to post
Voros Posted August 28, 2016 TheCupboard said:Forum software is so old I doubt any bots would have luck figuring out how to hack it From what the article said, then DW is even more vulnerable. But then again, who would want to hack into website dedicated to a game over 20 years old? 0 Share this post Link to post
boris Posted August 28, 2016 Voros said:But then again, who would want to hack into website dedicated to a game over 20 years old? If it's an automated attack, where the targets are found through Google, the attacker will not care what the forum is about. 0 Share this post Link to post
Gez Posted August 28, 2016 The question is: do forum hacks written for versions of vBulletin that are less old than Methuselah also work with this antediluvian one? Because if the codebase has changed enough that this old forum software isn't vulnerable to the same exploits that newer versions are, then even if it isn't more robust it might be more safe anyway, in a security through obscurity sort of way. 0 Share this post Link to post
Linguica Posted August 28, 2016 I don't know about this latest rash of hacks, but I do remember a pretty significant vBulletin vulnerability from about a year ago where it relied on a bug in the JSON handling code. Joke's on them, JSON didn't even exist when this forum code was written!! 0 Share this post Link to post
Remilia Scarlet Posted August 28, 2016 Voros said:But then again, who would want to hack into website dedicated to a game over 20 years old? Because most people tend to reuse passwords. 0 Share this post Link to post
Quagsire Posted August 28, 2016 A few months ago there was a account breaching over at the ZDoom forums, and they almost got into my account. Luckily they didn't, and I remained safe. No one gets into my account guarded by a army of a thousand cacolanterns. 0 Share this post Link to post
boris Posted August 28, 2016 Sgt Ender said:A few months ago there was a account breaching over at the ZDoom forums, and they almost got into my account. Luckily they didn't, and I remained safe. No one gets into my account guarded by a army of a thousand cacolanterns. But that was just a brute force attack and not a flaw in the software, wasn't it? 0 Share this post Link to post
Quagsire Posted August 28, 2016 boris said:But that was just a brute force attack and not a flaw in the software, wasn't it? Either way, it happened. And I'm pretty sure they might do it here to if given the chance. 0 Share this post Link to post
fraggle Posted August 28, 2016 Linguica said:all the private messages are encrypted with a secret key which is itself stored in a pretty secure area. Interesting. 0 Share this post Link to post
Doominator2 Posted August 28, 2016 Cacockcansukmycok said:one word = Poodlecorp! I dont understand hacking groups who get enjoyment from causing havoc just for the sake of it. 0 Share this post Link to post
Lila Feuer Posted August 29, 2016 Doominator2 said:I dont understand hacking groups who get enjoyment from causing havoc just for the sake of it. Some people just want to watch the world burn. 0 Share this post Link to post
roadworx Posted August 29, 2016 Linguica said:I'm sure this site is "at risk." But all passwords are hashed with bcrypt, and all the private messages are encrypted with a secret key which is itself stored in a pretty secure area. So I don't think it's PARTICULARLY at risk. tbh, the (active) community isn't THAT big, so i don't think we'd be that big of a target. 0 Share this post Link to post
Cupboard Posted August 29, 2016 Whether or not it creates havoc is one thing, they are doing the public a service regardless since they are pointing out some glaring security issues. Exposing risks and holes to the public eye is good. Many hackers do have integrity and do not want to use the information they gain for nefarious purposes. I won't speak for these guys, but there are a lot of little hackers out there who actually make our security stronger and more flexible against brute force attacks and targeted data mining operations 0 Share this post Link to post
chungy Posted August 29, 2016 fraggle said:Interesting. It's true, I've seen it. It's in a glass case with a post-it note reading "Very secret key, do not open." 0 Share this post Link to post
CARRiON Posted August 29, 2016 Cyanosis said:Some people just want to watch the world burn. Some people just want to watch my toast burn. 0 Share this post Link to post
GreyGhost Posted August 29, 2016 chungy said:It's true, I've seen it. It's in a glass case with a post-it note reading "Very secret key, do not open." Aha - so the key inside that fake rock in the garden bed is a decoy!? 0 Share this post Link to post
Linguica Posted August 29, 2016 fraggle said:Interesting. Oh don't get me wrong, it's not secure by Google standards, but the file with the secret key is outside the web directory and has special permissions and so forth. 0 Share this post Link to post
Voros Posted August 29, 2016 Just give it to me and nothing can access it :P 0 Share this post Link to post
BrutalDoomisAwesome Posted November 8, 2016 Cacockcansukmycok said:one word = Poodlecorp! six words = A Few Members of PoodleCorp Arrested 0 Share this post Link to post
Quagsire Posted November 8, 2016 BrutalDoomisAwesome said:six words = A Few Members of PoodleCorp Arrested Actually I think the leader was arrested. 0 Share this post Link to post
kb1 Posted November 9, 2016 Linguica said:Oh don't get me wrong, it's not secure by Google standards, but the file with the secret key is outside the web directory and has special permissions and so forth.Don't give 'em clues! 0 Share this post Link to post
BrutalDoomisAwesome Posted November 9, 2016 Sgt Ender said:Actually I think the leader was arrested. It was 2 members of PoodleCorp but it's good to See Karma kicking their ass. And hopefully the other members of PoodleCorp and also Lizard Squad. 0 Share this post Link to post