Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Lila Feuer

9.3 Million Accounts Compromised In Epidemic Of Forum Hacks: Funcom, Epic, And More

Recommended Posts

Other than this being a show of force, is there anything of value being taken? Sounds like the only real threat is getting email spam.

Share this post


Link to post

I'm sure this site is "at risk." But all passwords are hashed with bcrypt, and all the private messages are encrypted with a secret key which is itself stored in a pretty secure area. So I don't think it's PARTICULARLY at risk.

Share this post


Link to post
TheCupboard said:

Forum software is so old I doubt any bots would have luck figuring out how to hack it

From what the article said, then DW is even more vulnerable.

But then again, who would want to hack into website dedicated to a game over 20 years old?

Share this post


Link to post
Voros said:

But then again, who would want to hack into website dedicated to a game over 20 years old?

If it's an automated attack, where the targets are found through Google, the attacker will not care what the forum is about.

Share this post


Link to post

The question is: do forum hacks written for versions of vBulletin that are less old than Methuselah also work with this antediluvian one? Because if the codebase has changed enough that this old forum software isn't vulnerable to the same exploits that newer versions are, then even if it isn't more robust it might be more safe anyway, in a security through obscurity sort of way.

Share this post


Link to post

I don't know about this latest rash of hacks, but I do remember a pretty significant vBulletin vulnerability from about a year ago where it relied on a bug in the JSON handling code. Joke's on them, JSON didn't even exist when this forum code was written!!

Share this post


Link to post

A few months ago there was a account breaching over at the ZDoom forums, and they almost got into my account. Luckily they didn't, and I remained safe. No one gets into my account guarded by a army of a thousand cacolanterns.

Share this post


Link to post
Sgt Ender said:

A few months ago there was a account breaching over at the ZDoom forums, and they almost got into my account. Luckily they didn't, and I remained safe. No one gets into my account guarded by a army of a thousand cacolanterns.

But that was just a brute force attack and not a flaw in the software, wasn't it?

Share this post


Link to post
boris said:

But that was just a brute force attack and not a flaw in the software, wasn't it?

Either way, it happened. And I'm pretty sure they might do it here to if given the chance.

Share this post


Link to post
Linguica said:

all the private messages are encrypted with a secret key which is itself stored in a pretty secure area.

Interesting.

Share this post


Link to post
Cacockcansukmycok said:

one word = Poodlecorp!

I dont understand hacking groups who get enjoyment from causing havoc just for the sake of it.

Share this post


Link to post
Doominator2 said:

I dont understand hacking groups who get enjoyment from causing havoc just for the sake of it.


Some people just want to watch the world burn.

Share this post


Link to post
Linguica said:

I'm sure this site is "at risk." But all passwords are hashed with bcrypt, and all the private messages are encrypted with a secret key which is itself stored in a pretty secure area. So I don't think it's PARTICULARLY at risk.


tbh, the (active) community isn't THAT big, so i don't think we'd be that big of a target.

Share this post


Link to post

Whether or not it creates havoc is one thing, they are doing the public a service regardless since they are pointing out some glaring security issues. Exposing risks and holes to the public eye is good. Many hackers do have integrity and do not want to use the information they gain for nefarious purposes.

I won't speak for these guys, but there are a lot of little hackers out there who actually make our security stronger and more flexible against brute force attacks and targeted data mining operations

Share this post


Link to post
fraggle said:

Interesting.

It's true, I've seen it. It's in a glass case with a post-it note reading "Very secret key, do not open."

Share this post


Link to post
Cyanosis said:

Some people just want to watch the world burn.


Some people just want to watch my toast burn.

Share this post


Link to post
chungy said:

It's true, I've seen it. It's in a glass case with a post-it note reading "Very secret key, do not open."

Aha - so the key inside that fake rock in the garden bed is a decoy!?

Share this post


Link to post
fraggle said:

Interesting.

Oh don't get me wrong, it's not secure by Google standards, but the file with the secret key is outside the web directory and has special permissions and so forth.

Share this post


Link to post
BrutalDoomisAwesome said:

six words = A Few Members of PoodleCorp Arrested

Actually I think the leader was arrested.

Share this post


Link to post
Linguica said:

Oh don't get me wrong, it's not secure by Google standards, but the file with the secret key is outside the web directory and has special permissions and so forth.

Don't give 'em clues!

Share this post


Link to post
Sgt Ender said:

Actually I think the leader was arrested.


It was 2 members of PoodleCorp but it's good to See Karma kicking their ass. And hopefully the other members of PoodleCorp and also Lizard Squad.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×