You are not logged in. Please login or register.
Active topics Unanswered topics
Pages 1
You must login or register to post a reply
- Registered: 2007-01-08
- Posts: 2
Topic: hacKeD??
hey guys.. I just found a very serious bug in your site, and it helped me dumping the whole database of nextepisode, including forum's. I just want to make sure you guys are running it secure.. for P.O.C [img removed by santah / showing private emails] cracked passwds just for fun, nothing harmed [img removed by santah / showing parts of passwords] I want you guys to fix this bug, and I can help you in it. I'm not harming anything, and I won't be. and yeah, this is not my account here, just stole it from database. for contact: [email protected]
- Sleuteltje
- Member
- Offline
- Registered: 2010-07-28
- Posts: 155
Re: hacKeD??
Okay, it's a good thing to find weaknesses so they can be fixed. But it could lead to a lot of visitor loss for a website. Isn't it better to discuss these sort of things directly with the admin instead of posting it here? I think users should know that their data has been in other hands. But shouldn't the admin of the site get a chance to break the news? I for one am happy that this happened if that means the site will be safe from this kind of stuff in the future and nothing harmful has been done. Or is this some hoax? How come no one has responded to this yet?
3 Reply by Keisu 2014-03-20 02:43:51 (edited by Keisu 2014-03-20 02:47:39)
- Registered: 2007-11-05
- Posts: 1,078
Re: hacKeD??
Probably no hoax. It's common enough. It's easy to miss security flaws when developing even if you are security aware.
- santah
- Administrator
- Offline
- Registered: 2005-10-18
- Posts: 7,316
Re: hacKeD??
I'm on it. I contacted the guy, will let you guys know once I have more info.
- Katy
- Member
- Offline
- From: Middlesbrough, England
- Registered: 2010-04-06
- Posts: 1,691
Re: hacKeD??
I can't believe we were hacked, I thought we lived in a TV bubble where we were safe
6 Reply by RoboticMonkey 2014-03-20 19:20:47 (edited by RoboticMonkey 2014-03-20 19:21:34)
- RoboticMonkey
- ex madboobs
- Offline
- From: Amsterdam
- Registered: 2007-07-20
- Posts: 839
Re: hacKeD??
Oh dear now i must change my 7 years old password
- madcodE
- Member
- Offline
- From: United Kingdom
- Registered: 2014-03-19
- Posts: 5
Re: hacKeD??
Keisu wrote:Probably no hoax. It's common enough. It's easy to miss security flaws when developing even if you are security aware.
true story!. there is nothing secure on the internet, and Humans make mistakes
santah wrote:I'm on it. I contacted the guy, will let you guys know once I have more info.
Well Thanks for contacting me in regards to this. and I'm glad that you take it positively mate!. Katy wrote:I can't believe we were hacked, I thought we lived in a TV bubble where we were safe
Sir, Don't believe it, You should keep enjoying in your super cool fantasy World!, You are Awesome. I apologize I bothered You!!!!. Mr Sonah, You Admin is a cool guy, madboobs wrote:Oh dear now i must change my 7 years old password
7 years Old password? Really :-o :-o... Oh dear, You should have changed it 6 years 11 months earlier, A password is a thing you should always keep updated. at least once in a month.
never mess with a guy who has root on your b0x. http://sqligods.com
- santah
- Administrator
- Offline
- Registered: 2005-10-18
- Posts: 7,316
Re: hacKeD??
So, that's our hacker guy right here (pointing to the post above) To update: We exchanged a couple of emails. What he said pretty much confirmed what I was able to discover from my logs: - only the forum user data was dumped, site accounts and other data weren't downloaded at all (and even if they were, they have stronger protection than the forum accounts) - forum user passwords are crackable (even though they ain't plaintext) so you should change 'em - the flaw that allowed for the attack was what I thought it was and is fixed. That doesn't mean we're safe forever, and I'll try and find other similarly vulnerable points on the site in the coming days. Basically, the guy who attacked us ain't evil, and we're a bit safer after this. Change your passwords, but you have to do it anyway, so it's a good excuse
- Katy
- Member
- Offline
- From: Middlesbrough, England
- Registered: 2010-04-06
- Posts: 1,691
Re: hacKeD??
madboobs wrote:Oh dear now i must change my 7 years old password
Same here well 4 year forum password, I was late to the forums
- Wizard
- Administrator
- Offline
- From: England
- Registered: 2006-02-16
- Posts: 2,577
Re: hacKeD??
I only changed my 3 months ago. Oh well. I don't even know what my password is. I do know its a randomly generated 32 character one.
DRM "manages access" in the same way that Prison "manages freedom". http://xkcd.com/488/
- Registered: 2013-11-04
- Posts: 174
Re: hacKeD??
I probably shouldn't admit this, especially since my password's already out there, but I use similar passwords for everything, and probably haven't changed it in over a decade. I figure what's more likely, someone breaks into my house and finds this months list of passwords since I can't remember them all, or someone picks me out of an list of users from an insecure database, somehow figures out where else I've been, and manages to guess the way I alter the 'base password' for each site? I haven't got anything worth stealing anyway.
- xzeal
- Member
- Offline
- From: Estonia
- Registered: 2007-07-02
- Posts: 393
Re: hacKeD??
PaulBags wrote:I haven't got anything worth stealing anyway.
I thought so too, until my e-mail account started sending spam everywhere. Now I use 4 passwords, 1 for not important websites, 1 for fishy websites, 1 for important ones and a variation of 1 for paypal, online banking etc.
- pablo-pancho
- Not really a Cylon
- Offline
- From: Caprica City :)
- Registered: 2008-11-06
- Posts: 406
Re: hacKeD??
I used to have 3 passwords: 1. supereasy generic password for not important websites 2. medium password for the sites that required more secure phrase 3. long and hard to guess yet still easy to memorize for more important sites Then I started using lastpass. Very useful, free extension for all major browsers. It can generate secure passwords and remembers them for you and syncs them among your devices. All you have to remember is the master password. Now more and more of my passwords are complying with reasonable security standards.
- Wizard
- Administrator
- Offline
- From: England
- Registered: 2006-02-16
- Posts: 2,577
Re: hacKeD??
pablo-pancho wrote:Then I started using lastpass. Very useful, free extension for all major browsers. It can generate secure passwords and remembers them for you and syncs them among your devices. All you have to remember is the master password. Now more and more of my passwords are complying with reasonable security standards.
I use 1Password, its a paid for app, but does the same thing So much better
DRM "manages access" in the same way that Prison "manages freedom". http://xkcd.com/488/
- bamuel
- Rock Star
- Offline
- From: Bristol, England
- Registered: 2007-06-27
- Posts: 512
Re: hacKeD??
12345, thats amazing, i have the same combination on my luggage.
"city morgue, you kill em, we chill em"
- Gargamel
- Member
- Offline
- From: Canada
- Registered: 2009-12-07
- Posts: 25
Re: hacKeD??
So it's possible that someone (a "hacker") could log in as me....Gargamel, and change my favourite shows to reality tv trash and Honey Boo-Boo, that's diabolical!!!!!
17 Reply by madcodE 2014-03-22 13:31:08 (edited by madcodE 2014-03-22 13:32:46)
- madcodE
- Member
- Offline
- From: United Kingdom
- Registered: 2014-03-19
- Posts: 5
Re: hacKeD??
well its not really a good idea to use some app or extensions to save your passwords. you might have no idea how dangerous it could be. The application might be saving your passwords and other personal information and sending it to someone else. Why I'm telling you guys about it and How come I know about this things, because probably a year ago, I coded an application like this which was already connected with a back end database (won't mention name here but I had put it offline). So, Just not trust any applications like password wallets ./madcodE
never mess with a guy who has root on your b0x. http://sqligods.com
- Sleuteltje
- Member
- Offline
- Registered: 2010-07-28
- Posts: 155
Re: hacKeD??
Gargamel wrote:So it's possible that someone (a "hacker") could log in as me....Gargamel, and change my favourite shows to reality tv trash and Honey Boo-Boo, that's diabolical!!!!!
If i was logged in as you i would only change your avatar to Gargamel of the tv show The Smurfs .
- xzeal
- Member
- Offline
- From: Estonia
- Registered: 2007-07-02
- Posts: 393
Re: hacKeD??
I am just going to throw this here: https://www.youtube.com/watch?v=8ZtInClXe1Q Pretty good overview on how passwords are stored for the laymen.
- fredmxm354
- Server Dude
- Offline
- From: UK, Coventry
- Registered: 2007-10-07
- Posts: 247
Re: hacKeD??
Thing I don't get is why people still use the term "password", I've had 'pass phrases' for years, and it changes with every single site I'm a member of... One of the best things I've seen for secured 'passwords' its to have it in three sections (obviously some sites don't allow a part of this which is annoying) 1) A few words culminating in a short sentence, using upper and lower case alpha numeric symbols, something meaningful to you. 2) A forward slash, hyphen or other dividing character (supported by the site you're on that is). 3) A site specific suffix (never reused anywhere else), mix upper and lower case letters and use numbers here too. So you end up with something like; Cr33persRea11yL0veM3/MC If this were a real password I'd have used it for a mojang account for example... change the /MC to /hml for hotmail for example and so on... Using this style of password I've never had a hijacked account... Just a thought for people who may be wanting to change passwords regarding this.
- Daemonius
- ...he knows.
- Offline
- From: Finland
- Registered: 2008-02-25
- Posts: 6,557
Re: hacKeD??
The password that I mostly use has two words that have no realtion to eachother with one of the letters replaced with a number plus a special charachter. For example 'HammerCarr0t@' or 'T0matoPenci1l!' If I were to use a more complex password I would have to keep a log of them in a book near my pc...
...where did I put that rat's ass I could give?
Daemons are benevolent or benign nature spirits, beings of the same nature as both mortals and gods, similar to ghosts, chthonic heroes, spirit guides, forces of nature or the gods themselves.
- xrnzaaas
- Member
- Offline
- From: Scranton
- Registered: 2008-08-04
- Posts: 6,055
Re: hacKeD??
My only question is - who hacked publichd? It's my favorite site for free torrents.
Posts: 22
Pages 1
You must login or register to post a reply
|