The claim: vBulletin dot org was hacked yesterday
The evidence: Zero
Result is attached.
And right now, because we refuse to believe the religious ramblings, he is desperately trying to figure out what sites we have, to feed us to the illiterate hax0rs...
Since you believe this so strongly, almost religiously and without a shred of actual proof - I am sure you bought the illiterate script kiddie's "patch" and installed it, right?
Did it occur to you the "patch" when installed, is actually the exploit? It's called "social engineering" and it's a tried and true form of "hacking."
Put away your lame assumptions about someone's experience and your weak lessons before you embarrass yourself. I know what social engineering is - I was dealing with people doing that stuff back in the 1980s, when I wasn't busy coding in assembler. That was well before I started one of the first enthusiast groups on the Internet.
Quote:
Interesting you believe the MacRumors claim, but dismiss Paul's claim. One of them fits your paranoid rant, the other doesn't.
Macrumors has nothing to gain by saying they were hacked. They have credibility to lose, as a matter of fact.
Put away your lame assumptions about someone's experience and your weak lessons before you embarrass yourself. I know what social engineering is - I was dealing with people doing that stuff back in the 1980s, when I wasn't busy coding in assembler. That was well before I started one of the first enthusiast groups on the Internet.
Macrumors has nothing to gain by saying they were hacked. They have credibility to lose, as a matter of fact.
And we still have ZERO evidence that vB dot org was hacked, as you claimed.
You never answered the question either. DID you buy the "patch" from the illiterate script kiddies and install it? If not, why are you promoting it?
You aren't paying attention to what I said. The password to Macrumors to was obtained BECAUSE VB.com was hacked. Once someone obtains access to a vb database it doesn't take much computational power to crack the passwords. MD5 password protection is weak. It's been a known weak hash method since 1996, and more weaknesses found in 2004.
Someone needs to chill pill. Stop posting crap like this your just making it worse for yourself
The crackers used the VB database to get a password to a person who is a moderator on MacRumors. They then used to this to hack MacRumors because the moderator used the same password on both sites. MacRumors admitted to the hack. Or are they just making it up too?
Where exactly have MacRumors admitted that they were hacked because (1) A moderator used the same password on vb.com and their site, (2) Assuming they cracked the password from vb.com, this moderator account was used to hack them ?
Again, I ask... why the silence? This explains why the VB.org site was mysteriously down last night!
So you believe that vB.org and vB.com were hacked, going by the time stamp on your post, Thursday.
Quote:
Originally Posted by motorhaven
2. It happened at the same time both VB.com and VB.org sites were mysteriously down.
And at the same time as MacRumors.
Quote:
Originally Posted by motorhaven
Test QA system or not the screen shots show access to vb.org, vb.com, flyertalk and 5series.net information. What exposure did users of these forums have?
And into a vBulletin 3 site using a vBulletin 4 exploit.
Quote:
Originally Posted by motorhaven
The crackers used the VB database to get a password to a person who is a moderator on MacRumors. They then used to this to hack MacRumors because the moderator used the same password on both sites. MacRumors admitted to the hack. Or are they just making it up too?
Quote:
Originally Posted by motorhaven
You aren't paying attention to what I said. The password to Macrumors to was obtained BECAUSE VB.com was hacked. Once someone obtains access to a vb database it doesn't take much computational power to crack the passwords. MD5 password protection is weak. It's been a known weak hash method since 1996, and more weaknesses found in 2004.
Then they used the information they hacked from vBulletin.org Thursday, to hack into MacRumors....on Monday????
Either the hackers are time travellers or, as was repeatedly stated, hacking had nothing to do with .com and .org being down last night. Which would explain how you get into a vB3 site using a vB4 exploit. You don't.
You can see where this information all seems kinda suspicious, especially since MacRumors says they were hacked in a similar manner to the way Ubuntu Forums was hacked. And Ubuntu Forums was hacked in July. Again, there's no suspicious timing with vBulletin being down yesterday that coincides with either of these forums being hacked. In both cases, a moderator/administrator having their personal accounts hacked. Why would you need to hack vB.com and vB.org .... to hack a completely different website in the exact same manner? To borrow from ozzy's analogy, that's stealing the keys to the Chevy. Hot wiring the Ford. Then saying the Chevy made me do it. It doesn't make a lick of sense.
In the case of MacRumors, however, lol said that the vBulletin software wasn't to blame for the breach, saying instead that "the fault lied within a single moderator." That suggests that a MacRumors moderator chose an insecure password, which lol either guessed, or matched using a dictionary attack, which attempts to guess passwords by using an exhaustive list of likely matches.
In the case of MacRumors, however, lol said that the vBulletin software wasn't to blame for the breach, saying instead that "the fault lied within a single moderator." That suggests that a MacRumors moderator chose an insecure password, which lol either guessed, or matched using a dictionary attack, which attempts to guess passwords by using an exhaustive list of likely matches.