Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #31  
Old 11-15-2013, 07:19 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

So they hacked vb.com and vb.org, so they could get this dudes password and hack MacRumors

Sounds to me like stealing the keys to a Chevy to drive a Ford.
Благодарность от:
Amaury
  #32  
Old 11-15-2013, 07:33 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The claim: vBulletin dot org was hacked yesterday
The evidence: Zero

Result is attached.

And right now, because we refuse to believe the religious ramblings, he is desperately trying to figure out what sites we have, to feed us to the illiterate hax0rs...
Attached Images
File Type: gif BSFLAG.GIF (8.7 KB, 0 views)
  #33  
Old 11-15-2013, 07:49 PM
motorhaven motorhaven is offline
 
Join Date: Jul 2002
Posts: 56
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Max Taxable View Post
Since you believe this so strongly, almost religiously and without a shred of actual proof - I am sure you bought the illiterate script kiddie's "patch" and installed it, right?

Did it occur to you the "patch" when installed, is actually the exploit? It's called "social engineering" and it's a tried and true form of "hacking."
Put away your lame assumptions about someone's experience and your weak lessons before you embarrass yourself. I know what social engineering is - I was dealing with people doing that stuff back in the 1980s, when I wasn't busy coding in assembler. That was well before I started one of the first enthusiast groups on the Internet.

Quote:
Interesting you believe the MacRumors claim, but dismiss Paul's claim. One of them fits your paranoid rant, the other doesn't.
Macrumors has nothing to gain by saying they were hacked. They have credibility to lose, as a matter of fact.
  #34  
Old 11-15-2013, 07:51 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by motorhaven View Post
Put away your lame assumptions about someone's experience and your weak lessons before you embarrass yourself. I know what social engineering is - I was dealing with people doing that stuff back in the 1980s, when I wasn't busy coding in assembler. That was well before I started one of the first enthusiast groups on the Internet.

Macrumors has nothing to gain by saying they were hacked. They have credibility to lose, as a matter of fact.
And we still have ZERO evidence that vB dot org was hacked, as you claimed.

You never answered the question either. DID you buy the "patch" from the illiterate script kiddies and install it? If not, why are you promoting it?
  #35  
Old 11-15-2013, 08:53 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by motorhaven View Post
You aren't paying attention to what I said. The password to Macrumors to was obtained BECAUSE VB.com was hacked. Once someone obtains access to a vb database it doesn't take much computational power to crack the passwords. MD5 password protection is weak. It's been a known weak hash method since 1996, and more weaknesses found in 2004.
Someone needs to chill pill. Stop posting crap like this your just making it worse for yourself
Благодарность от:
SPEEDKILLZ
  #36  
Old 11-15-2013, 08:55 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by motorhaven View Post
The crackers used the VB database to get a password to a person who is a moderator on MacRumors. They then used to this to hack MacRumors because the moderator used the same password on both sites. MacRumors admitted to the hack. Or are they just making it up too?
Where exactly have MacRumors admitted that they were hacked because (1) A moderator used the same password on vb.com and their site, (2) Assuming they cracked the password from vb.com, this moderator account was used to hack them ?
2 благодарности(ей) от:
Amaury, Simon Lloyd
  #37  
Old 11-16-2013, 10:39 AM
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Location: PopCulturalReferenceLand
Posts: 5,171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by motorhaven View Post
Again, I ask... why the silence? This explains why the VB.org site was mysteriously down last night!
So you believe that vB.org and vB.com were hacked, going by the time stamp on your post, Thursday.


Quote:
Originally Posted by motorhaven View Post
2. It happened at the same time both VB.com and VB.org sites were mysteriously down.
And at the same time as MacRumors.


Quote:
Originally Posted by motorhaven View Post
Test QA system or not the screen shots show access to vb.org, vb.com, flyertalk and 5series.net information. What exposure did users of these forums have?
And into a vBulletin 3 site using a vBulletin 4 exploit.


Quote:
Originally Posted by motorhaven View Post
The crackers used the VB database to get a password to a person who is a moderator on MacRumors. They then used to this to hack MacRumors because the moderator used the same password on both sites. MacRumors admitted to the hack. Or are they just making it up too?
Quote:
Originally Posted by motorhaven View Post
You aren't paying attention to what I said. The password to Macrumors to was obtained BECAUSE VB.com was hacked. Once someone obtains access to a vb database it doesn't take much computational power to crack the passwords. MD5 password protection is weak. It's been a known weak hash method since 1996, and more weaknesses found in 2004.
Then they used the information they hacked from vBulletin.org Thursday, to hack into MacRumors....on Monday????


Either the hackers are time travellers or, as was repeatedly stated, hacking had nothing to do with .com and .org being down last night. Which would explain how you get into a vB3 site using a vB4 exploit. You don't.

You can see where this information all seems kinda suspicious, especially since MacRumors says they were hacked in a similar manner to the way Ubuntu Forums was hacked. And Ubuntu Forums was hacked in July. Again, there's no suspicious timing with vBulletin being down yesterday that coincides with either of these forums being hacked. In both cases, a moderator/administrator having their personal accounts hacked. Why would you need to hack vB.com and vB.org .... to hack a completely different website in the exact same manner? To borrow from ozzy's analogy, that's stealing the keys to the Chevy. Hot wiring the Ford. Then saying the Chevy made me do it. It doesn't make a lick of sense.
3 благодарности(ей) от:
Max Taxable, ozzy47, Simon Lloyd
  #38  
Old 11-16-2013, 11:07 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Unfortunately there IS some evidence about macrumours here http://www.informationweek.com/secur.../d-id/1112235? and their admission here http://www.macrumors.com/2013/11/12/...security-leak/ although i see no evidence of any vb hacking!
Quote:
Originally Posted by informationweek.com
In the case of MacRumors, however, lol said that the vBulletin software wasn't to blame for the breach, saying instead that "the fault lied within a single moderator." That suggests that a MacRumors moderator chose an insecure password, which lol either guessed, or matched using a dictionary attack, which attempts to guess passwords by using an exhaustive list of likely matches.
Благодарность от:
ozzy47
  #39  
Old 11-16-2013, 11:13 AM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you read in that first link you posted, http://www.informationweek.com/secur.../d-id/1112235? this is what the hacker said.

Quote:
In the case of MacRumors, however, lol said that the vBulletin software wasn't to blame for the breach, saying instead that "the fault lied within a single moderator." That suggests that a MacRumors moderator chose an insecure password, which lol either guessed, or matched using a dictionary attack, which attempts to guess passwords by using an exhaustive list of likely matches.
  #40  
Old 11-16-2013, 11:33 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

lol already posted that in my post :-)
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:17 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08046 seconds
  • Memory Usage 2,306KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (12)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (10)post_thanks_box
  • (8)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_attachment
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete