| Pages:
1
2
3
4
5
6
7 |
gdflp
Super Moderator
Posts: 1320
Registered: 14-2-2014
Location: NY, USA
Member Is Offline
Mood: Staring at code
|
|
Back in control of my account. Thanks woelen!
|
|
|
Lambda-Eyde
National Hazard
Posts: 857
Registered: 20-11-2008
Location: Norway
Member Is Offline
Mood: Cleaved
|
|
Quote: Originally posted by elementcollector1  | | Alright, thanks for getting me back in on the action. Remind me - what's his IRC name? I'll see if I ever had any contact - which I doubt, but still.
|
He mostly went under "Manifest" on the channel AFAIK.
This just in: 95,5 % of the world population lives outside the USA
You should really listen to ABBAPlease drop by our IRC channel: #sciencemadness @ irc.efnet.org
|
|
|
DrAldehyde
Hazard to Self
Posts: 82
Registered: 12-1-2014
Member Is Offline
Mood: No Mood
|
|
It was interesting reading through those chat logs. Really helps develop a sense of personality, what drives people, the chips on their shoulders.
Also serves to remind how everything we do online is documented. Glad the admins were able to catch this, hopefully somebody will get a spanking.
|
|
|
arkoma
Redneck Overlord
Posts: 1761
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline
Mood: украї́нська
|
|
I see Manifest has a "kewl" shiny new forum title LMFAO.
"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social
status, nationality, citizenship, etc" z-lib
|
|
|
The Volatile Chemist
International Hazard
Posts: 1981
Registered: 22-3-2014
Location: 'Stil' in the lab...
Member Is Offline
Mood: Copious
|
|
You got a pretty great one too  Wish I had a personality or sumptin to put up
there, but oh well... :/
[Edited on 8-13-2014 by The Volatile Chemist]
[Edited on 8-13-2014 by The Volatile Chemist]
|
|
|
forgotpassword
Harmless
Posts: 47
Registered: 12-8-2014
Member Is Offline
Mood: No Mood
|
|
I'm sorry SM, I am Manifest or that guy from Derry.
/root/ was a way to identify who's account had an email change after a successful bruteforce, unfortunately people caught on...
Believe it or not my intentions were good, my plan was to maybe take over an admin account and on the front page post about the security flaw and then
inform Polverone as a joke.
If you don't believe me I have informed Polverone about a security flaw in the past.
|
|
|
arkoma
Redneck Overlord
Posts: 1761
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline
Mood: украї́нська
|
|
| Quote: Originally posted by forgotpassword | I'm sorry SM, I am Manifest or that guy from Derry.
/root/ was a way to identify who's account had an email change after a successful bruteforce, unfortunately people caught on...
Believe it or not my intentions were good, my plan was to maybe take over an admin account and on the front page post about the security flaw and then
inform Polverone as a joke.
If you don't believe me I have informed Polverone about a security flaw in the past.
|
Boy, have you got BALLS
Edit--and that is NOT a compliment
[Edited on 8-13-2014 by arkoma]
"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social
status, nationality, citizenship, etc" z-lib
|
|
|
forgotpassword
Harmless
Posts: 47
Registered: 12-8-2014
Member Is Offline
Mood: No Mood
|
|
It is what it is.
This really did backfire on me, I wasn't planning anything malicious, I was just going to have fun before telling Polverone.
I really, really really must commend Polverone, he is a fantastic admin and his detective work regarding that server and everything else, the IRC logs
is just brilliant, I wanted to see how long it would go on before he got me.
I must emphasise that I did not mean any malice by this, I was just dicking about.
I'm sorry arkoma.
|
|
|
Loptr
International Hazard
Posts: 1347
Registered: 20-5-2014
Location: USA
Member Is Offline
Mood: Grateful
|
|
| Quote: Originally posted by forgotpassword | I'm sorry SM, I am Manifest or that guy from Derry.
/root/ was a way to identify who's account had an email change after a successful bruteforce, unfortunately people caught on...
Believe it or not my intentions were good, my plan was to maybe take over an admin account and on the front page post about the security flaw and then
inform Polverone as a joke.
If you don't believe me I have informed Polverone about a security flaw in the past.
|
The intention of white/grey hat hacking is not to cause embarrassment to the staff and administrators. If you find something, it is not responsible
for you to go making changes to members accounts, or the site. If you were in the USA, you could be brought under charges of computer misuse and
fraud.
I used to be a staff member at GSO, but have since moved on to bigger and better things, and a family.
[Edited on 13-8-2014 by Loptr]
[Edited on 13-8-2014 by Loptr]
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
Where/how did you hide the iframe? I have scoured recent posts looking for suspicious iframes and turned up nothing. Was the iframe sandbox code on a
third party site, or right here in a post on the forum? If you had a clever way of obfuscating the iframe sandbox loading that is worth knowing as
much as how the attack itself worked (which I think I have sussed out by now -- and it also explains why certain habits of mine made me invulnerable
to your implementation).
PGP Key and corresponding e-mail address
|
|
|
arkoma
Redneck Overlord
Posts: 1761
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline
Mood: украї́нська
|
|
Accepted.
Think of the WORK it caused--Polverone has a REAL JOB, earning money to live on, and had to muck around figuring this out.
"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social
status, nationality, citizenship, etc" z-lib
|
|
|
DrAldehyde
Hazard to Self
Posts: 82
Registered: 12-1-2014
Member Is Offline
Mood: No Mood
|
|
Round of forum applause for Polverone, for fending off the attack and then flushing the culprit out. As to the guilty party pleading mercy, hmm, if
you ever watch sentencing in court, you would know that the guilty are always the most repentant once they are caught.
|
|
|
The Volatile Chemist
International Hazard
Posts: 1981
Registered: 22-3-2014
Location: 'Stil' in the lab...
Member Is Offline
Mood: Copious
|
|
So Manifest, I recommend changing your SSH port... 22 is NOT a good place for it. And I always knew forgottenpassword was was a malicious guy... Now I
have proof...
|
|
|
elementcollector1
International Hazard
Posts: 2684
Registered: 28-12-2011
Location: The Known Universe
Member Is Offline
Mood: Molten
|
|
While I appreciate the intention? Don't hack my account. It ain't fun or fair to be blocked from the forum for a few days after returning
from a trip.
Elements Collected:52/87
Latest Acquired: Cl
Next in Line: Nd
|
|
|
forgotpassword
Harmless
Posts: 47
Registered: 12-8-2014
Member Is Offline
Mood: No Mood
|
|
| Quote: Originally posted by The Volatile Chemist | | So Manifest, I recommend changing your SSH port... 22 is NOT a good place for it. And I always knew forgottenpassword was was a malicious guy... Now I
have proof... |
Sorry elementcollector, your account wasn't hacked, just the email and location changed but I am sorry.
Port 22 is the default port and if changed a port scanner will pick up a new port anyway.
Forgottenpassword is innocent, he's not malicious(that I know of) he isn't me.
I am 'forgotpassword'
You can't bruteforce that IP address, you will be blocked out after 5 failed attempts and have your IP banned.
That's not my router btw that's a VPS.
[Edited on 13-8-2014 by forgotpassword]
|
|
|
Texium
Administrator
Posts: 4508
Registered: 11-1-2014
Location: Salt Lake City
Member Is Offline
Mood: PhD candidate!
|
|
That isn't forgottenpassword,
that's FORGOTpassword, which was an account created yesterday. Not the same person. So good job Volatile, you just insulted an innocent member of the
forum! 
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
After you have finished initial server configuration, use public key authentication for SSH and disable password based authentication altogether. Any
password that's strong enough to trust is too hard to memorize anyway, so you might as well resign yourself to needing a stored key instead of a
memorized word to log in.
I'm still waiting to hear about where the iframe sandbox was hidden, if you're really contrite and want to help clean up the mess you made.
PGP Key and corresponding e-mail address
|
|
|
arkoma
Redneck Overlord
Posts: 1761
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline
Mood: украї́нська
|
|
| Quote: Originally posted by zts16 | | That isn't forgottenpassword,
that's FORGOTpassword, which was an account created yesterday. Not the same person. So good job Volatile, you just insulted an innocent member of the
forum! |
Emotions are understandably running a bit high, zts. Why I already said I figured I owed Mr_Magnesium an apology--I flamed him pretty good in the now
deleted acetone peroxide thread.
"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social
status, nationality, citizenship, etc" z-lib
|
|
|
Brain&Force
Hazard to Lanthanides
Posts: 1302
Registered: 13-11-2013
Location: UW-Madison
Member Is Offline
Mood: Incommensurately modulated
|
|
Manifest, if you really did just "expose a security flaw" why were my posts regarding the matter deleted? And why was Mr_Magnesium's account
sockpuppeted?
[Edited on 13.8.2014 by Brain&Force]
At the end of the day, simulating atoms doesn't beat working with the real things...
|
|
|
forgotpassword
Harmless
Posts: 47
Registered: 12-8-2014
Member Is Offline
Mood: No Mood
|
|
I deleted your posts because you were exposing me early so I deleted your posts and locked your account to attempt to stop more people noticing.
Mr_Magnesium's account was sockpuppeted to spread the hack basically.
|
|
|
Dany
Hazard to Others
Posts: 482
Registered: 3-8-2013
Member Is Offline
Mood: No Mood
|
|
After all, all this mess was caused by a school boy... wait until he gets his university degree
Dany.
|
|
|
elementcollector1
International Hazard
Posts: 2684
Registered: 28-12-2011
Location: The Known Universe
Member Is Offline
Mood: Molten
|
|
If, as you say, it was just my email and location, why couldn't I log in? Sounds like you changed my password as well.
Also, if your intentions were as good as you say, you could have privately contacted Polverone, and saved both yourself and the rest of us the
trouble.
Elements Collected:52/87
Latest Acquired: Cl
Next in Line: Nd
|
|
|
forgotpassword
Harmless
Posts: 47
Registered: 12-8-2014
Member Is Offline
Mood: No Mood
|
|
You could not login because Polverone froze your account to prevent more damage.
I could have done that but I was bored and when I reported a flaw in the past I didn't even get a thanks, so I decided to have more fun before
informing Polverone, it was the wrong thing to do, I'm sorry, I was just bored to be honest, why am I called a script kiddie when I did not use
scripts, in fact a google search will not show you the exploit I used.
I am very impressed with Polverone's detective skills, my intentions while not exactly great were not malicious.
|
|
|
arkoma
Redneck Overlord
Posts: 1761
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline
Mood: украї́нська
|
|
Take your Kali Linux disc and insert it in your rectum
Edit--you seem to have ABSOLUTELY NO REMORSE. Here in the US of A we tell people like you to "Fuck Off", but since you are in the UK "Bugger Off"
seems more appropriate.
[Edited on 8-13-2014 by arkoma]
"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social
status, nationality, citizenship, etc" z-lib
|
|
|
Brain&Force
Hazard to Lanthanides
Posts: 1302
Registered: 13-11-2013
Location: UW-Madison
Member Is Offline
Mood: Incommensurately modulated
|
|
And you could have foregone the signature wiping. Mine is loaded with BBCode and HTML, and I was lucky to have saved it somewhere.
At the end of the day, simulating atoms doesn't beat working with the real things...
|
|
|
| Pages:
1
2
3
4
5
6
7 |
![[*]](images/xpblue/default_icon.gif){kind=icon}
