Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / [LOCKED] Bad hacker

Author
Message
Oops!
User Banned
Posted: 26th Feb 2014 02:10 Edited at: 26th Feb 2014 10:58
Link
Unfortunately I wrote terribly insecure code while extending the forum, and the result is that any user's account can be hijacked by simply sending them a personal message! This is the case here - I didn't post this message, someone exploited the bug and now I've been embarrassed! It's lucky the culprit didn't have more malicious intentions...

MOD EDIT: See the post by The Next
Back to top
Profile
Phaelax
DBPro Master
21
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 26th Feb 2014 05:13
Link
Prove it by posting with an account that wasn't just created the same time you posted this...

http://zimnox.com
Back to top
Profile PM Email Website
Yodaman Jer
User Banned
Posted: 26th Feb 2014 06:58
Link
Um. I find this to be unlikely... this surely would have come up by now, especially with The Next working on the new forums and messaging system...

I'm curious as to why this thread showed up twice though...


Come check out my new website!
Back to top
Profile
nonZero
12
Years of Service
User Offline
Joined: 10th Jul 2011
Location: Dark Empire HQ, Otherworld, Silent Hill
Posted: 26th Feb 2014 08:12
Link
Quote: "Prove it by posting with an account that wasn't just created..."

There, I just logged into nonZero's account... OMG, the user password is the same as the Gmail password. I'm gonna take a snoop around all this user's Google Drive files, esp the pics and video. Will get back to you guys.

ver 7.5 /// int 145 /// str 45 /// dex 85 /// end 200 /// mat 3
Back to top
Profile PM Email Website
nonZero
12
Years of Service
User Offline
Joined: 10th Jul 2011
Location: Dark Empire HQ, Otherworld, Silent Hill
Posted: 26th Feb 2014 09:34
Link
I... looked at those pictures and vids... DON'T LOOK!!! I won't be hacking anymore now. I'm just going to leave the world. This place is too normal for me now. Goodbye everyone, sorry for any trouble I caused.
nonZero: Sorry I hijacked your account and sorry I looked at your stuff. But thank you. Thank you for everything. Goodbye.

ver 7.5 /// int 145 /// str 45 /// dex 85 /// end 200 /// mat 3
Back to top
Profile PM Email Website
The Next
Web Engineer
16
Years of Service
User Offline
Joined: 3rd Dec 2007
Location: United Kingdom
Posted: 26th Feb 2014 10:29 Edited at: 26th Feb 2014 11:03
Link
At first I had deleted this thread, but I feel it better to point out to the community that if you ever find a bug in the forum code and you think it can be exploited you should report it not exploit it.

As a result the user will be banned and any accounts related will also be banned (nonZero). Despite the user claiming this was terribly insecure code, this was not a very complicated exploit and was just one line missed in the patching of the files from the beta forum code to the live site, not dangerous in any way. It has now been patched with the correct file.

As for entering nonZero's gmail account I highly doubt the user got in by hacking, all TGC data is encrypted and password info is held elsewhere not on the forum server.

The exploit this user used was a blindingly simple javascript issue not one that exposes any user data and really could be done by anyone with even the most simple idea of how javascript works.

EDIT: nonZero it doesn't look good when you post the supposed hacked messages from your own IP address, you have posted 6 other messages from that IP in the last few days. I have unlocked this thread to give you the opportunity to defend yourself against this however it doesn't look good as the messages came from your own pc unless the hacker is there with you or your account has been taken over completely.

Windows 7 Pro, Intel i7 3.8 GHz, 16GB DDR3, NVIDIA GTX 780 4GB Superclocked

View the beta TGC forum progress at the url below View beta forum
Back to top
Profile PM
Thraxas
Retired Moderator
18
Years of Service
User Offline
Joined: 8th Feb 2006
Location: The Avenging Axe, Turai
Posted: 26th Feb 2014 11:03
Link
I thought it was odd that all the other posts came from spoofed up addresses but the one from nonzero's account came from an IP address he'd used before.

Back to top
Profile PM Email
nonZero
12
Years of Service
User Offline
Joined: 10th Jul 2011
Location: Dark Empire HQ, Otherworld, Silent Hill
Posted: 26th Feb 2014 13:19
Link
I was joking... I was pretending that my account got jacked because I thought it was another spam thread. So my thinking:
Twit pretends he hacked forum
I (sarcastically) pretend Twit got into my account and my Gmail and saw something terrifying. Everyone laugbs at my clowning around as usual.

Really wasn't trying to make trouble. You all know me, I joke a lot. But if I found a security exploit, honestly, I wouldn't make it public. Remember my real name is associated with this site. I would never do anything to affect my RL reputation. Also, I posted in another thread between posts. I mean, honestly, would I do that. You guys should analyze my pattern: I post in every spam thread because, well, check my stats in my sig: maturity is waaaaay below average. Also, I hardly have the rsources: crappy mobile device, limited bandwidth, a browser that double-posts half the time. I'm hardly the Super Villain I aim to be (have a little saved for a laire though). Anyhow, all I can say is I'm innocent and to consider the evidence against the incident, my explanation and my behavior pattern.

I do wonder though, if you guys aren't playing a trick on me? If you guys are, 20/10. You got me good. If not, I'm really upset I would be a suspect, regardless of my actions.

ver 7.5 /// int 145 /// str 45 /// dex 85 /// end 200 /// mat 3
Back to top
Profile PM Email Website
nonZero
12
Years of Service
User Offline
Joined: 10th Jul 2011
Location: Dark Empire HQ, Otherworld, Silent Hill
Posted: 26th Feb 2014 13:40 Edited at: 26th Feb 2014 15:25
Link
Sorry for the double-post, editing is a hassle in this browser. RE my IP address, I use a browser called UC Browser Mini which has server-side compression because data costs me a lot. As a result, my IP does change constantly. Just to reiterate, I am not connected in any way to this hacker-person nor have I any involvement in this case. I just exited my browser and started it up again so, hopefully, it will reflect the change in IP addresses.

EDIT(ignoring the irony in relation to the abovementioned statement regarding editing): Um, nopony's posted anything so I'll presume either my satus is still under debate or I've been implicitly found nonGuilty (okay, *facepalm*). So in the case of the former, if you want to verify my identity, just ask me to send an email or post something on my site. I'm not actually stupid enough to use the same password for everything, contrary to my earlier claims. I really am sorry if I caused this much of a headache for everyone. If I had thought even a 1% chance existed of being taken seriously, I never would have. So come on guys, you're starting to make me feel bad now. I'm getting mental images of people hunched over desks, going through logs and posts with colder-than-usual coffee in an attempt to reveal the truth. Of course maybe everyone's just busy with their nine-to-five, but I'm feeling a tad guilt-ridden over my poorly-timed joke. Well I'll be checking in later, hopefully tonight but maybe tomorrow, to see a reply.

ver 7.5 /// int 145 /// str 45 /// dex 85 /// end 200 /// mat 3
Back to top
Profile PM Email Website
The Next
Web Engineer
16
Years of Service
User Offline
Joined: 3rd Dec 2007
Location: United Kingdom
Posted: 26th Feb 2014 15:35 Edited at: 26th Feb 2014 15:38
Link
nonZero simply following the evidence we had, it looks suspicious on our end. The reason you are an active member is one of the reasons I gave you a chance to respond to the thread I have no evidence against what you claim and I am happy to believe a valuable member was not to blame.

No offence intended towards you, a very convincing set of posts regardless... Next time put a sarcasm icon below will help me understand.

I will wait for your reply so I know we are all ok and all has been explained. Then I will lock this and let the thread die.

Windows 7 Pro, Intel i7 3.8 GHz, 16GB DDR3, NVIDIA GTX 780 4GB Superclocked

View the beta TGC forum progress at the url below View beta forum
Back to top
Profile PM
nonZero
12
Years of Service
User Offline
Joined: 10th Jul 2011
Location: Dark Empire HQ, Otherworld, Silent Hill
Posted: 26th Feb 2014 16:28
Link
Thank You sincerely and appologies again for the mixup. I'll definitely disambiguate any future posts of that nature. I'm glad the air is clear.

ver 7.5 /// int 145 /// str 45 /// dex 85 /// end 200 /// mat 3
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-05-04 07:35:42
Your offset time is: 2024-05-04 07:35:42