The W
Views: 100053889
Main | FAQ | Search: Y! / G | Calendar | Color chart | Log in for more!
25.10.14 1810
The W - the-w.com Site Feedback - Hacked.
This thread has 7 referrals leading to it
Register and log in to post!
Thread rated: 6.96
Pages: 1
(286 newer) Next thread | Previous thread
User
Post (20 total)
CRZ
Big Brother
Administrator








Since: 9.12.01
From: ミネアポリス

Since last post: 1 day
Last activity: 19 min.
AIM:  
ICQ:  
Y!:
#1 Posted on | Instant Rating: 8.78
Helle Members, bad news. We got hacked.
CRZ.



Promote this thread!
Guru Zim
SQL Dejection
Administrator








Since: 9.12.01
From: Bay City, OR

Since last post: 1 day
Last activity: 1 day
AIM:  
#2 Posted on | Instant Rating: 8.09
Oh noes, someone fucked us.
Guru Zim.




Sign up for Folding@Home and join our team. PM me for details.

Ignorance is bliss for you, hell for me.
CRZ
Big Brother
Administrator








Since: 9.12.01
From: ミネアポリス

Since last post: 1 day
Last activity: 19 min.
AIM:  
ICQ:  
Y!:
#3 Posted on | Instant Rating: 8.78
    Originally posted by CRZ
    Helle Members, bad news. We got hacked.
    CRZ.
Oh snap they did it again. They're clever! (And, now we know, funny!)

I've plugged the latest hole (the way I SHOULD have done it over the weekend - my bad), and changed my password again (since they helpfully changed it for me - along with Aaron's).

Thankfully, this guy(s) aren't doing damage... just annoying me by figuring out new ways to perform SQL injections.

Looking at the logs, if your userid is 782 or lower, they probably had (or have) your password. Sorry. If they'll DO anything with it, I dunno...you're not admins so I don't know how interesting it will be to post as you (and if you DO see any posts authored by you which you haven't written, and I haven't already noticed the weird flags and deleted it, do let Aaron or I know.)

Note to hackers: "Hacked." is exactly the sort of Twitter I don't want to get on the freeway.

(edited by CRZ on 15.7.08 0940)

bizzit
Chaurice








Since: 15.7.08

Since last post: 2293 days
Last activity: 2292 days
#4 Posted on
CRZ, add me in ICQ: 355109565-
I will help you
~b!zZ!t
CRZ
Big Brother
Administrator








Since: 9.12.01
From: ミネアポリス

Since last post: 1 day
Last activity: 19 min.
AIM:  
ICQ:  
Y!:
#5 Posted on | Instant Rating: 8.78
    Originally posted by bizzit
    CRZ, add me in ICQ: 355109565-
    I will help you
    ~b!zZ!t
Thanks, I think I got it. Feel free to try again. ;-)

Or, stick around and talk about stuff that ISN'T hacking our database! :-D



bizzit
Chaurice








Since: 15.7.08

Since last post: 2293 days
Last activity: 2292 days
#6 Posted on
I don't try again, im not a bad boy, i really dont know why i chage the passwords, sry. Add me in ICQ we talk a little bit.
~b!zZ!t
CRZ
Big Brother
Administrator








Since: 9.12.01
From: ミネアポリス

Since last post: 1 day
Last activity: 19 min.
AIM:  
ICQ:  
Y!:
#7 Posted on | Instant Rating: 8.78
    Originally posted by bizzit
    I don't try again, im not a bad boy, i really dont know why i chage the passwords, sry. Add me in ICQ we talk a little bit.
    ~b!zZ!t
I sent you a private message and I'll add you in ICQ when I get home. (My number is 8046423 if you didn't already see it in my profile)



bizzit
Chaurice








Since: 15.7.08

Since last post: 2293 days
Last activity: 2292 days
#8 Posted on
Ah k, i allready add you in ICQ
See ya in the evening then.
Nuclear Winter
Boudin rouge








Since: 9.11.03
From: Bedford, Michigan

Since last post: 208 days
Last activity: 2 days
AIM:  
#9 Posted on | Instant Rating: 7.51
Anyone else getting a little creeped out?



Stupid of the Year (thingsstuff.741.com)
DJ FrostyFreeze
Knackwurst








Since: 2.1.02
From: Hawthorne, CA

Since last post: 19 hours
Last activity: 18 hours
#10 Posted on | Instant Rating: 8.03
Read it and weep, fella


It does seem odd that CRZ is this ok with his site being hacked and the guy who did it.



CLICK OR DIE
WTF is that SMELL???
tarnish
Frankfurter








Since: 13.2.02
From: Back in the Heart of Hali

Since last post: 503 days
Last activity: 2 days
AIM:  
Y!:
#11 Posted on | Instant Rating: 8.40
    Originally posted by DJ FrostyFreeze
    It does seem odd that CRZ is this ok with his site being hacked and the guy who did it.


It's called pragmatism

Plus, you catch more flies with honey than vinegar.

Yes, this board is part of a lot of people's daily routine. But if it disappeared tomorrow, I don't know how many would shed a tear. Nothing of any real importance is stored here and the worst the hacker can do is be annoying. We get some of that without hackers.

The only folk with anything to fear are those who used that password in another, more important, place (e.g. a bank site) and who have enough real personal information stored in their profile or in their posts to make the password useful. This is why CRZ disclosed, because information was potentially compromised. I'm willing to bet the board was hacked at least once before, but there was no such compromise so there was no, or limited, disclosure.

Anyone who's been in operations knows that being hacked isn't a matter of if, it's a matter of when. And as long as nobody's life or livelihood is at stake, it doesn't make much sense to get worked up about it. Patch, disclose (NNITO), and move on with your life.

Guru Zim
SQL Dejection
Administrator








Since: 9.12.01
From: Bay City, OR

Since last post: 1 day
Last activity: 1 day
AIM:  
#12 Posted on | Instant Rating: 8.09
I'm fairly certain we've mentioned it every time there has been an issue. Why wouldn't we? I have nothing to gain from you thinking this place is more secure than it is

Most of the time people have screwed around in more of a vanadlism approach. I believe this was the first successful SQL injection. Really, we don't claim a lot of security, but we've at least both audited this place a little bit




Sign up for Folding@Home and join our team. PM me for details.

Ignorance is bliss for you, hell for me.
Mr. Boffo
Scrapple








Since: 24.3.02
From: Oshkosh, WI

Since last post: 454 days
Last activity: 414 days
#13 Posted on | Instant Rating: 5.11
    Originally posted by tarnish
      Originally posted by DJ FrostyFreeze
      It does seem odd that CRZ is this ok with his site being hacked and the guy who did it.


    It's called pragmatism

    Plus, you catch more flies with honey than vinegar.


Agreed. When the guy who hacked your website wants to talk to you, you talk to him. Better then making him angry in case he finds yet another security hole to exploit.
Guru Zim
SQL Dejection
Administrator








Since: 9.12.01
From: Bay City, OR

Since last post: 1 day
Last activity: 1 day
AIM:  
#14 Posted on | Instant Rating: 8.09
I'll shed some light on this, at least from my perspective.

I don't have an exactly clean past when it comes to computer systems I never did anything criminal as far as I know, but I would poke around systems and see what I could do. I was the kid who changed the BASIC programs around in school so that you could have a huge mountain in artillery - only sunny days in lemonade - etc.

I know where these kids are coming from, and I can't really say I don't deserve some sort of "American style Karma" (Not to be confused with Actual Karma) for my past.

So, I'm generally not too much of a jerk with people if they step forward. I did eventually have to come up with a script to ban one kid from a different board I ran.

I dunno. I'm not happy about it, but I'm more likely to sigh than swear.




Sign up for Folding@Home and join our team. PM me for details.

Ignorance is bliss for you, hell for me.
Oliver
Scrapple








Since: 20.6.02
From: #YEG

Since last post: 2 days
Last activity: 1 day
AIM:  
ICQ:  
Y!:
#15 Posted on | Instant Rating: 4.37
    Originally posted by Guru Zim
    I'll shed some light on this, at least from my perspective.

    I don't have an exactly clean past when it comes to computer systems I never did anything criminal as far as I know, but I would poke around systems and see what I could do. I was the kid who changed the BASIC programs around in school so that you could have a huge mountain in artillery - only sunny days in lemonade - etc.
I hated kids like you when I attended summer school...because there was actually someone who could do that. We had a competition playing that game back in the day, and someone who knew how to fiddle with the innards of the programming did exactly what you did. He won, of course.




You wouldn't like Ozu Makito when he's mad!
Eddie Famous
Andouille








Since: 11.12.01
From: Catlin IL

Since last post: 336 days
Last activity: 330 days
#16 Posted on | Instant Rating: 4.35

When I went to The W just now, not logged in, it listed no forums, just "Increased Chatter" headers, etc. There was also some random thing about SQL at the top which I couldn;t understand.



As of 2/28/05: 101 pounds since December 7, 2004
OFFICIAL THREE-MONTH COUNT: 112 pounds on March 9, 2005
OFFICIAL SIX-MONTH COUNT: 142 pounds on June 8, 2005
OFFICIAL ONE YEAR COUNT: 187 pounds on December 7, 2005
As of 2/27/06: 202 pounds "I've lost a heavyweight"
As of 7/31/06: 224 pounds<
As of 10/31/07: Still 217 down!
As of 5/18/08: Still 217 down!
Now announcing for the NBWA and GAW television!
www.wdws.com home of DWS Sportsnight and downstate radio home of thecubsfan!
CRZ
Big Brother
Administrator








Since: 9.12.01
From: ミネアポリス

Since last post: 1 day
Last activity: 19 min.
AIM:  
ICQ:  
Y!:
#17 Posted on | Instant Rating: 8.81
    Originally posted by Eddie Famous
    When I went to The W just now, not logged in, it listed no forums, just "Increased Chatter" headers, etc. There was also some random thing about SQL at the top which I couldn;t understand.
That probably means you still had a cookie with your username in it, even if you didn't have one with the right password. It kinda puts you in that "in-between" state until you log in proper. I suppose I could fix this code but this piece is a very low-priority problem with me.

EDIT: Definitively clear your cookies with the logout link (The W) if you think that's where you are. (Of course, you'll probably have trouble even finding this post if you're there...)

(edited by CRZ on 16.7.08 1432)


Eddie Famous
Andouille








Since: 11.12.01
From: Catlin IL

Since last post: 336 days
Last activity: 330 days
#18 Posted on | Instant Rating: 4.35

I am in limbo..........

That seemed to be what was wrong. Looked weird though.



As of 2/28/05: 101 pounds since December 7, 2004
OFFICIAL THREE-MONTH COUNT: 112 pounds on March 9, 2005
OFFICIAL SIX-MONTH COUNT: 142 pounds on June 8, 2005
OFFICIAL ONE YEAR COUNT: 187 pounds on December 7, 2005
As of 2/27/06: 202 pounds "I've lost a heavyweight"
As of 7/31/06: 224 pounds<
As of 10/31/07: Still 217 down!
As of 5/18/08: Still 217 down!
Now announcing for the NBWA and GAW television!
www.wdws.com home of DWS Sportsnight and downstate radio home of thecubsfan!
pieman
As young as
he feels








Since: 11.12.01
From: China, Maine

Since last post: 2 days
Last activity: 1 day
AIM:  
ICQ:  
Y!:
#19 Posted on | Instant Rating: 7.30


    Originally posted by tarnish


    Yes, this board is part of a lot of people's daily routine. But if it disappeared tomorrow, I don't know how many would shed a tear.




Actually, I think I would.




The World Champion New York Football Giants
SinisterOrthodoxy
Longanisa








Since: 2.4.04

Since last post: 531 days
Last activity: 531 days
#20 Posted on | Instant Rating: 0.00
I like that his location shows the Jolly Roger.
Thread rated: 6.96
Pages: 1
Thread ahead: 48 million wasted clicks
Next thread: Broken tables...
Previous thread: the-w.com topics of interest: June 2008
(286 newer) Next thread | Previous thread
That's okay! We haven't mailed you a gift yet. :)
- CRZ, W OF THE WEEK: 06.17 (2006)
The W - the-w.com Site Feedback - Hacked.Register and log in to post!

The W™ message board

ZimBoard
©2001-2014 Brothers Zim

This old hunk of junk rendered your page in 0.121 seconds.