What if ... Site hack and PW change

1/21/14 9:07 AM
Posts: 377
FETT_TFK_Tat2tillidie - So is he gonna be banned and I mean IP banned ? Phone Post 3.0
"IP banning" Someone who is exploiting security holes and I can only assume unhashing / rainbow tabling passwords is a huge waste of time.

Also, if forum passwords were not hashed, shame on the UG. That's elementary. Phone Post 3.0
1/21/14 9:17 AM
Posts: 11275
Motivated Penn - What a piece of shit... Thanks for the info though, PW changed!

Who Kirik for not alerting users that their information was compromised? That is unacceptable. Whether or not you think someone else can do something you still alert your users. PII is nothing to play around with. By waiting 2 years to release this information Kirik potentially fucked every single user of this site.
1/21/14 9:30 AM
Posts: 7937
Phone Post 3.0
1/21/14 9:31 AM
Posts: 232
Alex Bruner - 
InconsiderateSerra - Here I have an honest persona. In my professional life I play an act, because it is required. I need to know if there is even a hypothical chance that someone could link the two through this breach. 

So it sounds like he dumped the DB so he probably had access to whatever information you voluntarily entered into the webform.

When you enter information into a webform, it goes into a database. If that database is ever breached, the information you entered is then 'out there'. If you have information you don't want 'out there', THEN DON'T PUT IT INTO WEBFORMS BECAUSE EVENTUALLY, SOMEONE IS GOING TO GET IN. If The Department of Defense, CIA, NSA and FBI cannot keep their sites secure, what makes you think MixedMartialArts.com stands a chance?

For all the people squealing about data breach laws, bone up on how laws work. Those laws are based on definitions and unless he got names and CC or SS numbers, nothing here rises to meet that statutory threshold. Likewise, FEDERAL CRIME!>Q#1!!!1! has a fuckton to do with whether or not Kirik has a good deal of spare time in his future to spend working as a witness on a case that may not have resulted in any injury outside the realm of 'hypothetical' and ultimately, won't get charged or brought before a GJ.

I'm not vulnerable to any of this, have no reasons to 'kiss his ass' whatsoever but I *have* been in the position of needing a competent security tester who wasn't out to fry me for the sport of it or rip me off. Blackhats mostly worthless in legal business, whitehats are usually bush league amateurs.

Guys like this who may pull occasional pranks but have a deep skill set and no ill will are immensely useful to have on your side. Its unfortunate that they occasionally cause butthurt and rustled jimmies in the process of doing what they do but the hysterical overreaction is based on ignorance of tech, ignorance of laws, ignorance of what role you play in your own security... basically people clinging to any ignorant branch on the dumb-ass tree to elevate their sqwaking.<br /><br />A lot of STFUs need to be doled out here. <br />If this kid wanted to burn you down, believe me, he would have. It happens every day, that isn't what happened here.
These arguments are like saying "if you didnt want to get raped you shouldnt have been wearing Yoga Pants." Phone Post

No, its more like saying "Parking your $4000 bicycle in downtown Chicago without a lock will likely result in your bike being stolen"

There's ideology, then there's how shit works in the real world.

All the fear and hysterics doesn't change the fact that he brought this to their attention, even if he socked DFWs account for the lulz.

You people are so fucking naive to how this shit goes down when the cracker has malicious intent. Hint: It looks nothing like this.

Watch this, faggots.


He just handed this site their left shoe.