More Awesome Than You!
Welcome, Guest. Please login or register.
2024 November 25, 14:15:34

Login with username, password and session length
Search:     Advanced search
540287 Posts in 18067 Topics by 6545 Members
Latest Member: cincinancy
* Home Help Search Login Register
+  More Awesome Than You!
|-+  TS3/TSM: The Pudding
| |-+  The World Of Pudding
| | |-+  GSC has been hacked
0 Members and 1 Chinese Bot are viewing this topic. « previous next »
Pages: 1 2 3 [4] THANKS THIS IS GREAT Print
Author Topic: GSC has been hacked  (Read 50672 times)
Zazazu
Fuzzy Pumpkin
Whiny Wussy
*****
Posts: 8583


Potiron flou


View Profile
Re: GSC has been hacked
« Reply #75 on: 2010 January 17, 05:26:47 »
THANKS THIS IS GREAT

Nah, that's on my totally for real minister certificate from the Universal Church of Whatever or Such.
Logged

Capitalism, Ho!
"Continue to beat it in masturbatory ecstasy if you like, but only Pescado can make it go away." - Lemmiwinks
My Urinal
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: GSC has been hacked
« Reply #76 on: 2010 January 17, 08:40:26 »
THANKS THIS IS GREAT

But Pescado, what you're not seeing is that TSR don't *want* these hacking attacks that could look like TSR-related-originated-assisted to happen as it is bad publicity.  So why would they do them?
e-Peen? It's a surprisingly common motivation for seemingly illogical and counterproductive acts.

It's not like they're getting rid of pirate content, as everyone knows the hacked site owner simply restores the site immediately.  The anti-TSR brigade have far more motive to be doing this - "false flag" you call it?
Except for the catch: Assuming that TSR is NOT responsible, there is no plausible way an anti-TSR faction could acquire the technical data needed to carry out the attacks AND frame TSR for providing the data, without the complicity of at least one agent inside TSR. So even if they wanted to, they couldn't. In order to catch a large number of usable passwords like this, someone would either need to run a highly sophisticated phishing operation AND a means of verifying that the passwords stolen are shared WITHOUT simply trying them on TSR and thus setting off alarms.
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Inge
Round Mound of Gray Fatness
Senator
*
Posts: 4320


Senator Emeritus. Oh hold on, I am still a senator


View Profile WWW
Re: GSC has been hacked
« Reply #77 on: 2010 January 17, 08:58:28 »
THANKS THIS IS GREAT

Well, all this theorising on what errors of judgement may have taken place and what loose cannons they may have fired is still firmly in the realms of speculation.   The perp is as unlikely to be brought to justice as PMBD is, and for similar reasons.

What is the desired outcome, and how can this speculation help to bring it about?

Sysadmins - never use the same password on sites you have authority over, or investment in, as you do on ones where you are merely a visitor.   Always change your password and other system details after falling out with a fellow admin, and ensure the ex-admin is removed from *all* his membergroups - or delete his account and ask him to make a new one as a regular user.
Logged


\"They\'re here, on the forum. A question riddled, spoiler giving, speculative cancer of sim evil\" -- redearth, Snooty Sims, 2009
Johan
Asinine Airhead

Posts: 20


View Profile
Re: GSC has been hacked
« Reply #78 on: 2010 January 17, 22:50:27 »
THANKS THIS IS GREAT

The simsecret hacking over at LiveJournal has also been linked to Atwa/TSR, mainly because of IP similarities and the fact that the only posts that were deleted were ones with anti-TSR secrets.
Do we know who had the account and if that person had an account on TSR with the same password?
Logged
DrNerd
Lipless Loser
***
Posts: 677



View Profile
Re: GSC has been hacked
« Reply #79 on: 2010 January 17, 23:05:54 »
THANKS THIS IS GREAT

The simsecret hacking over at LiveJournal has also been linked to Atwa/TSR, mainly because of IP similarities and the fact that the only posts that were deleted were ones with anti-TSR secrets.
Do we know who had the account and if that person had an account on TSR with the same password?

I don't recall which of the former admins it was (sinthe, maybe), but she did admit at the time that she'd used the same username and password on TSR.
The IP info is here.

Simsecret posts regarding the hacking are here and here.
« Last Edit: 2010 January 17, 23:17:43 by DrNerd » Logged

Johan
Asinine Airhead

Posts: 20


View Profile
Re: GSC has been hacked
« Reply #80 on: 2010 January 17, 23:34:14 »
THANKS THIS IS GREAT

The latter seems more likely. If a true vulnerability existed, it would not have been easy to selectively target data using an SQL or PHP vulnerability, and your attacker would have simply deleted everything. Similarly, admin-level password compromise is thus unlikely, as if someone had an admin password, they would have been able to do far more damage.

Yeah i think i'm leaning towards that option too. One strange detail though was that there had been some falied login attempts on some accounts using the wrong random passwords.

Is there a technical reason, other than possibly sheer size, that would have made this impossible?

Yeah the technical reason being that he wouldn't be able to dump the member table even if he had a GUI db client and the all necessary information to connect to the database, Thomas is a pixel pusher and he doesn't know how that stuff works.
We don't have any functionality to get a list of passwords in admin so he would have had to pick the one by one to compile a list, which due to sheer size is next to impossible.
 
This does sound excessively laborious, but not impossible, if he selectively compiled anti-paysite activists. The more likely scenario is still whole or partial membertable dumping.

Theoretically possible but then again i have a lot of reason to believe he wouldn't do that. Membertable dump is definitely more likely than that but just as scary.

Of the known attacks, the Buggybooz, Shanow, and Scotty attacks are the ones known to me to have confirmed the TSR-password link. There may be others I don't recall offhand, and in none of the unconfirmed cases has this been ruled out as an possibility.
Has there been attacks where it has been confirmed that the password was not the same as a TSR account?
Logged
Johan
Asinine Airhead

Posts: 20


View Profile
Re: GSC has been hacked
« Reply #81 on: 2010 January 18, 00:06:09 »
THANKS THIS IS GREAT

I don't recall which of the former admins it was (sinthe, maybe), but she did admit at the time that she'd used the same username and password on TSR.
The IP info is here.

Simsecret posts regarding the hacking are here and here.

I've done some digging and from what i can tell it was Sinthe and a shared account (secret poster or something like that) that was compromised.
Some further digging got me to a post on PMBD where Delphy showed a screenshot from Sinthe with the logins, which i assume was for when simsecret got hacked (not sure about that though):
http://phorum.mustnotbenamed.com/index.php/topic,2399.msg141367.html#msg141367

The combination of IP's and useragent defenitley points to the same perpetrator as in the Buggybooz incident.
Logged
Witchboy
Blathering Buffoon
*
Posts: 53



View Profile WWW
Re: GSC has been hacked
« Reply #82 on: 2010 January 18, 04:52:41 »
THANKS THIS IS GREAT

The user agent for the IP that hacked into SV & GSC is as follows...

IP: 83.170.113.97 User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Logged

J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: GSC has been hacked
« Reply #83 on: 2010 January 18, 05:15:24 »
THANKS THIS IS GREAT

Yeah i think i'm leaning towards that option too. One strange detail though was that there had been some falied login attempts on some accounts using the wrong random passwords.
That doesn't mean anything. Random people randomly rattle doors on accounts all the time. This would only be a concern if there was a systemic pattern of door-rattling. Given that you run a paysite, it's entirely reasonable to expect that random people will attempt to rattle the doors on accounts simply to see if they can get any free swag, and people also lose their passwords and try to guess which of the set of usual passwords was the right one. Given the sheer size of your site, hundreds if not thousands of such attempts are probably made every week. The SUSPICIOUS thing would be when a strange IP logged into an account, then did nothing with it, and that account was subsequently attacked elsewhere, meaning that someone was trying to probe for a TSR commonality before attempting an attack.

Yeah the technical reason being that he wouldn't be able to dump the member table even if he had a GUI db client and the all necessary information to connect to the database, Thomas is a pixel pusher and he doesn't know how that stuff works.
I dunno about that. I mean, Spilt Pee Soup, a thoroughly nontechnical user, managed to figure out how to use phpmyadmin just fine. Also, there is no guarantee it was Thomas who personally did it. Thomas is the most likely suspect purely based on motives and opportunity, but he isn't the only one who could have done it.

We don't have any functionality to get a list of passwords in admin so he would have had to pick the one by one to compile a list, which due to sheer size is next to impossible.
Or, he could dump the entire thing and do a CRTL-F...

Theoretically possible but then again i have a lot of reason to believe he wouldn't do that. Membertable dump is definitely more likely than that but just as scary.
The exact methodology by which the information was acquired from the database is really less important than the fact that it clearly had to have been.

Has there been attacks where it has been confirmed that the password was not the same as a TSR account?
No. There have been no negative confirmations where a password-attack was conclusively NOT a TSR account password, only cases where confirmation could not be acquired due to either the user not remembering, or not being present. All other hacking attacks not related or suspected to be related to TSR account passwords have all been dismissed as common vandalism and bear no connection to any community politics.
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Inge
Round Mound of Gray Fatness
Senator
*
Posts: 4320


Senator Emeritus. Oh hold on, I am still a senator


View Profile WWW
Re: GSC has been hacked
« Reply #84 on: 2010 January 18, 07:34:44 »
THANKS THIS IS GREAT

Spilt Pee Soup, a thoroughly nontechnical user, managed to figure out how to use phpmyadmin just fine.

If you're talkign about Brynne, I don't think she did.   Every time she wanted to look at something she asked someone to do it for her, handing out temporary admin access if necessary.  Lol long after she thought she'd banned me I could have got in the back door.  Fortunately for her I wasn't the shady character she thought I was.
Logged


\"They\'re here, on the forum. A question riddled, spoiler giving, speculative cancer of sim evil\" -- redearth, Snooty Sims, 2009
Pages: 1 2 3 [4] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.066 seconds with 20 queries.