Go Back   Computer Forums > Welcome To Computer Forums .org > Social Lounge | Off Topic
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 05-19-2011, 05:18 PM   #61
Daemon Poster
 
CrackerJacker's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 987
Send a message via Skype™ to CrackerJacker
Default Re: "Hello, you just got owned"

Praise root
__________________

__________________
USAF KC-135R Crew Chief
i7 2770 @ 3.4ghz, Geforce GTX 560 ti, 8GB DDR3 1600, SSD 120gb, cup holder
I would imagine if you could understand Morse Code, a tap dancer would drive you crazy
CrackerJacker is offline   Reply With Quote
Old 05-19-2011, 06:16 PM   #62
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: "Hello, you just got owned"

Making the jump to 4.1.3 may not at this time be the wisest thing to do. If you read the trouble shooting section at VB com you'll find it still has some serious issues.
Besides they started dicking around with the stylevars in 4.0.8 which break a lot of themes for this version and wreaks havock with some mods.
May be prudent to patch and tighten up security.
__________________

setishock is offline   Reply With Quote
Old 05-19-2011, 07:07 PM   #63
Baseband Member
 
Xtreme2damax's Avatar
 
Join Date: May 2011
Posts: 72
Default Re: "Hello, you just got owned"

I've also heard the same thing from other people, at the moment it isn't a wise idea to upgrade to v4.1.3 because it has a lot of issues. Someone I know is familiar with Vbulletin, from what it sounded like some issues are quite serious. The only reason I would upgrade is if v4.1.2 had exploits that were patched on v4.1.3, but it doesn't sound like that is the case.
Xtreme2damax is offline   Reply With Quote
Old 05-19-2011, 08:56 PM   #64
Daemon Poster
 
Legodude522's Avatar
 
Join Date: May 2006
Location: Texas
Posts: 1,303
Default Re: "Hello, you just got owned"

Good riddance! Glad the site is back up.
__________________
PC: Intel i7 4790K, 16gb RAM, MSI R7 250 2gb
Phone: Apple iPhone 6s 64gb
Handheld Games: Nintendo 3DS XL, Tapwave Zodiac 2, GamePark Holdings GP2X F100
Legodude522 is offline   Reply With Quote
Old 05-20-2011, 06:49 AM   #65
JCB
Daemon Poster
 
JCB's Avatar
 
Join Date: Oct 2004
Posts: 1,302
Default Re: "Hello, you just got owned"

Quote:
Originally Posted by LukaszR View Post
Glad to see we are back online. Was a little worried if CF would be no more
You dont need to worry about that, we will be around for a long time
JCB is offline   Reply With Quote
Old 05-20-2011, 09:06 AM   #66
In Runtime
 
FORDSVTPARTS's Avatar
 
Join Date: Mar 2011
Posts: 258
Send a message via AIM to FORDSVTPARTS
Default Re: "Hello, you just got owned"

This Hacking Just shows how immature some people can be!
__________________
Quote:
texting while drunk is fine reading them while sober is the hazzard
FORDSVTPARTS is offline   Reply With Quote
Old 05-20-2011, 09:17 AM   #67
7D8
In Runtime
 
7D8's Avatar
 
Join Date: Oct 2006
Posts: 209
Default Re: "Hello, you just got owned"

Quote:
Originally Posted by xxPoweredgexx View Post
This Hacking Just shows how immature some people can be!
well personally, i don't think its that bad. If the guy hacked in the first time, than would do something like post and say, "Hey, your software is vulnerable at xyz and i just proved it." Than you can respect the guy (sort of).

On another note, it gave us a lot to talk about this week, and i learned more about vBulletin encryption and how easy it really is to crack MD5. So apart from the admins having some work, it was quite the edification for me. Furthermore it gave the site admin, (JCB i think) an insight into some of the vulnerabilities of his own bulletin board.
7D8 is offline   Reply With Quote
Old 05-20-2011, 11:50 AM   #68
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,006
Default Re: "Hello, you just got owned"

Quote:
Originally Posted by tomek View Post
well personally, i don't think its that bad. If the guy hacked in the first time, than would do something like post and say, "Hey, your software is vulnerable at xyz and i just proved it." Than you can respect the guy (sort of).
I sort of agree with what you're saying.
I think with a lot of hackers you have to start out as a kid mucking about and having a laugh, that's what sparks interest. (the best example I can come up with is how many people who are electronic engineers started by getting electrocuted, you get hooked on the power and it's capabilities, and then learn how to harness it).

but it's what you do with that power that makes a difference, good hackers (whitehat sense) are the ones who are actively looking for the exploits in software, they are the ones finding the bugs, and reporting them to the developers, not exploiting them in the wild.
bad hackers (blackhat sense) are the kind of guys like these are hack a forum, destroy data etc.
and these guys weren't even that gooder black hat hackers, I mean what sort of decent hackers leave enough information to track them down to their houses?

the funny thing is that in some ways I respect what these guys are doing, if they are serious about being security consultants, then I'd really like to see them progress -there aren't enough good security consultants in this world, sadly due to what they've done here, it's unlikely that they are going to progress on these forums any time soon!

the advice that I'd give to them is this though.
hacking a site then asking for money to fix it is just stupid, all you're doing is making a bad name for your "business". extorting money and leaving a paper trail to your door! now had you done this a different way, marketed yourself as whitehat hackers or penetration testers. you may have been able to agree a price with the admin, and the admin would have invited you to hack their server!
The company I work for do security testing like this, we're paid to do this sort of stuff.

if you really want to do this then this is my advice. (feel free to take it or leave it).
don't hack pages uninvited.
make your home page a web page, with a forum behind it (if you really want a forum) (no business has a forum for a home page).
get yourself a load of test rigs these can be virtual machines and actually try different configurations and hack for yourself, (looking into the details of how premade scripts work for example will give you a useful insight into how the software is put together and how to exploit it).
get yourself some credence, (by this I mean look into standards like ISO2700 or ISO27001 -security or ISO9000/9001 -quality assurance). these are in principal reasonably easy to get. -you just have to prove that you have the knowledge experiences and processes to meet the standards. -they are not difficult to get, and worth a lot to a business.

Then you can go out as real security consultants, earning some real money.

at the end of the day, you guys are 15, with your whole life ahead of you.
doing this kind of crap is reasonably likely to end you up in some kind of trouble, I mean fines, possibly prison, you could have court orders ordering that you're not allowed to use computers or connect to the internet.

do you really want to be flipping burgers because you done some silly stuff as a kid?

Quote:
On another note, it gave us a lot to talk about this week, and i learned more about vBulletin encryption and how easy it really is to crack MD5. So apart from the admins having some work, it was quite the edification for me. Furthermore it gave the site admin, (JCB i think) an insight into some of the vulnerabilities of his own bulletin board.
This is one of my favourite things about IT, you never stop learning.
i think that a lot of people come into this industry not realising that they will spend the next day of the rest of their lives learning, some new technique, some new technology, some new practise, some new software.
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 05-20-2011, 01:18 PM   #69
7D8
In Runtime
 
7D8's Avatar
 
Join Date: Oct 2006
Posts: 209
Default Re: "Hello, you just got owned"

Quote:
Originally Posted by root View Post
...don't hack pages uninvited...
i can't imagine, being 15, what it must feel like, to take over some poor guy's website. The rush would be insane though.

I don't know if you ever Masters of Deception, but there is a whole book about them that I read, and its all about kids hacking into the AT&T network when they were like 15.

After reading this book, it gives a much different perspective of what it means to hack into someone's site. i HIGHLY recommend. I did the audiobook and listen to it on the way to work. It was SO good, i listened to it three times.
7D8 is offline   Reply With Quote
Old 05-20-2011, 01:18 PM   #70
Baseband Member
 
Xtreme2damax's Avatar
 
Join Date: May 2011
Posts: 72
Default Re: "Hello, you just got owned"

I understand what is being said about the hackers letting you know that your site is insecure. It wouldn't be too bad if they just replaced a page or left a mark somewhere informing you your site is vulnerable and left it at that. What I don't like is when they start causing damage, such as deleting files, deleting backups, stealing personal information, database and file dumps from the website. Another thing, what happens if your site is vulnerable to an exploit, and there hasn't been a patch released yet? What can you do, it's not like you can do much especially when you can't downgrade to a previous version of the software that doesn't have any exploits, only upgrade to newer versions. :/
__________________

Xtreme2damax is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 03:32 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0