March 20, 201115 yr Damage Incorporated has been discovered logging all user log ins since late 2006. This modification was added to the forums, for who knows what reason ... http://www.youtube.com/watch?v=t0iSM-vt9eI Discuss.
March 20, 201115 yr I have no idea what this is but that random user is my forum acc lol what are the odds >.<
March 20, 201115 yr Author Did you even watch it? They have been logging user/pass info and stored it away for who knows what reason. Basically if you log in there ever, they can use your password to hack you elsewhere.
March 20, 201115 yr Brian admitted he was storing passwords because of an exploit in the recovery system. He advised everyone to use different passwords aswell. If you need your password back you could just ask. Edited March 20, 201115 yr by Twix
March 20, 201115 yr Author In the source code there is clearly a comment stating that Eric did it, and not to tell anyone about it.
March 20, 201115 yr It's common knowledge really that with IPB2 you can easily find people's login information. This problem was fixed in IPB3. Sure there's ways to go around that, but you'd need access to the database and the salts which make it more complicated. It just goes to show to use different passwords for different sites. Not really a difficult concept to grasp to be honest. Edited March 20, 201115 yr by Killerred005
March 20, 201115 yr So you exposed what exactly? That password & attempted logins were being stored...not exactly a thing that needs "exposing" really :unsure: Edited March 20, 201115 yr by WeeMan1311
March 20, 201115 yr So you exposed what exactly? That password & attempted logins were being stored...not exactly a thing that needs "exposing" really :unsure:Login information always has to be stored in the database - but this shows that DI was deliberately storing them in plain text in a way that could make them easily retrieved. "It's not a rest for me, it's a rest for the weights." - Dom Mazzetti
March 20, 201115 yr Lol I made an account in those forums just for the New Year's hack lulz. Can't remember the user and pass now though. :\ Edited March 20, 201115 yr by kuru72 Retired on: June 30, 2010
March 20, 201115 yr It's also best to avoid registering on other clans' forums. :P With love to one, friendship to many, and good will to all.
March 20, 201115 yr So you exposed what exactly? That password & attempted logins were being stored...not exactly a thing that needs "exposing" really :unsure: Passwords are stored in databases but they're encrypted.. meaning that no one, including people who have access to the database, can crack your password. They exploited code to mess around with that. Kinda disappointed here. Luckily I use a different password for everything, but damn, I can't help but think how many accounts were hacked this way. Really uncool. Edited March 20, 201115 yr by Deltaer [2010] Proud Member of Downfall[2004-2005] Former Leader of The Unbreakables, Former Member of Corruption, Former Member of 'The' Clan(...and Anarchy for a few weeks... shhh...)
March 20, 201115 yr This is what passwords look like in a database in their encrypted form: It is possible to unencrypt them, that is, make them legible - but it's difficult. "It's not a rest for me, it's a rest for the weights." - Dom Mazzetti
March 21, 201115 yr Ok, thanks for the update. Crimson Raiders Forums | Crimson Raiders Runehead | Crimson Raiders FA Runehead§ Crimson Raiders Veteran | Ex Downfall Warlord | Ex Team Vendetta Council
March 21, 201115 yr Oh, that's incredible useful. #Solace | Solace Senior Member | Solace Forums | Solace MemberlistI'm making a killing here, I think I should be on top of the world just chilling here.
March 21, 201115 yr exposing a dead clan, nice. 3 Years Strong<3 PM TheHitman|Will in #downfall at swiftirc if your interested in a fight against Downfall Clan
March 21, 201115 yr I could have easily guessed they've been doing that lol but thanks for letting people know I suppose.
Create an account or sign in to comment