DiExposed Posted March 20, 2011 Share Posted March 20, 2011 Damage Incorporated has been discovered logging all user log ins since late 2006. This modification was added to the forums, for who knows what reason ... http://www.youtube.com/watch?v=t0iSM-vt9eI Discuss. Link to comment Share on other sites More sharing options...
Twix Posted March 20, 2011 Share Posted March 20, 2011 I have no idea what this is but that random user is my forum acc lol what are the odds >.< Link to comment Share on other sites More sharing options...
DiExposed Posted March 20, 2011 Author Share Posted March 20, 2011 Did you even watch it? They have been logging user/pass info and stored it away for who knows what reason. Basically if you log in there ever, they can use your password to hack you elsewhere. Link to comment Share on other sites More sharing options...
Twix Posted March 20, 2011 Share Posted March 20, 2011 Thats why most persons have different passwords for other sites Link to comment Share on other sites More sharing options...
Twix Posted March 20, 2011 Share Posted March 20, 2011 And now you've hacked/defaced the website, good job? Link to comment Share on other sites More sharing options...
DiExposed Posted March 20, 2011 Author Share Posted March 20, 2011 Yeah, alerting people that they have been compromised is bad. Link to comment Share on other sites More sharing options...
Twix Posted March 20, 2011 Share Posted March 20, 2011 (edited) Brian admitted he was storing passwords because of an exploit in the recovery system. He advised everyone to use different passwords aswell. If you need your password back you could just ask. Edited March 20, 2011 by Twix Link to comment Share on other sites More sharing options...
DiExposed Posted March 20, 2011 Author Share Posted March 20, 2011 In the source code there is clearly a comment stating that Eric did it, and not to tell anyone about it. Link to comment Share on other sites More sharing options...
Twix Posted March 20, 2011 Share Posted March 20, 2011 Everyone still knew lol Link to comment Share on other sites More sharing options...
DiExposed Posted March 20, 2011 Author Share Posted March 20, 2011 I am sure all new members for the last 4 years were made aware. Link to comment Share on other sites More sharing options...
The Observer Posted March 20, 2011 Share Posted March 20, 2011 (edited) It's common knowledge really that with IPB2 you can easily find people's login information. This problem was fixed in IPB3. Sure there's ways to go around that, but you'd need access to the database and the salts which make it more complicated. It just goes to show to use different passwords for different sites. Not really a difficult concept to grasp to be honest. Edited March 20, 2011 by Killerred005 Link to comment Share on other sites More sharing options...
Wee Man Posted March 20, 2011 Share Posted March 20, 2011 (edited) So you exposed what exactly? That password & attempted logins were being stored...not exactly a thing that needs "exposing" really :unsure: Edited March 20, 2011 by WeeMan1311 Link to comment Share on other sites More sharing options...
Nessaja Posted March 20, 2011 Share Posted March 20, 2011 The odd thing is here that they were stored in plain text. Link to comment Share on other sites More sharing options...
obfuscator Posted March 20, 2011 Share Posted March 20, 2011 So you exposed what exactly? That password & attempted logins were being stored...not exactly a thing that needs "exposing" really :unsure:Login information always has to be stored in the database - but this shows that DI was deliberately storing them in plain text in a way that could make them easily retrieved. "It's not a rest for me, it's a rest for the weights." - Dom Mazzetti Link to comment Share on other sites More sharing options...
kuru72 Posted March 20, 2011 Share Posted March 20, 2011 (edited) Lol I made an account in those forums just for the New Year's hack lulz. Can't remember the user and pass now though. :\ Edited March 20, 2011 by kuru72 Retired on: June 30, 2010 Link to comment Share on other sites More sharing options...
Nobody Posted March 20, 2011 Share Posted March 20, 2011 It's also best to avoid registering on other clans' forums. :P With love to one, friendship to many, and good will to all. Link to comment Share on other sites More sharing options...
Deltaer Posted March 20, 2011 Share Posted March 20, 2011 (edited) So you exposed what exactly? That password & attempted logins were being stored...not exactly a thing that needs "exposing" really :unsure: Passwords are stored in databases but they're encrypted.. meaning that no one, including people who have access to the database, can crack your password. They exploited code to mess around with that. Kinda disappointed here. Luckily I use a different password for everything, but damn, I can't help but think how many accounts were hacked this way. Really uncool. Edited March 20, 2011 by Deltaer [2010] Proud Member of Downfall[2004-2005] Former Leader of The Unbreakables, Former Member of Corruption, Former Member of 'The' Clan(...and Anarchy for a few weeks... shhh...) Link to comment Share on other sites More sharing options...
Briann Posted March 20, 2011 Share Posted March 20, 2011 You were probably the hacker, lol. Link to comment Share on other sites More sharing options...
obfuscator Posted March 20, 2011 Share Posted March 20, 2011 This is what passwords look like in a database in their encrypted form: It is possible to unencrypt them, that is, make them legible - but it's difficult. "It's not a rest for me, it's a rest for the weights." - Dom Mazzetti Link to comment Share on other sites More sharing options...
Uffan5 Posted March 21, 2011 Share Posted March 21, 2011 Ok, thanks for the update. Crimson Raiders Forums | Crimson Raiders Runehead | Crimson Raiders FA Runehead§ Crimson Raiders Veteran | Ex Downfall Warlord | Ex Team Vendetta Council Link to comment Share on other sites More sharing options...
SAGE Posted March 21, 2011 Share Posted March 21, 2011 Everyone running 2.X.X did this back when it was relevant. :$ Link to comment Share on other sites More sharing options...
Ankit Posted March 21, 2011 Share Posted March 21, 2011 Oh, that's incredible useful. #Solace | Solace Senior Member | Solace Forums | Solace MemberlistI'm making a killing here, I think I should be on top of the world just chilling here. Link to comment Share on other sites More sharing options...
Thehitman324 Posted March 21, 2011 Share Posted March 21, 2011 exposing a dead clan, nice. 3 Years Strong<3 PM TheHitman|Will in #downfall at swiftirc if your interested in a fight against Downfall Clan Link to comment Share on other sites More sharing options...
Romdath Posted March 21, 2011 Share Posted March 21, 2011 now I know everything. Link to comment Share on other sites More sharing options...
Danny_TeamDan Posted March 21, 2011 Share Posted March 21, 2011 I could have easily guessed they've been doing that lol but thanks for letting people know I suppose. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now