Posted by: surfshacktito | May 30, 2011

Clearing up

Aloha little cuz’s! Today I’m going to be clearing up some of the confusion and or statements made by various people that has been directed to my attention! Most of the ones here are most likely to be wrong, funny, or just me bashing those cuz’s!

Let’s start, shall we?

Zap610: “It isn’t a matter of “easily hackable” so much as how hard these hackers try. I guarantee you if these same people targeted ZDoom it would be hacked just the same.”

Ah no little cuz, we don’t want to attack ZDoom. We have no reason to!

Zhs2: “The only problem of the matter here is finding people butthurt enough to do so. 12 year old script kiddies that got kicked out of a clan/invited scorn upon themselves by equally mature skulltag members/felt harrassed by the community in general?”

Definition of script kiddie: Uses tools written by hackers without understanding what they do or how they work. Will be helpless to proceed if the tools don’t work automatically and immediately – are incapable of fixing any issues themselves without someone showing them how (perhaps in excruciating detail). Expect people to be impressed that they can crack WEP or own an unpatched and unprotected Windows box using autopwn in Metasploit. Are the subjects of derision of real hackers.

Definition of hacker: Likes to find ways to use systems to their fullest extent, in ways perhaps not intended by their designers. From a security perspective – they understand the way systems work on a detailed level and can find and exploit vulnerabilities via their own effort, as well as write tools to automate the exploitation of the vulnerabilities. They love to learn, to understand and to challenge themselves intellectually, and they appreciate elegant solutions.

That’s right folks! This exploit we have been using on phpBB3 is… gasp! Our own? Learn the difference between script kiddies and hackers little cuz! Major difference!

mandolore: “Most of the furries most be crying about this”

Now that’s something that made me laugh, it’s probably true! Those cuz’s must be crying.

Synert: “Am I the only one who actually finds this funny? I’ve also now lost all confidence in phpBB’s security.”

Nah little cuz, we find this funny too! phpBB’s security is much better than VBul, SMF, and IPB anyways! Or if you prefer to use a not much known forum software!

tm512: “It is perhaps the largest and most used piece of forum software out there. Of course there are going to be exploits.”

That’s true little cuz! There are no pub exploits though, so little skids don’t get their hands on them! As for priv8 exploits…. let’s just say there’s a good amount 😉

AlexMax: “it’s not phpBB’s fault when you don’t update or use an insecure plugin. phpBB3 is a ground-up rewrite anyway, it’s got a really nice security record.”

Ding ding ding. This little cuz is correct. Although, updating wouldn’t made a difference. And it does have a good security record for all the little cuz’s out there who use it!

Konar6: “ST is peaking in popularity and that by itself makes it a prime target. Or were Codeimp’s attacks on ZDaemon in its better times forgotten? And why doesn’t it happen to Odamex? Is it hack-proof, or is it because noone would bother?”

No no no little cuz. That is not why it’s a target! But if you think so. Also that little cuz’s attacks on ZDaemon were not forgotten and were epic! And as for Odamex, no reason to attack those cuz’s!

Blzut3: “Also to clear up concerns with phpBB’s security, I’m fairly sure none of the “hacks” since we were running phpBB 2 (remember the santy worm?) were due to actual forum software vulnerabilities.”

Well then little cuz, I’m fairly sure that you are indeed an idiot! Let me repeat this just for you Blzut3: There will always be vulnerabilities, no matter how much you deny it 🙂

Xenaero: “This is disappointing, honestly. Might be a good idea to not use phpBB anymore. I’ve brought this up in the past but it seems a bit more valid now. Be it that it will not prevent hacking entirely is moot, it is certainly a better option and should be seriously considered.”

ST Staff, listen to this cuz! He’s a smart man! Don’t let the fatman stop you from changing software! Be free cuz’s!

Xenaero: “Basically just reset your pass and never change it from the password the email gives you. You’re safe forever.”

Little cuz, no no no that won’t work! That just makes it easier to crack!

Spam205: “At least the message on the wiki reminded me that I hadn’t watched Rocket Power in about 7-8 years.”

I’m glad you liked our message little cuz!

UnTrustable: “I would wish hacking like this would be a crime by law and people could more easely track down who really did this.”

I would wish little cuz’s like you would stop being morons and learn proper grammar and english! Plus, no one cares about this forum, little cuz.

ConflagratedCanine: “Let’s not devote time and resources to catch rapists, murderers, and arsonists; No let’s fret over some small forum that nobody cares about.”

Now that’s another funny post! This little cuz knows what he’s saying!

Eruanna: “After the most recent hack we decided to remove all board mods. Right now this is sitting on a stock, 100% unmodified phpbb3. The possibility that any of the mods had security exploits is actually rather low but in order to decrease the chances of another hack happening again we decided to try a vanilla phpbb3 to see how well it would hold.”

Little cuz, you still failed! At least try harder if you are going to stop us! Also we all know that you are clearly upset and hurt deep down inside! (At least that’s what my source has been telling me o_O)

ConflagratedCanine: “In a word: Nobody gives a fuck.”

True dat little cuz!

Eruanna: TL;DR post

See ConflagratedCanine’s response above ^

Eruanna: “We do have solid reasons to believe that they have the forum DB and are using that to “brute force” passwords. Already 3 accounts have been cracked.”

Rivecoder: “The forum’s use phpBB3’s hashing scheme, which is very strong. It includes a salt and a time-intensive hash operation (MD5 repeat thousands of times) to defend against rainbow tables.”

Contradiction much? If it’s a very strong hashing mechanism, then how are we supposedly brute forcing passwords? I’ll let you two cuz’s figure this one out!

NukeR: “So does that mean my forum will be safe? They run on phpBB 3.0.8 (latest)”

Yes little cuz, we don’t care about other forums. This exploit won’t get out anywhere either, so you are good 🙂

And that’s a wrap for today! More might come in the future, who knows!

PS: As the ancient Hawaiian’s used to say: If you aren’t an Hawaiian, then you are gay!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: