well done cheaful.ninja ty for getting my acc hacked.

Status
This thread has been locked.

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
t might even seem a little pointless. Consider: if the hacker can get into the db, there is a good chance he can get into the server and look at the sniper source code.
You're basically saying encrypting data is pointless now? Woah lol, I'd be really concerned if I was a customer.

Just because you get into a database doesn't mean you're capable of gaining root server access. Common methods of compromising databases are done via SQLi injections. In this case, encrypted data inside a database would be useful since the hacker doesn't have the source code.

Sure "security is a myth" but at least try taking the best security measures lol.

What if I said, "security is just a myth Kappa" and all 41k MCM users their information get leaked?
 

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
After using the evidence we had, I figured it out.

The hack was actually done quite easily.

The day we were hacked, we scrambled to change SSH keys, sql passes, hosting passes, etc and make things more secure.

The hacker simply got into Chearful's skype, sniffed out the passwords and info we were throwing at each other, and came about for another round whenever he wanted to do it (a month later, to allow for new accounts to be added that he can leak/use).

In this case, the hacker could also get the SSH key though we were smart enough to send that another way.[DOUBLEPOST=1476300209][/DOUBLEPOST]It wasn't nearly as complicated as I imagine, just a huge oversight on Chearful's part mainly.

I have a company that's focused around servers. 4 of us have access to all client's servers. Sharing crucial information about your servers on Skype (WHICH IS KNOWN FOR BEING EXTREMELY UNSAFE) is just plain stupid and a rookie mistake. Proper security measures would have been SSH IP restrictions and ssh keys shared over a safer method (any known communication method with 2FA).

Don't blame it on Chearful. Judging from your previous posts, you seem to be the one responsible for the servers so these are security measures you should have taken. I'm done replying to you. It's obvious that you don't really have much knowledge when it comes to this sort of stuff. I wouldn't be surprised if this happens again.

Edit: FYI I know what I'm talking about, all my servers are PCI compliant.
 

Bryce

Senior Java & Full-Stack Developer
Supreme
Feedback score
18
Posts
678
Reactions
934
Resources
19
I have a company that's focused around servers. 4 of us have access to all client's servers. Sharing crucial information about your servers on Skype (WHICH IS KNOWN FOR BEING EXTREMELY UNSAFE) is just plain stupid and a rookie mistake. Proper security measures would have been SSH IP restrictions and ssh keys shared over a safer method (any known communication method with 2FA).

Don't blame it on Chearful. Judging from your previous posts, you seem to be the one responsible for the servers so these are security measures you should have taken. I'm done replying to you. It's obvious that you don't really have much knowledge when it comes to this sort of stuff. I wouldn't be surprised if this happens again.

Edit: FYI I know what I'm talking about, all my servers are PCI compliant.

Would it have been simple to use a salt to encrypt the passwords, save them to the database, from which the website uses that same salt to DECRYPT them to run the sniping, but never saving the decrypted password anywhere? Would this not be secure? I suck with security, I pay people to do it for me, but to me it seems like something so simple would have prevented this?
 

Bryce

Senior Java & Full-Stack Developer
Supreme
Feedback score
18
Posts
678
Reactions
934
Resources
19
Ajdin Chearful was mainly the one doing initial security, I was away the whole day. And at the time I assumed a product owned by Microsoft (aka skype) would be secure. I also assumed Chearful used secure passwords.

I think we should stop playing "Who didnt do it" and just own up to it, make things right, and move on? My assistance is always at your disposal if needed.
 
Status
This thread has been locked.
Top