POTENTIALLY A VERY LARGE SECURITY BREACH - Page 11

Jim Kuhn · #**101** 05-30-2006, 12:15 AM

[ QUOTE ]

Quote:

Quote:
I've posted an "apology", for what it's worth, for this very reason. Hopefully he will accept that the Admins are not available at this moment, and delay whatever wrath he intends to inflict upon us.

That was just pathetic.

When somebody does something like this, you don't immmediately start giving him what he wants.

I've ignored this until now but,

The apology was very stupid.

[/ QUOTE ]

What is wrong with the apology? What did it 'cost' anyone? Mike did what he felt was in the best interest of 2+2 and the forum members. He should be commended for that! I think it is very 'stupid' to question his actions.

Thank you,

Jim Kuhn
Catfish4u
[img]/images/graemlins/spade.gif[/img] [img]/images/graemlins/diamond.gif[/img] [img]/images/graemlins/club.gif[/img] [img]/images/graemlins/heart.gif[/img]

Ryan Beal · #**102** 05-30-2006, 12:38 AM

Oh, I can't fault people for questioning much of anything. But it is clear to me that, as others have said, Mike was only thinking about what would be best for 2+2.

Dynasty · #**103** 05-30-2006, 12:49 AM

[ QUOTE ]

What is wrong with the apology?

[/ QUOTE ]

An apology was wrong because it was giving someone who was trying to extort 2+2 exactly what he asked for. That's not the way you deal extortionists.

Ed Miller · #**104** 05-30-2006, 12:51 AM

FWIW, I was present during his entire "30 minute countdown," but I wasn't particularly concerned. If he could really root the server or whatever, then he wouldn't be screwing around with his little BS links and scripts like he did.

I was a little concerned about a Denial of Service attack, but then shutting down the forum is a DoS too, so whatever.

Also, the forum gets backed up nightly... and the backup had just completed when he started his countdown. So even if he did somehow explode everything, the only thing we'd really lose longterm would be the evidence (at least that's what I was worried about losing).

Also, when he posted about TotalBluff.com, I immediately went to their forum to find out what he did. Apparently he called technical support at their webhost and did the "I lost my password... can you reset it for me" game. Or something like that.

Chuck assured me that the 2+2 web hosts wouldn't be nearly as forthcoming to random kids asking for root access.

All-in-all, I didn't think he had another play besides his initial attack, so I just let him be. But I understand the pressure Mike Haven and Lloyd felt, since it may have seemed that the admins were all asleep. You did what you thought was best... and ultimately the only thing sacrificed was perhaps a little pride. It's all good.

I am concerned in general about the security of UBB. I don't have a lot of faith in the code. In my software updates in the coming weeks, I'm going to take a look at the forum code and look for ways to improve it.

Sniper · #**105** 05-30-2006, 01:02 AM

Probably worth noting that version 7 of the software is supposed to be released shortly.

MicroBob · #**106** 05-30-2006, 01:13 AM

different topic:

do we think the new poster mccaff0 might be this same guy?

He seems pretty weird in the thread in the internet-forum.

He just came to my forum-suggestions thread about it and mentioned something about microbobisajackass.com

I'm letting it go for now because I want to see where this guy is going with this stuff.

rt1 · #**107** 05-30-2006, 01:34 AM

Also, when he posted about TotalBluff.com, I immediately went to their forum to find out what he did. Apparently he called technical support at their webhost and did the "I lost my password... can you reset it for me" game. Or something like that.

awesome!

MrWookie · #**108** 05-30-2006, 01:58 AM

[ QUOTE ]
different topic:

do we think the new poster mccaff0 might be this same guy?

He seems pretty weird in the thread in the internet-forum.

He just came to my forum-suggestions thread about it and mentioned something about microbobisajackass.com

I'm letting it go for now because I want to see where this guy is going with this stuff.

[/ QUOTE ]

I think it could well be him. He's got a new IP address, but it's of unknown location again. He's the only guy I've found to get this, but it's not like a check a whole lot

Also, as to total bluff, I'd loved to have heard the conversation...

"TotalBluff.com Techsupport. How can I help you?"

"Hi, yes, I forgot my password. I need it reset."

"OK, just a moment. We can do that for you. What was your account name?"

"Root."

"How do you spell that?"

"R-O-O-T."

"OK, I see you right here. Your new password is temp12345, and you will be asked to change it when you log in. Remember, never give your password out to anyone that asks for it. Is there anything else I can help you with?"

"!!!"

<font color="white">Yeah, I know he didn't get root, but someone elses. Let me enjoy my joke, dammit! </font>

stabn · #**109** 05-30-2006, 05:05 AM

[ QUOTE ]

But the remarks made by Jason and the title change were uncalled for.

[/ QUOTE ]

FWIW, someone, i'm not sure who, did this in the past week to another spammer (the guy who got 38 out in different forums before he was banned). They changed his title to something similar and i fixed his title back to newbie and left a note in his profile that doing something like that isn't cool even if the guy is a spammer.

However,

While that person may have been deserving of an apology if he had come to 2+2 and posted in about the forums about it once you start hacking accounts that is out the window.

stabn · #**110** 05-30-2006, 05:14 AM

[ QUOTE ]
Mike was only thinking about what would be best for 2+2.

[/ QUOTE ]

I don't think anyone questioned his intentions.