POTENTIALLY A VERY LARGE SECURITY BREACH

Entity · #1 05-29-2006, 03:12 AM

http://forumserver.twoplustwo.com/showfl...e=0#Post5989538

If you click a link in that post people can login using your 2p2 credentials. I don't know what other logins people can use (if the site was designed just to lift 2p2 passwords from cookies?, or potentially exploit other flaws).

Sniper · #2 05-29-2006, 03:44 AM

Thread in Poker Theory w/same link

Entity, what makes you think that link is lifting 2p2 passwords from cookies?

MicroBob · #3 05-29-2006, 03:51 AM

I went to sniper's link in Poker Theory and decided to ban poster 'god splices' and warn that his link might have a virus.

It's not my forum but I think the allegations are credible enough that we can take such precautions.

Besides, it's only his 1st post and such spam is not allowed anyway.

I can't delete the thread of course but I felt that a warning in his title was warranted in this situation.

Entity · #4 05-29-2006, 03:57 AM

god splices is the hacker. His IP is from Asia and his login contains a reference to a very famous hacker (google the hacker name splices).

Several posts (3-4) were made under my username that I didn't post. That served as confirmation enough for me.

Rob

MicroBob · #5 05-29-2006, 03:57 AM

WARNING: I have not clicked the link that was sent to me.
Do so at your own risk.

I have just received a PM from a poster named brandysbich titled 'That Hacker':

"that hacker guy" (this is the linked part)

"I think found that guy who did this, i found his site on google."

right-clicking on the link and checking out the 'properties' I get this address:
splices.knows.it

MicroBob · #6 05-29-2006, 03:59 AM

It should also be noted that I did not post about this in the regular forums.

I got the PM right after I posted in mod-discussion that I had banned the guy.

So I'm wondering if somehow he's able to see the mod-discussion (perhaps having hacked into a mod's account somehow??).

Some of this may sound paranoid. But I found it quite odd that I got a PM from him without having posted in the regular forums about this AT ALL.

MicroBob · #7 05-29-2006, 04:00 AM

Entity - if he is posting using your name then I find it very possible that he has hacked your account and can possibly read this very thread.

Entity · #8 05-29-2006, 04:03 AM

[ QUOTE ]
Entity - if he is posting using your name then I find it very possible that he has hacked your account and can possibly read this very thread.

[/ QUOTE ]

I changed the password on a different computer, and have begun a complete reinstallation of everything (currently reformatting) on the computer that clicked the link.

Entity · #9 05-29-2006, 04:04 AM

[ QUOTE ]
WARNING: I have not clicked the link that was sent to me.
Do so at your own risk.

I have just received a PM from a poster named brandysbich titled 'That Hacker':

"that hacker guy" (this is the linked part)

"I think found that guy who did this, i found his site on google."

right-clicking on the link and checking out the 'properties' I get this address:
splices.knows.it

[/ QUOTE ]

That link will likely have the same results. Wish there were an easier way to check it to see what it does/how it does it, but I don't want to click it from any computer that I don't want infected.

Rob

MicroBob · #10 05-29-2006, 04:08 AM

Right.

I PM'ed brandysbich to say that I won't be clicking on an unknown link and I have not heard back.

Good that you changed your password.

We have a potentill BIG emergency here.

Also - I checked brandysbich recent posts.

He just made a post in OOT titled 'Ed Miller naked hahaha'

But just last week he had a thread titled 'Could somebody please thell me how to take a screen shot'

So I don't think this poster is particularly computer saavy.
I think his account has been hacked.

I'm going to ban him for now since he's obviously been 'taken over'.