LOL i hear its a VB exploit.
They found it, and i think there snuffing it out.
What im waiting for is how some of our admins are gonna lay down a cap of whoop ass on.
Harvey for one is not someone i would like to mess around with on the interweb.
Supporting piracy to pay for the forums... way to go AT!
Ah, okay... that explains that.i posted it last night while it was happening
the hacker guy deleted the posts
at the time i wasn't positive , but now i am sure what account was doing it all
Can the AT forums themselves be nominated for Ownage of the Year?:awe:
all i know is the ForumsAdmin account was taken over by an unauthorized person about 10:30 pm central time last night
Perknose has disabled or otherwise neutered that account as of a couple hours ago
'they' (senior moderators/forum directors) are still figuring it all out and haven't told us lesser moderators much about what is going on
What im waiting for is how some of our admins are gonna lay down a cap of whoop ass on.
Harvey for one is not someone i would like to mess around with on the interweb.
It's probably Perk, I never understand anything he says and make me go
at any rate, people should've know better than to use the same password twice for anything. (remember when 4chan "hacked" facebook by just using a password list from another site?)
if you want something easy to remember, try this. for example, my favorite food is ..let's say corndog, add a number, say... my favorite year... 76
at www.gmail.com my password would be gcorndog76l
at anandtech my password would be acorndog76h
at amazon my passowrd would be acorndog76n
etc easy
oooh
What are they gonna do? Send a strongly worded email to a nigerian email account?
and you obviously dont know harvey.
Posting in this thread, hoping for an explanation of what happened.
Oh and I agree with the poster in this thread who thought the "funny" forum notices are just lame now. When it's a new one every 3 days they cease to be funny.
even encrypted, they can be pulled from the DB with the right knowledge.
I like the funny notices, but I wish they were accompanied by a real explanation of what's going on. AT has a history of lack of transparency issues.
Encrypted, yes. One way hashed, no. Brute force at that point, especially if the hashing is something better than, say, md5.
I imagine they didn't(still don't?) know exactly how it happened. Assuming that, a basic understanding of English(this is an English based forum) will tell you what's up, and what they know. For the slow amongst us, I'll help out. This time the service is free, next time I'll require Paypal donations ;^)...
Hi lxskllr, This is me, your name will be here
Folks, and folkettes (both of you) we were the victims of a serious forum breach early this morning, possibly from aliens, we're not sure. We got haxxored/somebody did naughty things with resources they weren't authorized to use
Our field hospitals are littered with the horribly wounded and the merely annoyed, their blood curdling complaints chilling us all. It's a pain in the ass, but we have a bunch of people working on it
We will fight on the beaches, and in the hills and sub-forums, so that our valor or at least our sheer stubbornness will be long cherished and dearly remembered. we'll keep at until we find out how it happened, and it will be fixed
For as long as the English language is misused men will say, "This was their finest hour ... sort of." Most of you ingrates will appreciate the work once everything's working securely and smoothly
See? It really isn't that difficult
There's nothing to brute force. If you pull a hashed pw out of the database, you use the hash to log in with. The boards themselves should never even see a clear text pw when logging in.