<- 1  -   of 3455 ->
^^
vv
List results:
Search options:
Use \ before commas in usernames
arkarian
2015-05-02 06:28:33 pm
red chamber dream
i was born like right before it fell lol
Toozin
2015-05-02 07:42:20 pm
Not impossible
just highly unlikely
I think there's a ton of important and significant stuff happening all the time, but it's hard to see it without hindsight.

Like, the advent of the internet as we know it today happened within most of our lifetimes, and that completely changed the way the entire world works. But we grew up with it and now it's just a normal thing, so it's hard to see it for what it is.
Poision Envy
Poision Envy
Edit history:
Poision Envy: 2015-05-03 06:32:11 pm
2015-05-03 12:39:17 am
Club 27 Goals
Hmm, morale dilemma. Do I eat Taco Bell or Panda Express?
Poision Envy
Poision Envy
Edit history:
Poision Envy: 2015-05-03 06:32:31 pm
2015-05-03 12:40:47 am
Club 27 Goals
I've got the biggest gonads on this half of texas
Toozin
2015-05-03 01:30:37 am
Not impossible
just highly unlikely
If you ask me if a site has security that lax then they deserve a good buttfucking.

Of course I don't know how you could give it to the site without also screwing over the innocent users of that site, so I guess it's best left alone.
Toozin
2015-05-03 01:33:22 am
Not impossible
just highly unlikely
Of course you do realize you gave enough information that anyone less morally scrupulous that happens by (or is already on) this board could go in and do some serious damage before your report gets addressed, right?
arkarian
2015-05-03 01:41:43 am
red chamber dream
you would be amazed at the amount of people with brain dead passwords out there
Idkbutlike2
2015-05-03 02:16:54 am
Jesus, I thought people who smurf boost in Dota were bad enough. Why the fuck would you pay someone to grind MMR for you? Playing with more skilled people doesn't make you suck less... Usually.
Opium
Opium
Edit history:
Opium: 2015-05-03 02:42:49 am
2015-05-03 02:39:13 am
lol you could have just said you got in, you didn't have to tell the whole world how they can get in, too.

I hope you alert them and they change it before something bad happens.
DJGrenola
DJGrenola
Edit history:
DJGrenola: 2015-05-03 06:57:50 pm
2015-05-03 04:46:03 am
poision: well the first time I cracked a server I was really green and stupid and went blundering in without thinking about what I was doing. I actually made some (harmless and easily reversible) changes to their database before the sinking feeling set in and I started to realise I could end up in some very serious shit. so all I could do at that point was email them about it, I was as polite and forthcoming as I could possibly be, pointed out that I was a long-time customer of theirs and I'd not intended to cause any trouble.

it took them a week to get back to me during which time they were probably trying to decide whether to take me to the cleaners over it or not, lol. but in the end they were very professional about it and even offered me some free stuff for bringing it to their attention. but the people I was dealing with were a high street company rather than [redacted].

these things are often found by accident ("I'll just see if this works!") so in many cases they already have your real IP address. at the end of the day it's very hard (at least according to the letter of UK law, which is all I was concerned with) to prove the existence of a vulnerability in someone else's running system without actually putting you in a position where you can maybe be prosecuted for exploiting that vulnerability. so you have to make a judgement call about whether to report it, and whether to do it anonymously or not.
Toozin
2015-05-03 06:28:01 am
Not impossible
just highly unlikely
Best solution: change the admin password, then see how much they're willing to pay for it.*


*May not be best solution
Opium
2015-05-03 03:22:42 pm
yeah maybe delete the post, never sign back in, and don't report it because it never happened.
Poision Envy
2015-05-03 06:11:59 pm
Club 27 Goals
Quote from Idkbutlike2:
Jesus, I thought people who smurf boost in Dota were bad enough. Why the fuck would you pay someone to grind MMR for you? Playing with more skilled people doesn't make you suck less... Usually.

People believe that they're stuck in an elo hell and obviously should be much higher but it's their teammates that drag them down.

My ex got boosted to plat, but she ducked so badly she's back to bronze now which is hilarious to me.
Poision Envy
2015-05-03 06:17:55 pm
Club 27 Goals
Quote from DJGrenola:
poision: well the first time I cracked a server I was really green and stupid and went blundering in without thinking about what I was doing. I actually made some (harmless and easily reversible) changes to their database before the sinking feeling set in and I started to realise I could end up in some very serious shit. so all I could do at that point was email them about it, I was as polite and forthcoming as I could possibly be, pointed out that I was a long-time customer of theirs and I'd not intended to cause any trouble.

it took them a week to get back to me during which time they were probably trying to decide whether to take me to the cleaners over it or not, lol. but in the end they were very professional about it and even offered me some free stuff for bringing it to their attention. but the people I was dealing with were a high street company rather than some seedy gaming service.

these things are often found by accident ("I'll just see if this works!") so in many cases they already have your real IP address. at the end of the day it's very hard (at least according to the letter of UK law, which is all I was concerned with) to prove the existence of a vulnerability in someone else's running system without actually putting you in a position where you can maybe be prosecuted for exploiting that vulnerability. so you have to make a judgement call about whether to report it, and whether to do it anonymously or not.

Thanks for this, and yeah I was smart enough to do it from a off shore server anyway, so I doubt it's easily tracked without getting very serious. In the end all I did was log out, and left an anonymous message on their product review page. I'll just delete that post now. The whole legality of it all is iffy, but I guess you're nowt even supposed to try and log in in they'll first place. It'd be like just opening a door to a building and the doors unlocked, then you see all this money and shit on the ground. Nope nope nope.
Poision Envy
2015-05-03 06:19:21 pm
Club 27 Goals
Quote from Opium:
lol you could have just said you got in, you didn't have to tell the whole world how they can get in, too.

I hope you alert them and they change it before something bad happens.

It'd be nearly impossible for them to figure out which site I'm talking about, as there are hundreds of boosting sites now. And hey if they can log into the administration accounts with the same password... they kinda deserve it. They're lucky I'm not a malicious teen.
ryu
2015-05-03 06:21:39 pm
Is that "business" even run from the states?
Poision Envy
2015-05-03 06:33:10 pm
Club 27 Goals
Actually, now that you mention it, the dudes that run it are Chineese. Welp.
DJGrenola
2015-05-03 06:56:16 pm
when I broke that first machine I went from feeling really elated and clever for breaking someone's security to feeling like utter death within about 20 minutes once I realised I might get nailed for it. probably the most profound mood swing I've ever experienced, heh.
Poision Envy
2015-05-04 02:09:59 am
Club 27 Goals
DUDE yes, I can totally relate to that. The feeling of "Oh man I can totally bust these guys and get tons of free elo boosts and accounts" to "holy shit this is probably a federal offense"

Reminds me of when I used to play runescape, and a buddy of mine bought a website (I was 17 at the time and he was 22). He got the URL that was something like "Runescape3beta.com" and set it up as a phishing website. I helped him make up some fake news page about it being the new beta for runescape and shit, and accounts just started pouring in when he advertised it.

It wasn't more than two weeks later that he got a personal letter, in the mail, from Jagex detailing exactly what laws he's breaking and what sort of jail time he could be facing for it if it wasn't taken down within a certain time frame. We collectively shat ourselves and never spoke of it again.
ryu
ryu
Edit history:
ryu: 2015-05-04 04:15:21 am
ryu: 2015-05-04 04:13:58 am
ryu: 2015-05-04 04:13:41 am
2015-05-04 04:13:27 am
Somehow I think it's sad we have to consider logging in to a shady businesses' admin panel with pretty much the second worst security imaginable a federal offense :/

It always pissed me off that the net was also (and has exploded) into a room for businesses and laws. I just can't grow up in this regard. But then the whole system is sustained by businesses, really no need to be angry like a 12 year old. mumbling to self...
Poision Envy
Poision Envy
Edit history:
Poision Envy: 2015-05-04 06:52:14 am
2015-05-04 06:51:43 am
Club 27 Goals
Just bought this: http://www.furrydakimakura.com/collections/mousepads/products/isabelle-mousepad

Can't wait. That site can be very NSFW and I'm pretty sure tBob  would burn his shirt if he browsed around it for too long, but the link I posted should be clean.
arkarian
2015-05-04 09:47:48 am
red chamber dream
that's the character people are obsessed over?
Turtle
2015-05-04 10:51:14 am
I like turtles.
What a bitch.