BBF has turned into a clown show, with Cinco de Mayo being the head Bozo, and not informing their boards of this hacking is negligence on their part. At this point, I wonder why anyone would still be posting there. Slower page reload speeds, infantile mods, and minimal security. Thanks for the heads-up, Denny Crane. I just changed my password here and on the other site where I use the "PapaG" moniker.
I just posted a thread on this topic at BBF. A poster put up this link to the hacker's actual thread: http://www.basketballforum.com/comm...ions/412095-i-seriously-think-site-needs.html He has some beef with truebluefan or something because he called him out directly. Maybe he was looking for some cash for revealing the hole in the security...
I'm interested in who this hacker is. The ghost of kidcrawford? Seems to be a Bulls fan, and a bbb.net old timer.
To be fair, their staff isn't very technical and they obviously didn't recognize the threat the hacker posed. Their system admins don't post on the site or do much other than keep it running, and they obviously didn't see it. The mods didn't put 2+2 together and get the system admins involved. I do think they botched handling the public relations side of it. When you see the guy has hacked multiple accounts, and some have creation dates (join date) from 2003, it means he has access directly to the database (scary!!!!) or admincp (just as scary!!!).
Denny so did you actually get the FBI involved? or was that a joke? It shouldn't be too hard to find out who did it with the right information. Actually Denny wouldn't you have the ip address of the guy who logged in as DengGordon? and then find out if any other regular user shares the same ip address?
http://ic3.gov And yes, I passed on ALL the info I could about the hacker, including quite a bit I was able to find through my own investigation.
It was nobody who's ever posted here, as near as I can tell. They could have been using someone else's system.
Damn, well that ruins the fun. We could have had a good 'ol fashioned virtual public beheading or virtual throwing of tomatoes or something.
thanks for the information about the other board. the fact that they played the reset off as a "annual password reset" or whatever they called it is a shame... not going back there.
You're right. Usually database systems are setup that they salt and hash your password, and thus it cannot be easily reverse engineered. However, if someone knows how the hash algorithm works or has a powerful enough computer, they can figure out everyone's password. It would be hard for the hacker to figure out your paypal or credit card account number from your forum handle, but you never know. Better safe than sorry. Time for me to switch up my passwords anyways.
The hash algorithm for vB3 is published on thousands of WWW sites if you google for it, so that's not an issue. They can be reverse engineered, and hackers tend to have access to dozens of hacked systems they can employ for doing the reverse/decryption. My concern for people is that if they have their password compromised here or at another site AND use that same password for Yahoo! bill pay service, the hacker could use that password to log into your bill pay account.
