Sythe.org — A Virtual Goods Trading Hub

trustedornot · #61 04-24-2012, 09:15 AM

Iknow this from a trusted source of HF and heres the story a microsoft application was compromised leading to some hotmails / live emails getting hacked those were the only two kind of emails that were able to get hacked anybody else who claims they have been hacked lies. well not everyone but the hacker only took hotmails and lives since the application didnt have nothing to do with yahoo / gmail etc. well i can confirm that your database hasnt been leaked and that this were simple microsofts fault and that the source told me that this has been fixed and therefor there shouldnt be anymore hacked accounts again. alittle reminder dont post your msn in your signature / in posts that was prob how he got your emails. as said above dont feel like getting hacked? = dont use hotmail! simple as that

hotmail sucks in everyway gmail or yahoo should keep u safe

i cant say how exactly this was done. but it had something to do with microsoft forgot to secure a certain breakpoint in the application so all u had to do was write "command" <-- thats not the command but a certain command to the person after youve added them on msn u write a command to them they cant see it but it sends a string / hash or so to the "sender" = sending them your actual password when he then got your password as a hash all he had to do was decrypt it so yeah microsoft fails again.

just un dude *BANNED* · #62 04-24-2012, 09:34 AM

Quote:

Originally Posted by trustedornot

Iknow this from a trusted source of HF and heres the story a microsoft application was compromised leading to some hotmails / live emails getting hacked those were the only two kind of emails that were able to get hacked anybody else who claims they have been hacked lies. well not everyone but the hacker only took hotmails and lives since the application didnt have nothing to do with yahoo / gmail etc. well i can confirm that your database hasnt been leaked and that this were simple microsofts fault and that the source told me that this has been fixed and therefor there shouldnt be anymore hacked accounts again. alittle reminder dont post your msn in your signature / in posts that was prob how he got your emails. as said above dont feel like getting hacked? = dont use hotmail! simple as that

hotmail sucks in everyway gmail or yahoo should keep u safe

i cant say how exactly this was done. but it had something to do with microsoft forgot to secure a certain breakpoint in the application so all u had to do was write "command" <-- thats not the command but a certain command to the person after youve added them on msn u write a command to them they cant see it but it sends a string / hash or so to the "sender" = sending them your actual password when he then got your password as a hash all he had to do was decrypt it so yeah microsoft fails again.

The method intercepted the password reset link that is supposed to be sent to your alternate e-mail account, they never got your actual password.

#63 04-24-2012, 03:18 PM

Quote:

Originally Posted by T R 1 B A L

Chances are it was just the old database leak that's still circulating around the internet - that could be used as an elaborate hoax maybe?

Regardless, if there was a database leaked with Kevin's information in there then it's one we didn't know about.

#64 04-24-2012, 09:33 PM

Quote:

Originally Posted by Verts

Regardless, if there was a database leaked with Kevin's information in there then it's one we didn't know about.

True say, forgot to check his join date, apologies.
Bearing in mind that it's encrypted with standard md5 (i'm presuming), and nobody has simple 1 word passwords (maybe an announcement about password strength would be advisable), surely there's more chance that the password was obtained via phishing, or another illicit method?

I really hope that kevin's keylogged (or was phished), rather than the Sythe database being spread around the internet - god knows how many inactive accounts still hang around in the database.

just un dude *BANNED* · #65 04-24-2012, 09:52 PM

Isn't md5 pretty outdated and pretty easy to dehash now a days lol.

I hope we're not using that >.>

Brendan · #66 04-25-2012, 02:52 AM

Quote:

Originally Posted by kevin001

I spoke to a guy at the day while i msn got compromised, he claimed sythe datebase has been hacked, and showed original info of my sythe acc, like password(not current one), email, etc, even some mod's acc info. i was shocked like "wtf!!??"
then i was wondering why my msn got hacked but my sythe account is safe? Now i know datebase leaking was a coincidence with MSN hacked issue.
thank you N4n0 to clarify this

Come to think of it, are you sure your old password wasn't related to any of your MSN's? That could be where it came from.

Miini *BANNED* · #67 04-25-2012, 03:50 PM

Brilliant, some good news

Divine Angel *BANNED* · #68 04-25-2012, 09:29 PM

it is unfortunate to see people get hacked :/

thelatent *BANNED* · #69 04-26-2012, 09:39 AM

Quote:

Originally Posted by trustedornot

Iknow this from a trusted source of HF and heres the story a microsoft application was compromised leading to some hotmails / live emails getting hacked those were the only two kind of emails that were able to get hacked anybody else who claims they have been hacked lies. well not everyone but the hacker only took hotmails and lives since the application didnt have nothing to do with yahoo / gmail etc. well i can confirm that your database hasnt been leaked and that this were simple microsofts fault and that the source told me that this has been fixed and therefor there shouldnt be anymore hacked accounts again. alittle reminder dont post your msn in your signature / in posts that was prob how he got your emails. as said above dont feel like getting hacked? = dont use hotmail! simple as that

hotmail sucks in everyway gmail or yahoo should keep u safe

i cant say how exactly this was done. but it had something to do with microsoft forgot to secure a certain breakpoint in the application so all u had to do was write "command" <-- thats not the command but a certain command to the person after youve added them on msn u write a command to them they cant see it but it sends a string / hash or so to the "sender" = sending them your actual password when he then got your password as a hash all he had to do was decrypt it so yeah microsoft fails again.

first post, ban evader?

688 *BANNED* · #70 04-26-2012, 07:44 PM

Us this why the websites been cradhing alot?

ABeeCDee *BANNED* · #71 04-26-2012, 08:28 PM

Quote:

Originally Posted by fpla

What is this?

says "sythe.com"

Thanks for the update.

Brendan · #72 04-26-2012, 10:45 PM

Quote:

Originally Posted by 688

Us this why the websites been cradhing alot?

I don't think so. I believe the sites crashing because it's under a DDoS attack.

#73 04-26-2012, 11:26 PM

Quote:

Originally Posted by n4n0

As far as we are aware, this exploit has been discovered and patched by Microsoft.

Hope it's really patched now.

My msn got blocked after I recovered it back from the hacker due to unusual activity. I was unable to unblock it because "phone service was unavailable in my area". I gave up and made a new MSN.

I tried to log in just now to see if it's unblocked and the password was incorrect so I recovered again, it seems they hacked it again in the past 72 hours or so. Not sure when because I haven't tried to log in since 3 days ago.

HJQscammmm *BANNED* · #74 04-27-2012, 06:44 AM

The hashing function used by sythe and other vBulletin forums is md5(md5($pass).$salt)

Generally 90% of them or so are crackable, the best GPU running through hashcat about 1.1M passwords a second can be attempted

Brendan · #75 04-27-2012, 07:46 AM

Quote:

Originally Posted by HJQscammmm

The hashing function used by sythe and other vBulletin forums is md5(md5($pass).$salt)

Generally 90% of them or so are crackable, the best GPU running through hashcat about 1.1M passwords a second can be attempted

You seem to know a lot about the subject.

Just wondering, is the upgrade to vB4 going to make Sythe any safer? Will it have any extra layers of security that could make it harder for hackers to take the Sythe Database in the future?

just un dude *BANNED* · #76 04-27-2012, 12:19 PM

Quote:

Originally Posted by Brendan

You seem to know a lot about the subject.

Just wondering, is the upgrade to vB4 going to make Sythe any safer? Will it have any extra layers of security that could make it harder for hackers to take the Sythe Database in the future?

He's banned already.

And the security will pretty much be the same btw, patches are usually rolled out pretty fast if needed.