Author Topic: FA admin account compromised (yet again) (Read 17405 times)

Pi · « **Reply #120 on:** December 21, 2010, 05:42:01 pm »

Quote from: Jim Demintia on December 21, 2010, 05:31:31 pm

Quote from: a pigeon on December 21, 2010, 05:27:30 pm
Quote from: Dragoneer
December 2010 Hacking

By now, many of you know that Fur Affinity was attacked on Friday, December 17th 2010. Attackers were able to compromise the admin system using a previously unknown, unreported XSS exploit

The casual attitude with which he lies through his teeth is kind of disgusting, really.

Well, no, that could be technically correct. The specific xss exploit used as part of this attack might not have been one we've found before. Of course, this is like a Catholic girl saying "I'm still technically a virgin" even though she's had 10 dicks in her ass.

Conan · « **Reply #121 on:** December 21, 2010, 05:50:08 pm »

Quote from: Dragoneer

We were able to flush the attacker out of the system through multiple wipes of cookies and active login sessions (which some of you may have noticed when your account were logged out).

I envision them flailing their arms and ignoring the giant red "SHUTDOWN" button in the middle of the room.

Quote

We make no excuses for what happened.

Yet you will make excuses in three months when it happens again and people ask why it wasn't fixed before.

Also, he forgot the part where they sat and watched all this unfold for a while before taking action.

Also also, great job posting this offsite, in a place where it's less likely the average user will find it, in a place where anyone wishing to question them would need to have a Livejournal account.

UncreativeUsername · « **Reply #122 on:** December 21, 2010, 05:59:09 pm »

So, if I'm reading this correctly, they were compromised three times, and the Gawker issue wasn't even related? That's worse than I thought. Does anyone happen to know about how many notes the hacker(s) ultimately got, and if it's possible people who just download them from a site could be breaking the law? Like, Theft by Receiving or something like that?

Conan · « **Reply #123 on:** December 21, 2010, 06:07:55 pm »

Quote from: UncreativeUsername on December 21, 2010, 05:59:09 pm

and if it's possible people who just download them from a site could be breaking the law? Like, Theft by Receiving or something like that?

If there was a law like this (or they enforced laws like this) they most certainly would have used it against WikiLeaks by now.

Jim Demintia · « **Reply #124 on:** December 21, 2010, 06:33:12 pm »

Quote from: Conan on December 21, 2010, 06:07:55 pm

If there was a law like this (or they enforced laws like this) they most certainly would have used it against WikiLeaks by now.

The Supreme Court ruled in 1971 that at least as it applied to question relevant to the New York Times receiving and publishing the Pentagon Papers, that receiving leaked information was not a crime. Of course, that was more relevant to actual classified government information, but nonetheless it's more or less unheard of for those who download information, regardless of if it was legally obtained or not, to be (successfully) prosecuted.

Fiz · « **Reply #125 on:** December 21, 2010, 06:58:21 pm »

Dragoneer is saying hes open to advice about the security issues.

Quote from: little old me

6. Are you willing to accept advice and criticisms about further site security? I'm sure theres plenty of people who know this kind of thing that would love to help at this point.

Quote from: dragoneer

6) Yes.

Have at it, guys.

Pi · « **Reply #126 on:** December 21, 2010, 07:12:22 pm »

My god, this thread.

http://i.imgur.com/NHyHD.png in case of deletion.

Conan · « **Reply #127 on:** December 21, 2010, 07:29:31 pm »

Quote from: Pi on December 21, 2010, 07:12:22 pm

My god, this thread.

rodox_video · « **Reply #128 on:** December 21, 2010, 07:29:46 pm »

Quote from: Fiz on December 21, 2010, 06:58:21 pm

Dragoneer is saying hes open to advice about the security issues.

He doesn't deserve it.

AshleyAshes · « **Reply #129 on:** December 21, 2010, 08:21:45 pm »

Quote

Fur Affinity was attacked on Friday, December 17th 2010.

I thought it started on Thursday...

Quote

We pulled the website offline, and closed the hole that lead to the initial attack

But they didn't shut the site down on Friday, they shut it down on Thursday. That same Thursday where Dragoneer assured us that FA was not hacked and that it was the fault of Gawker. How could the close the hole if he thought it was Gawker?

Quote

After closing the initial hole that the intruder was using to compromise the site

And that would be Friday. He just flat out lied about the Gawker thing on Thursday.

Fiz · « **Reply #130 on:** December 22, 2010, 12:52:53 am »

Furry News at 11: FurAffinity is now protected from any criticism because it is a "free service". More with that in a moment.

First up on the hour is PrivatePoinkler insisting that if these security issues were made public, something would have been done about it!

Wow it's the same song and dance every time. Sycophants are the cutest people.

Conan · « **Reply #131 on:** December 22, 2010, 01:33:49 am »

Quote from: Fiz on December 22, 2010, 12:52:53 am

Furry News at 11: FurAffinity is now protected from any criticism because it is a "free service". More with that in a moment.

lol I guess that means every email provider and Facebook and Myspace and Twitter and everything else online can get away with something like this!

UncreativeUsername · « **Reply #132 on:** December 22, 2010, 03:14:07 am »

I saw something of interest on Dragoneer's ED page, in Chapter 5:

Quote

A "popufur" furry named Zaush right in king fur's(dragoneer) convention raped a girl at a furcon. But rather than turn in Zaush to the cops, cause the guy constantly had money being flung at him for commissions, he told the girl who got raped to try and like it. Well the victims brother didn't give a shit about "protecting the image of furry", rather than let 'neer get away with helping a rapist, he bashed right through Fa's security, with not even so much of a challenge. The brother then proceeded to wreak havoc on furaffinity. Hacking all the mods and admins, trying to get as much information to put Zaush and Dragoneer behind bars. He took screenshots of extremely damning stuff that the Admins had said and spread it all about. {please post the screenshots by the hacker to get Dragoneer behind bars}

You were saying you were working on his ED page in another thread, Conan, so, I'll ask you. Was this in reference to the latest hacking? If so, is this the incident with Ferality? I've never heard anywhere here or elsewhere that her brother was responsible for this.

Also, either his FA age is wrong or his ED birthyear is. He couldn't have been born in 1983 and be 30.

Jim Demintia · « **Reply #133 on:** December 22, 2010, 05:57:25 am »

I'm pretty sure the 1983 comes from his IMDb page.

And no clue about the veracity of the allegations there. It'd be nice if MediaWiki had a function similar to "svn blame", but it doesn't. Best you can do is trawl through the history page and try to find the diff containing that paragraph.

Edit: It's this person who wrote that section.

bridgeportcat · « **Reply #134 on:** December 22, 2010, 07:00:25 am »

Quote from: Dragonner, in response to Java evidence

In the state that Ms. Reed lives in bestiality is not illegal according to the information I had at the time, and the current laws right now.

Also, I was under the assumption Java had lived in North Carolina?

Quote from: Dragoneer

Maybe I saw "North California" as "North Carolina" when it was brought up ages ago. I've always been under the assumption she was from NC, which didn't have laws when I looked into it.

Quote from: Bridgeport the Faaaat

NC doesn't have laws, but California sure does. When someone brings you this kind of very, VERY obvious case of animal abuse it REALLY pays to look into it and not "misread" the laws.

She has two other accounts. She is living in Northern California. What will your actions be now that you have the evidence right in front of you?

Quote from: Dragoneer

Given all the evidence given to the police... did anything ever happen to her from that? I guess my question would be if the police have taken action, then I would have an issue.

Given it happened so long ago, I would say that's something I'd be interested in knowing. Have any further issues ever happened on FA?

HANDS THROWN IN AIR, GIVING UP ON THIS SHIT

Jim Demintia · « **Reply #135 on:** December 22, 2010, 07:10:34 am »

Quote from: bridgeportcat on December 22, 2010, 07:00:25 am

Quote from: Dragoneer
Have any further issues ever happened on FA?

lol

Conan · « **Reply #136 on:** December 22, 2010, 01:21:56 pm »

Quote from: UncreativeUsername on December 22, 2010, 03:14:07 am

I saw something of interest on Dragoneer's ED page, in Chapter 5:

Quote
A "popufur" furry named Zaush right in king fur's(dragoneer) convention raped a girl at a furcon. But rather than turn in Zaush to the cops, cause the guy constantly had money being flung at him for commissions, he told the girl who got raped to try and like it. Well the victims brother didn't give a shit about "protecting the image of furry", rather than let 'neer get away with helping a rapist, he bashed right through Fa's security, with not even so much of a challenge. The brother then proceeded to wreak havoc on furaffinity. Hacking all the mods and admins, trying to get as much information to put Zaush and Dragoneer behind bars. He took screenshots of extremely damning stuff that the Admins had said and spread it all about. {please post the screenshots by the hacker to get Dragoneer behind bars}

You were saying you were working on his ED page in another thread, Conan, so, I'll ask you. Was this in reference to the latest hacking? If so, is this the incident with Ferality? I've never heard anywhere here or elsewhere that her brother was responsible for this.

Also, either his FA age is wrong or his ED birthyear is. He couldn't have been born in 1983 and be 30.

No, this is the kind of shit that I was cleaning off the page.

MazelTovCocktail · « **Reply #137 on:** December 22, 2010, 04:19:56 pm »

Quote from: Fiz on December 22, 2010, 12:52:53 am

First up on the hour is PrivatePoinkler insisting that if these security issues were made public, something would have been done about it!

Reading PrivatePony's attempts at humor actually makes me embarrassed for him.

I bet he could kill 'em as an opener for 2, though.

Jim Demintia · « **Reply #138 on:** December 22, 2010, 05:30:06 pm »

Wasn't he like a regular (comment whore) in fd_2? I don't remember, because really, who gives a shit.

a pigeon · « **Reply #139 on:** December 22, 2010, 06:26:45 pm »

This was posted on lulz, it seems to be a copy paste of the e-mail or note which has been sent to people whose notes were leaked:

http://i56.tinypic.com/10oeh49.jpg

They get a free registration to the fur-affinity convention.

TORA reacts:

Quote from: almightytora

Just got an e-mail from @Dragoneer offering me a free sponsor membership to @FAUnited due to the leaks. I don't know if I should take it...

http://twitter.com/almightytora/status/17758606275379202

Quote from: almightytora

I will be IMing @Dragoneer when he's online. A $75 Sponsorship to his convention (not even Super Sponsor!?) is not really worth the damage.

http://twitter.com/almightytora/status/17762279961403392