FA admin account compromised (yet again)

[Jim Demintia]

God damn Adam Wan is far more nasty than I ever imagined. Jesus christ he really is this close to being a sex offender.

[Pi]

"if you talk about this, you risk your reputation".

It's like Dragoneer only cares about appearances!

[MazelTovCocktail]

My God.

The amount of hypocrisy on Dragoneer's part is absolutely mind-blowing.

[Pi]

Yet another piece of general "wat":

As an fyi on the Private Notes thing, all admins can see any private note they are directly linked to...we can't  go crawling through people's inboxes or anything like that.

yes, hello

if you know anything about how computers work

you can turn this into "any person on who has access to an administrator account can see any private note (ps this person is not necessarily an admin)"

[Conan]

I'm getting curious as to why they haven't rolled back the database. I mean, they have an entire server dedicated to backups, but have yet to use it. I thought for sure we'd see a rollback today because a lot of galleries were wiped, including Adam Wan's, who FA bent the rules for just so he could keep his precious comments and +favs when he blanked his gallery.

[Pi]

Well, they can't go read only (because it doesn't work). They can't go admin only (doesn't work). They don't know how to fix it yet because it took them a while to narrow down which problem it actually was.

They're dead in the water until they think they've got their duct tape in the right place. And this is assuming they can restore.

[AshleyAshes]

yes, hello

if you know anything about how computers work

you can turn this into "any person on who has access to an administrator account can see any private note (ps this person is not necessarily an admin)"

Maybe what she said is technicly true.  Maybe the admin system doesn't allow for admins to crack open anyone's list of notes and read them, the site is poorly put together so that feature could be absent and I think this is likely.  That said, Witchiebunny doesn't account for 'Any admin could change the password on your account, take it over and just read your notes by logging in as you'.

[Pi]

you can turn this into "any person on who has access to an administrator account can see any private note (ps this person is not necessarily an admin)"

Maybe what she said is technicly true.  Maybe the admin system doesn't allow for admins to crack open anyone's list of notes and read them

Instead of coming up with a longwinded rebuttal, including a few lines about how stupid you are, i'm just going to post a link to a note: http://www.furaffinity.net/viewmessage/972564/

[AshleyAshes]

Instead of coming up with a longwinded rebuttal, including a few lines about how stupid you are, i'm just going to post a link to a note: http://www.furaffinity.net/viewmessage/972564/

Was that link supposed to work?

[Pi]

14:59 < yak[away]> I wanted the status update to be 'yes we we hacked. yes we have everything under cntrol. we are currently  figuring out the extent of the damage. so far we know that 41 people including admins had their notes leaked and  some people had their galleries deleted; the latter we can restore. I will post more updated as we have them'

[pmart]

I downloaded the Gawker database and ran every FA admin's username, and if they listed it, email address through it. I got two results other than Pinkuh.

A possible match for Irreverent. They list no email address on their FA page, and the email doesn't seem to support a match.
Then there's Rhainor,  or Gawker user zachcoggin. Email addresses match. The irony here is his FA page says "Greetings. My name, as you can see, is Rhainor. No, it's not my Real name; I'm not about to give my Real name across an unsecured web site.", yet it seems he used his real name for his Gawker username.

Did you account for every FA admin's alternate username(s)?  Running "Preyfar" through the aforementioned Slate widget gives you: Your password was released, and it's been decrypted. You should change it ASAP.  Hmm...

[Conan]

Did you account for every FA admin's alternate username(s)?  Running "Preyfar" through the aforementioned Slate widget gives you: Your password was released, and it's been decrypted. You should change it ASAP.  Hmm...

gg Sean. What a secure password.

[Pi]

But it isn't Princess Piche's fault. He's only human after all.

[MazelTovCocktail]

But it isn't Princess Piche's fault. He's only human after all.

He's still way out of his league.

[Conan]

IT'S HAPPENING AGAIN.

[Pi]

They sure do have some important things to talk about in the admin treehouseforums.

[Conan]

[Fiz]

Yes it really stopped the attack. That's why the site is working fine right now.

Oh, wait.  No it's not.

[Conan]

Yes it really stopped the attack. That's why the site is working fine right now.

Oh, wait.  No it's not.

Supposedly part of the problem is someone on Lulz reminded everyone of http://www.furaffinity.net/browse/999.

Gee their inefficient coding is now being used for a DDoS attack who would have thought.

[Conan]

So they've been under a supposed DDoS attack for a few hours... Loading it directly doesn't load but going to it's IP half works (ever since the facdn.net split that site never loads images). Their data server (the Dell with 64GB of RAM) seems to be the one being raped as it takes forever to load images who's addresses I have saved.

Yes, that's right, they're being DDoSed and the servers are still up. The dataserver even has a RAC! They can shut it off remotely! SHUT IT DOWN ALREADY.