bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Feedback & Suggestions

Reply
 
Thread Tools
Old 7th Sep 2016, 16:38   #21
singleton99
What's a Dremel?
 
Join Date: Apr 2013
Posts: 2
singleton99 has yet to learn the way of the Dremel
done,,,,,, thanks for the email
singleton99 is offline   Reply With Quote
Old 7th Sep 2016, 16:47   #22
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 8,612
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by Spreadie View Post
Yes bit-tech was breached before Hexus, but didn't find out until now - weeks later. I'd have thought, given the shared technical resource and the fact that Hexus' forum was patched weeks ago, bit tech's vulerability would have been identified and dealt with at the same time.
They're not the same vulnerability. The only way the Bit-Tech attack was discovered was when somebody found a site offering access to the leaked database. There were no signs on the server that anything had happened, and the hole the attackers had used was already patched. You're saying Bit-Tech should have been patched when the Hexus breach was discovered: it was. Trouble is, the Bit-Tech database had been leaked months earlier, and as the result of a different vulnerability in vBulletin.

If you'll permit me an illustrative example: let's say your colleague's company laptop is breached due to a flaw in Windows. The breach is discovered and all company laptops patched to prevent another leak. Months earlier, unbeknownst anyone, a completely different flaw in Windows was used to steal data from your company laptop. The attacker left no trace. What could the shared IT staff have done between the discovery that your colleague's laptop was hacked and the discovery that your laptop was hacked to protect you? Nothing, short of building a time machine.

Remember, we're talking about an attacker who took a dump of the database. They haven't been in the system lurking since January: they got in, took the data, and left without trace. The vulnerability used will have been patched when vBulletin was updated, but by then it was too late: the attacker is locked out, but already has the data.

Quote:
Originally Posted by Spreadie View Post
I understand bit's breach was back in January, but why wasn't it discovered until now, when the staff were aware of the vulnerability since early August?
Again: two different attacks, two different vulnerabilities. To descend into metaphor for a moment: you find out your next-door-neighbour was broken into thanks to a flaw in their lock which allows anyone to open and lock it again wthout leaving a trace. You use the same lock, so both you and your neighbour replace it with an updated version that fixes the flaw. Trouble is, months earlier someone broke into your house, photocopied your bank statements, and left. Neither the knowledge you have gained from your neighbour nor the new lock can prevent that: it has already happened, and the only way you'll know is if you find your bank statements for sale on some Tor site somewhere.

You refer to "the vulnerability". There is no one vulnerability here, and the vulnerability used to breach Hexus was patched in Bit-Tech as soon as the patch became available - which, if I'm understanding you, is what you believe should have happened. Even if both breaches used the same vulnerability, patching the hole in August doesn't prevent the attacker from gaining access in January.


Quote:
Originally Posted by Spreadie View Post
Both sites share the same technical staff.
Yes, and those technical staff kept vBulletin up to date with security patches on both sites. Trouble is, there's a window between the discovery and exploitation of a flaw and a patch being made available.

(Apologies for any mistakes - I'm on my phone.)
__________________
Author, Raspberry Pi User Guide Fourth Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me! | Need a VPN? Try AirVPN!
Gareth Halfacree is offline   Reply With Quote
Old 7th Sep 2016, 16:55   #23
David
RIP Tel
 
David's Avatar
 
Join Date: Apr 2009
Location: Somewhere over the rainbow, weigh a pie
Posts: 11,452
David is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming Saiyan
Quote:
Originally Posted by Gareth Halfacree View Post
They're not the same vulnerability.
That's all I needed to know. Thanks.
__________________
Before you judge a man, walk a mile in his shoes; after that, who cares?! He's a mile away and you've got his shoes!

Main rig - 6700K|Z170|32GB|256GB M.2|500GB SSDs|8TB NAS|980 Ti|3007WFP-HC|Parvum S2.0
David is offline   Reply With Quote
Old 7th Sep 2016, 16:58   #24
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 8,612
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by Spreadie View Post
That's all I needed to know. Thanks.
If I'd known that, I could have saved myself considerable wrestling with autocorrect!
__________________
Author, Raspberry Pi User Guide Fourth Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me! | Need a VPN? Try AirVPN!
Gareth Halfacree is offline   Reply With Quote
Old 7th Sep 2016, 17:16   #25
David
RIP Tel
 
David's Avatar
 
Join Date: Apr 2009
Location: Somewhere over the rainbow, weigh a pie
Posts: 11,452
David is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming Saiyan
Quote:
Originally Posted by Gareth Halfacree View Post
If I'd known that, I could have saved myself considerable wrestling with autocorrect!
I forget that you're permanently stuck in verbose mode.
__________________
Before you judge a man, walk a mile in his shoes; after that, who cares?! He's a mile away and you've got his shoes!

Main rig - 6700K|Z170|32GB|256GB M.2|500GB SSDs|8TB NAS|980 Ti|3007WFP-HC|Parvum S2.0
David is offline   Reply With Quote
Old 7th Sep 2016, 18:08   #26
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 8,612
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by Spreadie View Post
I forget that you're permanently stuck in verbose mode.
I CAN QUIT WHENEVER I WANT, DAMMIT.
__________________
Author, Raspberry Pi User Guide Fourth Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me! | Need a VPN? Try AirVPN!
Gareth Halfacree is offline   Reply With Quote
Old 7th Sep 2016, 20:13   #27
Isitari
Supermodder
 
Isitari's Avatar
 
Join Date: May 2009
Location: Your nearest black hole
Posts: 291
Isitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming Saiyan
Thanks for the heads up and might explain why someone got into my rockstar account recently (lol nothing there), I got in before any damage was caused. So I went around a few places (including here) changing passwords. Thankfully only used my crap passwords on these sites as it's all non-critical. Though it might have been someone brute forcing the password instead but I've never had it happen before with any other online account.

Sent from my SM-N915FY using Tapatalk
Isitari is offline   Reply With Quote
Old 7th Sep 2016, 21:22   #28
tristanperry
Hypermodder
 
tristanperry's Avatar
 
Join Date: May 2010
Location: Cardiff, UK
Posts: 890
tristanperry is a Super Spamming Saiyantristanperry is a Super Spamming Saiyantristanperry is a Super Spamming Saiyantristanperry is a Super Spamming Saiyantristanperry is a Super Spamming Saiyantristanperry is a Super Spamming Saiyantristanperry is a Super Spamming Saiyantristanperry is a Super Spamming Saiyantristanperry is a Super Spamming Saiyantristanperry is a Super Spamming Saiyantristanperry is a Super Spamming Saiyan
Done; thanks for the email, I probably would have overlooked this thread to be honest.
__________________
Corsair Carbide 88R | AMD Ryzen 1700 | Asus Prime B350M-A | Corsair Vengeance LPX 16 GB DDR4 3,000 Mhz | Sapphire RX480 4 GB | 120 GB Corsair Series Force 3 SSD | Corsair CX 450M
tristanperry is offline   Reply With Quote
Old 8th Sep 2016, 11:24   #29
boiled_elephant
Whitelist Bit-Tech in your adblock!
 
boiled_elephant's Avatar
 
Join Date: Jul 2004
Location: Lincolnshire
Posts: 5,898
boiled_elephant is a Super Spamming Saiyanboiled_elephant is a Super Spamming Saiyanboiled_elephant is a Super Spamming Saiyanboiled_elephant is a Super Spamming Saiyanboiled_elephant is a Super Spamming Saiyanboiled_elephant is a Super Spamming Saiyanboiled_elephant is a Super Spamming Saiyanboiled_elephant is a Super Spamming Saiyanboiled_elephant is a Super Spamming Saiyanboiled_elephant is a Super Spamming Saiyanboiled_elephant is a Super Spamming Saiyan
+rep for that link, apparently my data was also in the Adobe breach, so...yeah, time to start changing passwords. Again.

edit- lol, that rep power, he went from zero to hero instantly.
boiled_elephant is offline   Reply With Quote
Old 8th Sep 2016, 15:27   #30
Fingers66
Kiwi in London
 
Fingers66's Avatar
 
Join Date: Apr 2010
Location: London, UK
Posts: 7,231
Fingers66 is a Super Spamming SaiyanFingers66 is a Super Spamming SaiyanFingers66 is a Super Spamming SaiyanFingers66 is a Super Spamming SaiyanFingers66 is a Super Spamming SaiyanFingers66 is a Super Spamming SaiyanFingers66 is a Super Spamming SaiyanFingers66 is a Super Spamming SaiyanFingers66 is a Super Spamming SaiyanFingers66 is a Super Spamming SaiyanFingers66 is a Super Spamming Saiyan
Quote:
Originally Posted by Gareth Halfacree View Post
If I'd known that, I could have saved myself considerable wrestling with autocorrect!
Quote:
Originally Posted by Spreadie View Post
I forget that you're permanently stuck in verbose mode.
Quote:
Originally Posted by Gareth Halfacree View Post
I CAN QUIT WHENEVER I WANT, DAMMIT.
As a journo, he gets paid by the word, hard habit to break
__________________
Gaming: [Silverstone TJ08-E][Asus Z170M-PLUS ][i5-6600K][Tundra TD03][16GB 2666MHz][Asus 7970 DCUII TOP][Samsung 850 Evo 500GB][Corsair HX650][Dell U2412M][Corsair K60]
Main: [Lian Li PC-A04][Asus Z97M-Plus][i7-4770K][Corsair H55][16GB 1600MHz][iGPU][Samsung M.2 NVMe 256GB][Seasonic X-650 Gold]
Kids: [Silverstone SG05B][Asus H87I-Plus][i3-4330][8GB 1600MHz][Asus 6850 DirectCU][Crucial M4 256GB][ST45SF 450w][Dell E207WFP]
NAS 1:[Synology DS211j] NAS 2:[Homebrew OMV]
Fingers66 is offline   Reply With Quote
Old 8th Sep 2016, 15:31   #31
B1GBUD
More Biddy Bang Bang than Sean Paul
 
B1GBUD's Avatar
 
Join Date: May 2008
Location: Guildford
Posts: 2,912
B1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming Saiyan
Quote:
Originally Posted by b_white View Post
You can check your e-mail address for other forum/website breaches at https://haveibeenpwned.com/
I'm clean.... C L E A N !!!!

Quote:
Originally Posted by boiled_elephant View Post
+rep for that link, apparently my data was also in the Adobe breach, so...yeah, time to start changing passwords. Again.

edit- lol, that rep power, he went from zero to hero instantly.
Awww... reminds me when Tel used to drop the rep bomb , it's proper broken but I don't want it to changed lol
__________________
Teh unofficial Bit-Tech proof reader and understander of all the necessary hashtags
B1GBUD is offline   Reply With Quote
Old 8th Sep 2016, 16:46   #32
theshadow2001
[DELETE] means [DELETE]
 
theshadow2001's Avatar
 
Join Date: May 2012
Posts: 4,932
theshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyan
Quote:
Originally Posted by Isitari View Post
Thanks for the heads up and might explain why someone got into my rockstar account recently (lol nothing there), I got in before any damage was caused. So I went around a few places (including here) changing passwords. Thankfully only used my crap passwords on these sites as it's all non-critical. Though it might have been someone brute forcing the password instead but I've never had it happen before with any other online account.

Sent from my SM-N915FY using Tapatalk
You know the exact same thing happened to my own rockstar account. I had a different password from bit - tech though.
theshadow2001 is offline   Reply With Quote
Old 8th Sep 2016, 20:00   #33
modd1uk
Mod Master
 
modd1uk's Avatar
 
Join Date: Sep 2006
Posts: 2,856
modd1uk is a Super Spamming Saiyanmodd1uk is a Super Spamming Saiyanmodd1uk is a Super Spamming Saiyanmodd1uk is a Super Spamming Saiyanmodd1uk is a Super Spamming Saiyanmodd1uk is a Super Spamming Saiyanmodd1uk is a Super Spamming Saiyanmodd1uk is a Super Spamming Saiyanmodd1uk is a Super Spamming Saiyanmodd1uk is a Super Spamming Saiyanmodd1uk is a Super Spamming Saiyan
I had no email
__________________
Quote:
Originally Posted by Nexxo View Post
Report him for being a dick. Which should be a criminal offense IMO.
Quote:
Originally Posted by Gareth Halfacree View Post
There you are, then! Buy 100, take two, eBay a bundle of 98 at 70% the price of the 100-bag bundles, spend the profit on ale and whores.
modd1uk is offline   Reply With Quote
Old 8th Sep 2016, 20:16   #34
CrapBag
I Mod, Therefore I Own
 
CrapBag's Avatar
 
Join Date: Jul 2008
Posts: 6,431
CrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming Saiyan
Nor me, changed mine due to see this thread.
CrapBag is offline   Reply With Quote
Old 8th Sep 2016, 22:48   #35
FuzzyOne
 
FuzzyOne's Avatar
 
Join Date: Sep 2002
Location: Diss, Suffolk
Posts: 1,777
FuzzyOne - it's over 9000!!!!!!!!1!1!1!!!FuzzyOne - it's over 9000!!!!!!!!1!1!1!!!FuzzyOne - it's over 9000!!!!!!!!1!1!1!!!FuzzyOne - it's over 9000!!!!!!!!1!1!1!!!FuzzyOne - it's over 9000!!!!!!!!1!1!1!!!FuzzyOne - it's over 9000!!!!!!!!1!1!1!!!FuzzyOne - it's over 9000!!!!!!!!1!1!1!!!FuzzyOne - it's over 9000!!!!!!!!1!1!1!!!FuzzyOne - it's over 9000!!!!!!!!1!1!1!!!FuzzyOne - it's over 9000!!!!!!!!1!1!1!!!FuzzyOne - it's over 9000!!!!!!!!1!1!1!!!
Lastpass saves the day! (again)
__________________
♜♞♝♛♚♝♞♜
♟♟♟♟♟♟♟♟
♙♙♙♙♙♙♙♙
♖♘♗♕♔♗♘♖
FuzzyOne is offline   Reply With Quote
Old 8th Sep 2016, 23:52   #36
David
RIP Tel
 
David's Avatar
 
Join Date: Apr 2009
Location: Somewhere over the rainbow, weigh a pie
Posts: 11,452
David is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming SaiyanDavid is a Super Spamming Saiyan
Quote:
Originally Posted by FuzzyOne View Post
Lastpass saves the day! (again)
Is this the same LastPass that has been breached twice in the last five years? The vault hasn't been emptied as yet - maybe testament to it's resilience...

Personally, I think a central web-based resource for all your passwords is a bad idea - I don't care what encryption strength they claim, nothing is impregnable.
__________________
Before you judge a man, walk a mile in his shoes; after that, who cares?! He's a mile away and you've got his shoes!

Main rig - 6700K|Z170|32GB|256GB M.2|500GB SSDs|8TB NAS|980 Ti|3007WFP-HC|Parvum S2.0
David is offline   Reply With Quote
Old 9th Sep 2016, 00:18   #37
CrapBag
I Mod, Therefore I Own
 
CrapBag's Avatar
 
Join Date: Jul 2008
Posts: 6,431
CrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming SaiyanCrapBag is a Super Spamming Saiyan
Yeh some remote password storing system, hmm count me out.
CrapBag is offline   Reply With Quote
Old 9th Sep 2016, 01:36   #38
Bindibadgi
Am I out of touch?
 
Bindibadgi's Avatar
 
Join Date: Mar 2001
Location: Taiwan
Posts: 36,043
Bindibadgi is a Super Spamming SaiyanBindibadgi is a Super Spamming SaiyanBindibadgi is a Super Spamming SaiyanBindibadgi is a Super Spamming SaiyanBindibadgi is a Super Spamming SaiyanBindibadgi is a Super Spamming SaiyanBindibadgi is a Super Spamming SaiyanBindibadgi is a Super Spamming SaiyanBindibadgi is a Super Spamming SaiyanBindibadgi is a Super Spamming SaiyanBindibadgi is a Super Spamming Saiyan
Quote:
Originally Posted by Spreadie View Post
Is this the same LastPass that has been breached twice in the last five years? The vault hasn't been emptied as yet - maybe testament to it's resilience...

Personally, I think a central web-based resource for all your passwords is a bad idea - I don't care what encryption strength they claim, nothing is impregnable.
Exactly.

Written down works for me. If someone is willing to come into my house and find that then they have an agenda more than just posting under my forum name.
__________________
The bitterness of poor quality remains long after the sweetness of low price is forgotten.
Bindibadgi is offline   Reply With Quote
Old 11th Sep 2016, 20:25   #39
deathtaker27
Probook Addict
 
deathtaker27's Avatar
 
Join Date: Apr 2010
Location: United Kingdom
Posts: 1,993
deathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyan
Any chance of us getting an SSL Certificate after this breach?
deathtaker27 is offline   Reply With Quote
Old 11th Sep 2016, 20:34   #40
theshadow2001
[DELETE] means [DELETE]
 
theshadow2001's Avatar
 
Join Date: May 2012
Posts: 4,932
theshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyantheshadow2001 is a Super Spamming Saiyan
Its coming in the new forum apparently
theshadow2001 is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 03:19.
Powered by: vBulletin Version 3
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.