BidorBuy forums hit with stealth hack

supersunbird said:
Do you know why the following sounds familiar?



That's exactly what happened to MagicDude4Eva when he tried to alert City Of Johannesburg to a security flaw on their system and then posted about it online here and then CoJ claimed hacking and all kinds of BS and laid a complaint at the police...

Hahahaha!
Click to expand...

How ironic and funny. At least I managed to get it fixed up within 3 hours and not have to make excuses for another 6 months. I do think that fluffypony could have just done a simple Google search with my name as it will pop up all over the place (like my CV, Twitter, blog, Facebook etc). Any case - no harm done and his comment about the callcentre caused some laughter about how ironic this is...

The VBSeo exploit does only affect SEO traffic and does not go beyond that - i.e. remote execution exploits or accessing file systems - either one would have not caused issues due to our environment.
 
MagicDude4Eva said:
How ironic and funny. At least I managed to get it fixed up within 3 hours and not have to make excuses for another 6 months. I do think that fluffypony could have just done a simple Google search with my name as it will pop up all over the place (like my CV, Twitter, blog, Facebook etc). Any case - no harm done and his comment about the callcentre caused some laughter about how ironic this is...
Click to expand...

Well played. So...no laying of charges, I presume?

This can play out quite nicely for you (not laying charges)...:D

It's the precedent by which the industry operates. Perhaps remove yourself from the decision-making process in this respect (leave it to the CEO) and use it to your advantage...:p
 
MagicDude4Eva said:
How ironic and funny. At least I managed to get it fixed up within 3 hours and not have to make excuses for another 6 months. I do think that fluffypony could have just done a simple Google search with my name as it will pop up all over the place (like my CV, Twitter, blog, Facebook etc). Any case - no harm done and his comment about the callcentre caused some laughter about how ironic this is...
Click to expand...

How would he know your name?
He said he doesn't frequent the forums as much.

Anyway, glad it was resolved.
 
This back in three hours business is unacceptable. I think you should take your whole site offline and ignore any emails for the next 6 months.
 
DJ... said:
Well played. So...no laying of charges, I presume?

This can play out quite nicely for you (not laying charges)...:D

It's the precedent by which the industry operates. Perhaps remove yourself from the decision-making process in this respect (leave it to the CEO) and use it to your advantage...:p
Click to expand...

Nope, I think I need to check with our marketing-swag-department what we have at hand for the next incident. @fluffypony - if you are in Bryanston stop buy - we still have a number of boerie rolls and liquor left over from our V-day braai. Kinda a consolation prize...
 
Was BidorBuy CTO Gerd Naschenweng written on the YouTube page before this Mybroadband article / thread or was it written afterwards ?

MagicDude4Eva said:
Hi did post it in the Youtube video's about section - https://www.youtube.com/watch?v=uGPo0Ur6YXg
<snip> Perhaps BidorBuy CTO Gerd Naschenweng should spend more time focusing on his own security than mucking about with the City of Joburg's complete lack thereof.
Click to expand...

If before, well then, tututut.
Not for want or lack of trying.
 
MagicDude4Eva said:
Nope, I think I need to check with our marketing-swag-department what we have at hand for the next incident. @fluffypony - if you are in Bryanston stop buy - we still have a number of boerie rolls and liquor left over from our V-day braai. Kinda a consolation prize...
Click to expand...

Hah - sorry, I semi-retired to the coast, next time:)
 
DJ... said:
How ironic is that?!

Magicdude got hacked.

At least he now has precedent to show the prosecutors what actual hacking is...:D
Click to expand...

He just got the perfect defense:
"your honor. If I am a hacker, I would've known that I was hacked and would've known how to prevent it. See. I'm not a hacker"

Well played :)
 
MickeyD said:
pay peanuts, get *******.

Not that this is necessarily the case at BoB :p
Click to expand...

Our is also not useless. Perhaps a training issue we need to address. Just the nature of our platform requires some internet savviness of our staff and we are bit puzzled that the call was not handled properly. All our customer care people know the "If it's in english and you still don't understand, route the call to our engineers". We are getting in touch with fluffypony to understand what happened though - is certainly not how we typically work - so I am rather embarassed at the moment :o
 
MagicDude4Eva said:
Our is also not useless. Perhaps a training issue we need to address. Just the nature of our platform requires some internet savviness of our staff and we are bit puzzled that the call was not handled properly. All our customer care people know the "If it's in english and you still don't understand, route the call to our engineers". We are getting in touch with fluffypony to understand what happened though - is certainly not how we typically work - so I am rather embarassed at the moment :o
Click to expand...

MyBB. Keeping people humble for years :p ( @rpm I have copyright on the slogan if you want to use it :) )
 
MagicDude4Eva said:
Our is also not useless. Perhaps a training issue we need to address. Just the nature of our platform requires some internet savviness of our staff and we are bit puzzled that the call was not handled properly. All our customer care people know the "If it's in english and you still don't understand, route the call to our engineers". We are getting in touch with fluffypony to understand what happened though - is certainly not how we typically work - so I am rather embarassed at the moment :o
Click to expand...

Fear not.

I absolutely detest ALL call centres.
 
The YouTube video transcript:

0:00 forum has been hacked and serving ministers JavaScript
0:03 so I'm I'm using charles proxy
0:07 as a man in the middle proxy to said the requests
0:11 so what I've done is a created the a new session
0:15 and of boxes
0:18 looked up to you charles is its proxy
0:22 there and I search for
0:26 forum posts that's
0:33 worked angry customer I get
0:38 say as a random forum posts one owner at that time before
0:41 I have & Noble by cookies still double check that
0:47 I do so the clear those first
0:51 aka not have no but a biker keys and is correct
0:55 Charles and weary aka so click on the link
1:01 and you can see it hits the forum and article to you
1:06 this mock calls or I'm just a break back to school
1:10 all rights so to take a look at the sequins
1:14 what's happened is that the forum
1:17 has been redirected to the actual thread and then
1:22 its called this php file
1:25 and of the JavaScript and
1:28 the JavaScript that gets served is this document that location
1:31 which obviously then reader its to do this
1:35 life all store and for whatever reason not tonight maybe it was a down note the
1:41 but clearly the fact that there is
1:44 malicious javascript being served state of the forum is
1:48 a major problem a and it doesn't go away
1:52 we never go back to the forum knock won't be there because it knows that I
1:58 visited before because the cookies exist
2:00 so we can sort recent it
2:04 sneakers cookies until
2:10 one for multiple stores will union workers from the proxy
2:17 rights
2:20 and click on that middle finger
2:24 back to my facebook little by have got a serious problem
2:29 and they're really need to revisit the security
Click to expand...

:D
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X