Update regarding the recent hackings

Iknow this from a trusted source of HF and heres the story a microsoft application was compromised leading to some hotmails / live emails getting hacked those were the only two kind of emails that were able to get hacked anybody else who claims they have been hacked lies. well not everyone but the hacker only took hotmails and lives since the application didnt have nothing to do with yahoo / gmail etc. well i can confirm that your database hasnt been leaked and that this were simple microsofts fault and that the source told me that this has been fixed and therefor there shouldnt be anymore hacked accounts again. alittle reminder dont post your msn in your signature / in posts that was prob how he got your emails. as said above dont feel like getting hacked? = dont use hotmail! simple as that hotmail sucks in everyway gmail or yahoo should keep u safe

i cant say how exactly this was done. but it had something to do with microsoft forgot to secure a certain breakpoint in the application so all u had to do was write "command" <-- thats not the command but a certain command to the person after youve added them on msn u write a command to them they cant see it but it sends a string / hash or so to the "sender" = sending them your actual password when he then got your password as a hash all he had to do was decrypt it so yeah microsoft fails again.

 

The method intercepted the password reset link that is supposed to be sent to your alternate e-mail account, they never got your actual password.

 

Regardless, if there was a database leaked with Kevin's information in there then it's one we didn't know about.

 

True say, forgot to check his join date, apologies.
Bearing in mind that it's encrypted with standard md5 (i'm presuming), and nobody has simple 1 word passwords (maybe an announcement about password strength would be advisable), surely there's more chance that the password was obtained via phishing, or another illicit method?

I really hope that kevin's keylogged (or was phished), rather than the Sythe database being spread around the internet - god knows how many inactive accounts still hang around in the database.

 

Isn't md5 pretty outdated and pretty easy to dehash now a days lol.

I hope we're not using that >.>

 

Come to think of it, are you sure your old password wasn't related to any of your MSN's? That could be where it came from.

 

Brilliant, some good news

 

it is unfortunate to see people get hacked :/

 

first post, ban evader?

 

Us this why the websites been cradhing alot?

 

says "sythe.com"

Thanks for the update.

 

I don't think so. I believe the sites crashing because it's under a DDoS attack.

 

Hope it's really patched now.

My msn got blocked after I recovered it back from the hacker due to unusual activity. I was unable to unblock it because "phone service was unavailable in my area". I gave up and made a new MSN.

I tried to log in just now to see if it's unblocked and the password was incorrect so I recovered again, it seems they hacked it again in the past 72 hours or so. Not sure when because I haven't tried to log in since 3 days ago.

 

The hashing function used by sythe and other vBulletin forums is md5(md5($pass).$salt)

Generally 90% of them or so are crackable, the best GPU running through hashcat about 1.1M passwords a second can be attempted

 

You seem to know a lot about the subject.

Just wondering, is the upgrade to vB4 going to make Sythe any safer? Will it have any extra layers of security that could make it harder for hackers to take the Sythe Database in the future?

 

He's banned already.

And the security will pretty much be the same btw, patches are usually rolled out pretty fast if needed.

 

Yeh, security should be nearly the same. The only changes will be added and improved features. :nuts:

 

^^^^^

 

It would have to be a keylogger. But phishing would of gotten more info instead of just hacking emails.