Page 5 of 20 FirstFirst ... 234567815 ... LastLast
Results 101 to 125 of 495
  1. #101
    Join Date
    Oct 2005
    Location
    Six Degrees From You
    Posts
    1,079
    Quote Originally Posted by Jamie Edwards View Post
    You raise a good point here. I've just checked my hash in this recently leaked database, and it matches a new password I created after the March 21st leak . This recently leaked user database cannot have been the same one taken on or around March 21st (the initial compromise)...
    iNet obviously know that there was more recent compromises, why else would we have been forced to change our password today?
      0 Not allowed!

  2. #102
    Join Date
    Oct 2006
    Location
    /usr/src/linux/
    Posts
    700
    Honestly you don't even know if the hacker still has access on your servers. I'd say there's a good chance he still does, despite your "security sweeping"
    If I were in this situation I would backup anything that's irreplaceable like databases and custom code and rebuild everything from scratch, binaries, the kernel and php code can not be trusted at this point. Any code restored should be manually checked.
    Until that's done nobody can guarantee your servers are secure/clean.
    I highly doubt you even check md5sums to verity the integrity of your data, after all this fiasco.
    VPSnoc.com offers high quality Xen® OpenVZ & Windows® Virtual Private Servers at affordable prices.
    99.95% Uptime | 24/7/365 Support | Unmetered bandwidth.
    Follow us: twitter.com/VPSnoc
      0 Not allowed!

  3. #103
    Join Date
    Oct 2005
    Posts
    397
    Quote Originally Posted by DephNet[Paul] View Post
    But didn't Dennis originally say that "Absolutely no credit card or PayPal data was exposed."?
    100% absolutely not guilty?
      0 Not allowed!

  4. #104
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    Quote Originally Posted by DigitalLinx View Post
    Believe storing cvv2 numbers is illegal, defeats the whole purpose of such verification.
    You are not allowed to store the CVV2 numbers,

    "Sensitive authentication data must not be stored after authorization (even if encrypted)."

    CVV2 and PIN are sensitive authentication data.
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com
      0 Not allowed!

  5. #105
    Join Date
    Apr 2004
    Location
    UK
    Posts
    1,334
    Quote Originally Posted by Dark Light View Post
    Did you change your password/e-mail on or before the 25th of March? The data appears to have been taken on the 25th of March - there was a further explanation somewhere on the forum, but I don't know where it is right now.
    That'd make sense if I had missed something - I reread the OP and Q&A thread but couldn't find any specific details. The last I understood, it was assumed the hacker was leaking out information he took at the time of the initial compromise, and had not committed another attack.
      0 Not allowed!

  6. #106
    Join Date
    Aug 2001
    Location
    Boston
    Posts
    1,568
    Quote Originally Posted by PipeTen View Post
    For anyone questioning what data was compromised or not, the table structure:

    CREATE TABLE `creditcard` (
    `card_id` int(11) NOT NULL auto_increment,
    `account_id` int(11) NOT NULL default '0',
    `address_id` int(11) NOT NULL default '0',
    `cardnumber` bigint(20) NOT NULL default '0',
    `expdate` varchar(10) NOT NULL default '',
    `cardcode` varchar(5) NOT NULL default '0',

    `issueingbank` varchar(50) NOT NULL default '',
    `nameoncard` varchar(50) NOT NULL default '',
    `status` enum('valid','removed','modified','fraud','chargeback','other') NOT NULL default 'valid',
    `friendlyname` varchar(100) NOT NULL default '',
    `admin_note_id` int(11) NOT NULL default '0',
    `customer_note_id` int(11) NOT NULL default '0',
    `creation_timestamp` bigint(20) NOT NULL default '0',
    `creation_session_id` int(11) NOT NULL default '0',
    `modify_timestamp` bigint(20) NOT NULL default '0',
    `modify_session_id` int(11) NOT NULL default '0',
    `removal_timestamp` bigint(20) NOT NULL default '0',
    `removal_session_id` int(11) NOT NULL default '0',
    PRIMARY KEY (`card_id`),
    KEY `account_id` (`account_id`,`address_id`,`cardnumber`)
    ) TYPE=MyISAM PACK_KEYS=0;

    *our* cancelled CC details (Anon added):

    ('246', '819', '311', '5473677021731320', '12/2005', '119', 'Natwest MasterCard', 'G Anon', 'valid', 'GAnon', '0', '0', '1079448393', '14666', '0', '0', '0', '0');
    Additionally, I want to reiterate the fact that there are card statuses that say "removed" (which means a user manually removed their card) but were not physically cleared out from the database.

    Not removing the card information AND storing the CVV2 number are just unacceptable to no end.
    InterNich LLC
    Founder

    Bringing you PicResize.com (More than 95 million pictures resized since 2005)
      0 Not allowed!

  7. #107
    Join Date
    Oct 2006
    Location
    /usr/src/linux/
    Posts
    700
    What's done is done, it was wrong and illegal. However I'm not seeing any actions taken to prevent this.
    When you get hacked you get paranoid simple as that, you don't hope for the best you restore everything from zero and you do not repeat the same mistakes you did before.
    Encouraging people to change their password and cancel their credit cards is good to nothing for a measure to prevent this from happening again and again.
    VPSnoc.com offers high quality Xen® OpenVZ & Windows® Virtual Private Servers at affordable prices.
    99.95% Uptime | 24/7/365 Support | Unmetered bandwidth.
    Follow us: twitter.com/VPSnoc
      0 Not allowed!

  8. #108
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    Quote Originally Posted by DigitalLinx View Post
    What's done is done, it was wrong and illegal. However I'm not seeing any actions taken to prevent this.
    When you get hacked you get paranoid simple as that, you don't hope for the best you restore everything from zero and you do not repeat the same mistakes you did before.
    Encouraging people to change their password and cancel their credit cards is good to nothing for a measure to prevent this from happening again and again.
    Bingo! This is exactly what I have been saying for the past few weeks. What sort of system administrator is not "ultra-paranoid" after such incidents? What sort of system administrator would not be aware of EVERYTHING after a compromise? What sort of system administrator shrugs of a compromise and provides very misleading, inaccurate, self-serving, plain stupid, diagnostics.
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com
      0 Not allowed!

  9. #109
    Join Date
    Oct 2005
    Location
    Six Degrees From You
    Posts
    1,079
    Quote Originally Posted by Scott.Mc View Post
    Bingo! This is exactly what I have been saying for the past few weeks. What sort of system administrator is not "ultra-paranoid" after such incidents? What sort of system administrator would not be aware of EVERYTHING after a compromise? What sort of system administrator shrugs of a compromise and provides very misleading, inaccurate, self-serving, plain stupid, diagnostics.
    [Redacted]
    Last edited by DephNet[Paul]; 04-08-2009 at 11:51 AM. Reason: Redacted
      0 Not allowed!

  10. #110
    Join Date
    Oct 2005
    Location
    UK
    Posts
    552
    In case some of you guys haven't seen it yet:
    http://www.webhostingtalk.com/announ...php?f=31&a=134
      0 Not allowed!

  11. #111
    Join Date
    Mar 2006
    Location
    Blackpool, UK
    Posts
    26
    Quote Originally Posted by Dark Light View Post
    In case some of you guys haven't seen it yet:
    http://www.webhostingtalk.com/announ...php?f=31&a=134
    9,561 cards, oh dear

    I would imagine the clever person that managed to break in took the lot.
    Chris Daley :: Dwebs Ltd :: Company No. 05603664 :: 0330 22 90 666
    https://dhosting.uk - Web Hosting, Manged Servers, Email Hosting
    My views are my own and not those of my company.
      0 Not allowed!

  12. #112
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    Quote Originally Posted by Dark Light View Post
    In case some of you guys haven't seen it yet:
    http://www.webhostingtalk.com/announ...php?f=31&a=134
    After reading that two questions immediately crop up,

    "At 6:15am Tuesday, the hacker communicated that he also had stolen credit card data. As you know, we initially reported that no credit card data was compromised. Some of our older systems do store credit card data, and that data sits on a database server separate from the WHT databases and under a separate layer of security. At the time of the March 21st attack, we could find no evidence that the database server containing credit card data was compromised."

    The data from the latest was from at the very earliest march 25th. Also the database dump of the credit cards show this was from,

    # MySQL version: (4.0.27-standard-log) running on 69.20.126.7 (www.webhostingtalk.com)

    The question has to be if these were in fact additional database systems, "security layers" or however you want to paint them. Why was it so easy to access all of them. If that system was so easy to access, what exactly is to say that the others were not also? This includes my.inetinteractive.com
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com
      0 Not allowed!

  13. #113
    Join Date
    Aug 2001
    Location
    Boston
    Posts
    1,568
    Quote Originally Posted by Dark Light View Post
    In case some of you guys haven't seen it yet:
    http://www.webhostingtalk.com/announ...php?f=31&a=134
    Thanks for the announcement.

    I think that the wording should be changed.

    Our current research indicates that that data breach encompassed 318 valid credit card numbers with CVV code and about 1,900 expired credit card numbers with CVV code.
    I am certain that there are numerous expired credit cards that are still valid. In fact, all of them should be considered valid.
    InterNich LLC
    Founder

    Bringing you PicResize.com (More than 95 million pictures resized since 2005)
      0 Not allowed!

  14. #114
    Join Date
    Jan 2007
    Location
    /dev/null
    Posts
    3,700
    About the password talk earlier,
    it is pretty easy to check who had changed his password, just compare the old password hash codes to the new ones, if it doesn't match he/she changed it, something that can be easily checked by playing with SQL queries.
      0 Not allowed!

  15. #115
    Join Date
    Aug 2001
    Posts
    4,028
    Are you ****ing kidding me?

    So the last 3 weeks the hacker had access to the servers still?

    I assume you can't be 100% sure that you're secured now eh... I'd bet my left testicle this hacker is still looking at the databases.

    With that said, how easy it for someone to reverse engineer a password from that database? Is it possible?

    Lastly, since WHT won't... could someone message me with my line from the db?
      0 Not allowed!

  16. #116
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by tristanperry View Post
    ... Are you going to still store CC details in the future? Or let a payment processor handle this sort of thing in the future?
    We're gearing up for not storing any CC details.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  17. #117
    Join Date
    Oct 2005
    Location
    UK
    Posts
    552
    Quote Originally Posted by Nich View Post
    Thanks for the announcement.

    I think that the wording should be changed.



    I am certain that there are numerous expired credit cards that are still valid. In fact, all of them should be considered valid.
    I didn't write it, but if I were iNET and I were in this situation, I would consider all the cards - no matter what the exp. date - to be active and get them replaced anyway.
      0 Not allowed!

  18. #118
    Join Date
    Aug 2001
    Posts
    4,028
    Quote Originally Posted by Rob B View Post
    About the password talk earlier,
    it is pretty easy to check who had changed his password, just compare the old password hash codes to the new ones, if it doesn't match he/she changed it, something that can be easily checked by playing with SQL queries.
    I think you fail to realize what they're implying.

    Basically the hacker confirms with his wording that he had access to redownload the user table AFTER the initial hack near the end of March. Which means he had access to WHT even after all the security audits were completed...
      0 Not allowed!

  19. #119
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by DephNet[Paul] View Post
    I want to know why iNet are storing credit card numbers, let alone in the clear.
    To be frank, we don't know why.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  20. #120
    Join Date
    Oct 2005
    Location
    Six Degrees From You
    Posts
    1,079
    Quote Originally Posted by SoftWareRevue View Post
    We're gearing up for not storing any CC details.
    Dennis, Why were you (iNet) storing the following:
    1. plain text details
    2. CVV numbers
    3. removed details
      0 Not allowed!

  21. #121
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by NetLine-Rob View Post
    Will you be using a new payment method from now on? That doesn't store member credit card details?
    In short, Yes.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  22. #122
    Join Date
    Jun 2008
    Location
    Atlanta, Georgia
    Posts
    111
    I seriously hope you catch this guy, I find it very weird that he would cumminicate again after this was over...
      0 Not allowed!

  23. #123
    Join Date
    Aug 2001
    Posts
    4,028
    Quote Originally Posted by jcroom View Post
    I seriously hope you catch this guy, I find it very weird that he would cumminicate again after this was over...
    lol, doubtful. Just look at how the last few weeks have unfolded. Do you really think they can manage to find a single person IN THE ENTIRE WORLD who did this!? Nope.
      0 Not allowed!

  24. #124
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by DephNet[Paul] View Post
    Dennis,

    Can you confirm that the developers were 100% convinced that no critical data was exposed?
    Yes.

    It wouldn't have been good enough to assume even 1%. We were convinced that this data was not accessed.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  25. #125
    Join Date
    Oct 2006
    Location
    /usr/src/linux/
    Posts
    700
    Quote Originally Posted by Mekhu View Post
    Are you ****ing kidding me?

    So the last 3 weeks the hacker had access to the servers still?

    I assume you can't be 100% sure that you're secured now eh... I'd bet my left testicle this hacker is still looking at the databases.

    With that said, how easy it for someone to reverse engineer a password from that database? Is it possible?

    Lastly, since WHT won't... could someone message me with my line from the db?
    The odds are good that the hacker still has access on for all we know ALL iNet's servers at this very moment.
    Hell he even might have included a carefully optimized sshd exploit which attacks the ssh client such as putty for example and exploits the connecting client, so even the workstations iNet use to "administer" their servers might be compromised, of course that's paranoid thinking, but paranoid thinking is required in situations such as these not optimism.

    Think iNet should start backingup irreplaceable data take everything offline and start installing fresh OSs on all of their servers and before restoring misson critical data each file should be verified that's not modified.
    Only then can we be sure that the servers are clean and believe that they didn't do the same mistakes as before which got them compromised in the first place.
    VPSnoc.com offers high quality Xen® OpenVZ & Windows® Virtual Private Servers at affordable prices.
    99.95% Uptime | 24/7/365 Support | Unmetered bandwidth.
    Follow us: twitter.com/VPSnoc
      0 Not allowed!

Page 5 of 20 FirstFirst ... 234567815 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •