http://i.imgur.com/jtw0TC8.png

I'm terrified.

It's me ;) Haha xD No xD but.. Good luck xD

He gave me a good laugh to :D

oh noez

prepare your anus!

Hey, it takes time to register an email account. XD

Xiaospajk hacken mnie! Delete his plex.

Based on the grammar, that guy still needs to ask his parents permission to go to Disney.com.


Everyone be super careful! :o

Based on the grammar, that guy still needs to ask his parents permission to go to Disney.com.


Everyone be super careful! :o
My gramma sucks to :( Can we go to disney land? :D

Based on the grammar, that guy still needs to ask his parents permission to go to Disney.com.


Everyone be super careful! :o

Lots of notable hackers are from countries where English is not the primary language. Just sayin'.

we got a bad guy here uh?
oohohohho

Who the fuck names himself to "Free Hacker"?

We are all doomed :( Please no hack...

DUDE FUCKING CLOSE XENOBOT NAW.

Silly rabbit, trix are for kids!

The only thing i'm scared of is his grammar, for show. Thanks for sharing this with us, kinda made me laughed a little inside.

Watch out guys his slogan is typed out with a capital letter at the start of every word, he's serious business.

BlackdProxy forum recently got hacked because of a Vbulleting xploit, no wonder maybe they find out a working xploit on this version and get access to the sql database, and dehash the passwords, i hope that dont happen because i really like this forum just be sure to have the lastest patch please DarkstaR some days ago bitcoin talk forum got hacked too, no one is invinsible

Silly.

BlackdProxy forum recently got hacked because of a Vbulleting xploit, no wonder maybe they find out a working xploit on this version and get access to the sql database, and dehash the passwords, i hope that dont happen because i really like this forum just be sure to have the lastest patch please DarkstaR some days ago bitcoin talk forum got hacked too, no one is invinsible

We just updated to vBulletin 4.2.2 (BlackdProxy is also running this version now), I would assume that if the exploit was discovered before the update was released (Oct. 8th) it has been fixed in the update.

Dehash the passwords? My understanding is that the whole point of hashing is that it's almost impossible to reverse the process. To crack hashed passwords, hackers pre-compile a list of hashed values and their known un-hashed equivalents, and then check the hashed passwords from a database they have gained access to against their list until they find a match. This is still time consuming, and these pre-compiled lists are not a surefire way to crack a password. On top of all of this, assuming you use different passwords for different sites (which you should), them gaining access to your forum account is not a big deal. Xenobot's payments are handled by PayPal, so I don't think there is much important info within the database.

BitcoinTalk runs off of different forum software than we do. Of course every major forum software will probably contain some vulnerabilities, but the developers work hard to prevent it, and I would like to think that vBulletin has proven it's mettle when it comes to dealing with security.

We have little to worry about. The message is funny because the person makes no demands, gives no reason why they are 'hacking' Xenobot, and gives no way to prove that they have indeed gained any unauthorized access. All of this, paired with the general phrasing (nothing Xenobot specific, only customized bit being the Administator's name) leads me to believe it's probably a vBulletin spambot that is just set to pm the admin and scare them. Probably hoping to generate hype for the spambot operators leet hacking group.

o noez he haq uz plx darkstar halp uz b4 wii get hax!!

We just updated to vBulletin 4.2.2 (BlackdProxy is also running this version now), I would assume that if the exploit was discovered before the update was released (Oct. 8th) it has been fixed in the update.

Dehash the passwords? My understanding is that the whole point of hashing is that it's almost impossible to reverse the process. To crack hashed passwords, hackers pre-compile a list of hashed values and their known un-hashed equivalents, and then check the hashed passwords from a database they have gained access to against their list until they find a match. This is still time consuming, and these pre-compiled lists are not a surefire way to crack a password. On top of all of this, assuming you use different passwords for different sites (which you should), them gaining access to your forum account is not a big deal. Xenobot's payments are handled by PayPal, so I don't think there is much important info within the database.

BitcoinTalk runs off of different forum software than we do. Of course every major forum software will probably contain some vulnerabilities, but the developers work hard to prevent it, and I would like to think that vBulletin has proven it's mettle when it comes to dealing with security.

We have little to worry about. The message is funny because the person makes no demands, gives no reason why they are 'hacking' Xenobot, and gives no way to prove that they have indeed gained any unauthorized access. All of this, paired with the general phrasing (nothing Xenobot specific, only customized bit being the Administator's name) leads me to believe it's probably a vBulletin spambot that is just set to pm the admin and scare them. Probably hoping to generate hype for the spambot operators leet hacking group.

Of course they wont dehash all encripted passwords but one, admin one; then what about putting a username and password logger; then grab the mails, username and passwords of the users, maybe some of them use the same password of their emails, getting access to tibia account data, some people even save they tibia data on sticky emails like "tibia char recovery key", hack some users, they can also pretend to be X moderator for the famous middleman for example, hack some more, bind a backdoor on xenobot client and hack the whole community... of course those are the worst scenarios.

Of course they wont dehash all encripted passwords but one, admin one; then what about putting a username and password logger; then grab the mails, username and passwords of the users, maybe some of them use the same password of their emails, getting access to tibia account data, some people even save they tibia data on sticky emails like "tibia char recovery key", hack some users, they can also pretend to be X moderator for the famous middleman for example, hack some more, bind a backdoor on xenobot client and hack the whole community... of course those are the worst scenarios.

That's not how it works. When you create an account, your password is hashed and then that hash is stored in the database (it's not stored ANYWHERE in plain text). When you log in, the password you input is again hashed, and then compared to the hashed value in the database. The admin of any forum running half decent forum software should not have access to your password. And yes, people may use the same password for their forum account as their email. As I mentioned, people should use different passwords for every site.

Also, our staff visit the forums regularly. If one of our accounts were compromised, we would probably learn quickly enough to ensure it did not cause any problems.

I understand that you want us to be aware that there is a possibility that the Xenobot site and forums could be compromised in the future. We all know this already, this thread was not trying to say otherwise. But it's not. And this message is funny.

Testt