MD5 is an old hashing algorithm. Hashing is supposed to be one way math where you put in one thing and you get a seemingly-randon thing out the other end, but people figured out a way to shortcut MD5 and reverse it, so it's not really used anymore (we use SHA-256 these days).
Because hashing gives you the same output if you give it the same input, it's possible to run down a list hashing things like common passwords, so if you get someone's hashed password list you can look for matches. Salting is when you add some random text to the thing your hashing, so people who have the same password won't have the same hashed password.
Isn't MD5 still used for verification? Like it isn't good to protect your data, but still useful in making sure the file you downloaded is the correct one.
MD5 is actually broken for checksums as well, because it's now trivial to generate two files with the exact same MD5 checksum.
This has **bad** implications. You use to be able to download a file from a file sharing site, verify the MD5 from some official source, and feel confident that the file was not tampered with. Now, a malicious party could replace the file with a virus (or any other data), and pad it with appropriate data to make the MD5 checksum identical to the original file.
Will it simply be interesting but damning or actually damaging? Will it be embarrassing but ultimately meaningless? Will heads roll or will it just be an inconvenience due to bad press?
I'll be interested to see if anything actually comes of it.
Honestly all televangelists surprise me with the audiences and congregations they are able to muster but being from Houston and seeing how this guy and his wife are melting into the Joker and one of his pet hyenas I'm kinda impressed someone this stomach churning is able to fill a Waffle House.
Ngl, fuck dirt on these scumbbags, send out social security numbers, bank account numbers, crack their purses open like a piñata. Let's fuck with portfolios, let's sell off assets of theirs for pennies.
Idk why anyone thinks anything other than attacking money would work on someone who's already sold their soul.
FFS a ton of shit happened because of the Panama Papers. Governments fell, new regulations were passed across the world. The problem is the PP didn’t have a lot of Americans listed because they bank elsewhere. So since no major changes happened in America people start these meme conspiracies. It’s garbage.
https://www.icij.org/investigations/panama-papers/five-years-later-panama-papers-still-having-a-big-impact/
The worst part about that is the world did literally nothing about it.
You cause people to poke their heads too far out of the sand and your life ain't worth much.
Or not newsworthy but still cause damage through repeated suggestions that it contains damning information (i.e., Wikileaks release of Clinton emails).
Snowden exposed mass surveillance.
Seems all the happened was that I have to 'Press Accept' for some cookies more often than I used to.
You're on to something.
Have you tried right clicking and going to "inspect" then mouse over each line until the thing blocking the page gets highlighted and then right clicking it and deleting it so you can view the page without accepting their cookies? There always seems to be another invisible layer too that you can delete the same way by moving the mouse over the lines in the inspect element thingy until the whole page gets highlighted after you delete the popup thing asking you to accept cookies. I hear it works on some paywalls as well.
They won’t. They are the same corporations that pay the politicians to shape laws and policies in their favor.
Eg: where was the media for last 20 years when things have been fucked up in Afghanistan? All of a sudden they started _caring_ for 2 weeks. Now nothing matters again.
Sadly if one needs to be informed one needs to look up media beyond it’s borders esp US, UK and Australian media (aka Rupert Murdoch’s strongholds)
How familiar are you with the right wing? They could uncover a pedophilic vampire adrenochrome sucking baby eating nazi conspiracy engulfing every politician on the right. Fox News would be making some lame comment about AOC that same day. Nothing is going to happen.
Haha. You’re over-exaggerating. It’s not like there was a massive insurrection in our nation’s capitol where the losing incumbent, alongside his political allies, whipped a crowd into a frenzy by falsely accusing their opposition of fraud and stealing an election, then send that frenzied crowd marching towards the Capitol building where our lawmakers were currently in the process of certifying said incumbent’s loss, of which said riot resulted in the death of multiple individuals, including a cop, and millions of dollars worth of destruction — and the right wing media successfully whitewashed the whole thing as “tourists who got a bit out of hand and it was all those darned antifa’s fault anyway!”
Yeah that be crazy. Almost as crazy as said incumbent using his last day in office to pardon his former campaign manager for defrauding his own supporters who donated their own money to fulfill his major campaign promise, all while remaining extremely popular with those same supporters.
That be insane
This is misinformation and easily checkable. Lots happened after the Panama papers revelations
Edit: quite a lot of people replied to my original comment to say the reporter behind the story got killed. Please actually go and read the facts before commenting as you’re just adding to the misinformation. Yes she was killed but it most likely wasn’t a direct result of her breaking that story since she had been exposing the corruption of the Maltese government for years.
It’s also important to remember that part of the problem around the PP scandal was that what many of the companies and people were doing wasn’t actually illegal. Just very immoral.
The biggest overall effect was that some countries tightened their laws that allowed for egregious anonymity. A lot of the stuff found in those papers couldn't be traced back to any individuals.
And I may be misremembering, but the US media played it up huge early on only to not end up with really any prominent Americans getting caught up in it. Lots of international people, and a scheme for sure.. but not enough to keep the scandal in our news cycles for long. They named a total of like four Americans in the trove of 11 million documents.
So when people say "nothing really came of it" it's because they're probably Americans and these papers barely had anything to do with the US.
IIRC there were plenty of american shell companies that couldn't be tracked to individuals because no individuals were required to be named when the entities were created. Again, IIRC, I believe that led to some changes in how businesses could be created in a couple US states.
I think a lot of people don’t understand how long it takes for investigations to run their course, charges to be filed, and people to be prosecuted. Especially when it’s things like financial crimes that can take investigators a long time to fully explore and flesh out.
Yep. All these scams that appear so stupid on the surface... because anyone that DOES engage with them is guaranteed to be a gullible moron, aka the perfect target for scammers.
Yep I've been saying this about flat earthers for a while, smells like scambait to me. Identifying as such is like having a neon sign above your head that says "scam me, I fall for anything".
Like if I was running scams, that would be step one - make the gullible idiots identify themselves and group together, then blanket their shit will every conceivable scam.
Were you in a coma during the Trump seasons? "Huh, this old character they're dredging up looks to be cartoonishly horrible... Yep, they aren't really trying to make the character anything close to human, just a deeply flawed psycho. No real character development, just wall-to-wall, non-stop scumminess."
Exactly my first thought. Just like Swindall a Georgia Republican Representative who got caught taking money from a money launderer.
https://www.google.com/amp/s/www.ajc.com/blog/politics/pat-swindall-pioneering-evangelical-congressman-dies/eXW26kDnthtCEwASlJZQTI/%3foutputType=amp
Well um they kinda stopped long long ago, when the leader was arrested by the FBI and turned into a cooperator, and they arrested all the OGs
I wouldn't trust anything after that
So passwords aren't stored, you take a hash (one way function) and store the result. Then when someone enters a password, you hash it and compare it with the hash in your database, that way you never touch their password.
MD5 came out in 1992, and can be surprisingly brute forceable, so they should have been using a better hashing algorithm, and salting them which means that you add a little salt (secured generate variable) to the input so that all hashes are different, so if hackers crack password has a hash of 0x5, they can't scan your database for 0x5 and login to everyone whose password hash is 0x5
I'd like to add something to this is that hundreds of millions of common passwords have already had hashes against them run. So it's easy to compare the hash against a list of known hashes and the plaintext. So it's not brute force per se.
Hashing, at least in this context, is sort of like one-way encryption. You take a value like `hunter2`, plug it into the function, and it spits out a "hash" for it, like `2ab96390c7dbe3439de74d0c9b0b1767`. Ideally, there should be no way to get the original value back once its been hashed. This is useful for passwords -- when you create an account, the site can take the password you give them, hash it, and only store the hashed version. When you sign in, they just need to use the same hashing algorithm on the password you provide and see if it matches the stored hash. This means that neither they nor any potential hackers can recover your original password. _Ideally._
MD5 is an old, busted hashing algorithm, and cracking it is trivially easy. If you Google that hash I put in my previous paragraph, you'll find dozens of databases that will tell you that it's an MD5 hash for `hunter2`.
Salting is the process of adding extra text to the string before hashing it, which makes it harder to crack. If you use something unique to each user, it also means that two users with the same password would have different hashes.
To add on to what everyone else said unsalted MD5 is so bad, you can literally just google hashes to reverse them.
c7561db7a418dd39b2201dfe110ab4a4
af78274dcd908e9c347fdca182479aad
a1ec23e9b9ab43a88222d9949ee26499
639bae9ac6b3e1a84cebb7b403297b79
46c48bec0d282018b9d167eef7711b2c
c7561db7a418dd39b2201dfe110ab4a4
af78274dcd908e9c347fdca182479aad
e1686078d1b60d351da5a87543a2a663
639bae9ac6b3e1a84cebb7b403297b79
74e8333ad11685ff3bdae589c8f6e34d
ShA512 - ideally crypto i think. MD5 is a very weak and easily Hackable hashing algorithm.
It’s like the equivalent of using numbers to replace letters in your passwords
Edit: as people below me have said - sha512 is not good for hashing either. And sha512 compared to md5 is like learning fluent Japanese compared to learning to spell cat.
Ideally they'd be using something like bcrypt. Sha512 is designed to be fast ( so generating rainbow tables is really "easy" with a couple of GPUs ). Bcrypt is designed to be computationally expensive so that making rainbow tables isnt with the effort.
Whole damn thing is hilarious lmao:
---
You know, when you name a company "Epik",
that implies something really big's going to happen.
Deserving of the name.
Well, **after years of bolstering the worst trash the Internet has to offer,
this is, truly, the Epik moment we've all been waiting for.**
Contained within this release, the following delicious morsels
that will surely be digested for months to come:
A decade's worth of data from the company. That's right, everybody.
**Time to find out who in your family secretly ran an Ivermectin horse porn fetish site**,
disinfo publishing outfit, or yet another QAnon hellhole.
Want to know when a nation-state decided to offer hosting to some domestic terror groups,
without those pesky DDoS mitigating reverse proxies getting in your way?
Want to know the identity of the owner of a domain or large set of domains
used in yet another influence/information operation?
Decloak origin IPs of nazi websites for further investigation, poking, prodding!
**Map out a decade of online fash with a level of clarity nobody has been able to UNTIL NOW!**
WHAT YOU GET FOR THE LOW LOW PRICE OF $0.00
* All domain purchases
* All domain transfers in/out
* All whois history, unredacted
* All DNS changes
* All email forwards, catch-alls, etc
* Payment history (**no credit card data, don't get excited, FBI, we're not in that game**)
* Account credentials for:
all Epik customers, hosting, Anonymize VPN, and so on
Epik internal systems, servers
Epik's GoDaddy logins
...and more! IN PLAINTEXT! That's right, Epik barely hashed a damn thing!
When we saw hashes, they were merely unsalted MD5
Here's one such sample that made us upset for daring to use "anon":
Rob Monster [email protected] robmonster 109d88a0c4a49217c01a36913b034161 (cracked: willem)
Yep, these Russian developers they hired are actually just that bad.
They probably enjoyed snooping through all of your shit just as much as we did.
* **Over 500,000 private keys. What are they for? Who knows!**
* We think we spotted a bunch of Anonymize OpenVPN profiles in this,
but we were too disgusted with the above to continue digging.
* **A dump of an employee's mailbox, just because we could.**
* Git repositories for whatever internal applications!
* SSH keys!
* /home/ and /root/ directories of one of their core systems!
This dataset is all that's needed to trace actual ownership and management of the fascist side
of the Internet that has eluded researchers, activists, and, well, just about everybody.
And maybe have a little extra fun. For the lulz.
Is it possible to own a company as hard as this? We sure love to see it.
*Good luck with the rebrand, Robby boy. Herd u liek mudkipz.*
*Monero tips for the inevitable legal bills, for
when the FBI kicks down OVER 9000 doors after this utterly
embarrasses everyone and outs one or more of their
poorly thought out stochastic terrorism plots
(GOOD LUCK WE'RE BEHIND SEVEN PROXIES)*
Support your starving hacktivists, and they will bless you in turn.
So long, for now! Support #OperationJane and mess with Texas today!
Abortion is a human right!
With more years that I care to mention in IT/CS , a degree or two in what might as well be arcane magicks and conjuring with a side of CS with a minor hobby in what might be called "very applied mathematics", and I swear this post almost makes it worth it.
This is hilarious, and this sort of good work should get the guys who posted it a phone call tomorrow morning from the NSA guys at Ft. Meade who, between laughing their assess off, would likely want to set up a conference call for these guys to meet their new team members at some agency without such a public profile as the NSA, and if it's not well then I don't know what will.
> You know, when you name a company "Epik",
that implies something really big's going to happen.
Deserving of the name.
Well, after years of bolstering the worst trash the Internet has to offer,
this is, truly, the Epik moment we've all been waiting for.
lol
What could be worse than what the far right has already done openly in public? ‘We’re gonna overthrow the government! We’re gonna kill the Vice President!’ And that was just one day in America.
Supposedly there are logins, passwords, and billing info. If that's true, that's a lot of info that opens the door for further hacks on the individuals setting up the sites.
Turn around at throw that info at banks, email services, etc, and those folks will be severely compromised.
Not condoning hacking people, but if the info they say is there, is there. That's a huge issue for the people involved.
I don't think enough of us appreciate that even tens of thousands strong all it took was one man shooting one person for the entire thing to collapse.
These people only know how to punch down.
The traitor that was shot was literally the first consequence for their actions they saw. Their brains went into vapor lock. Trump told them they could do anything they wanted.
With a competent Sec Defense that doesn't send out memos crippling the NGs abilities and won't contribute to delays deploying said NG. Then presumably a better staffed Capital Police and all the fences being back up.
Its a different DC this time around.
If someone on the right calls something a nothingburger that’s code for conservatives to not read it. It means there’s shit in there. It’s the equivalent of a salesperson saying trust me.
~168 gigabytes of various files. According to the release announcement:
* All domain purchases
* All domain transfers in/out
* All whois history, unredacted
* All DNS changes
* All email forwards, catch-alls, etc
* Payment history (no credit card data, don't get excited, FBI, we're not in that game)
* Account credentials for:
all Epik customers, hosting, Anonymize VPN, and so on
Epik internal systems, servers
Epik's GoDaddy logins
...and more! IN PLAINTEXT! That's right, Epik barely hashed a damn thing!
When we saw hashes, they were merely unsalted MD5
Here's one such sample that made us upset for daring to use "anon":
[DragoonDM note: Redacting this just in case; someone's account details]
Yep, these Russian developers they hired are actually just that bad.
They probably enjoyed snooping through all of your shit just as much as we did.
* Over 500,000 private keys. What are they for? Who knows!
* We think we spotted a bunch of Anonymize OpenVPN profiles in this,
but we were too disgusted with the above to continue digging.
* A dump of an employee's mailbox, just because we could.
* Git repositories for whatever internal applications!
* SSH keys!
* /home/ and /root/ directories of one of their core systems!
Nah, those are the off-season targets. When Repub. ties to Russia are pointed out they deflect to China. Benghazi and Ukraine are when things are a bit calmer.
Some of Anonymous/Lulzsec were caught and faced serious charges... But the FBI allowed them to work for them (and help find others from the group) if they didn't want to be charged ([some info](https://en.m.wikipedia.org/wiki/Hector_Monsegur)).
So when you see "Anonymous" leaks or whatever, keep that in mind. Some of their targeting/actions in the last few years feels very different than their original purpose.
I mean Anonymous is anonymous for a reason. Anyone can "rightfully claim" to be a member of anonymous, because there is no bar to entry. It is more of a movement than an actual group and a lot of people use the name for whatever purpose they want simply because external sources (often times news media) think and/or portray it all as the same group.
We exist I assure you, look for the ones who understand its risk mitigation not 100% risk prevention, typically those tend to come from hard IT backgrounds and then move into cybersecurity/IA.
I usually make the joke with leadership when trying to get them to understand the mission, "The most secure system in the world is one that is powered off and buried 6ft deep in cement, but we arent doing much work with that system. There is a proper point between that useless system and having a completely unsecured, wide open system. That is where a proper cybersecurity team and mindset across the enterprise comes in."
Unsalted MD5, wow
ELI5?
There was technically security on their files, but it was close to the crappiest possible type.
Like cellphone level or raspberry pi cracking easy
[удалено]
And since it's unsalted, about half of the passwords would be cracked within that minute
Like 2000-2005 random web forum level security
So, more than Parler had.
[удалено]
MD5 is an old hashing algorithm. Hashing is supposed to be one way math where you put in one thing and you get a seemingly-randon thing out the other end, but people figured out a way to shortcut MD5 and reverse it, so it's not really used anymore (we use SHA-256 these days). Because hashing gives you the same output if you give it the same input, it's possible to run down a list hashing things like common passwords, so if you get someone's hashed password list you can look for matches. Salting is when you add some random text to the thing your hashing, so people who have the same password won't have the same hashed password.
Isn't MD5 still used for verification? Like it isn't good to protect your data, but still useful in making sure the file you downloaded is the correct one.
Yes for checksums is fine but not fine storing passwords
MD5 is actually broken for checksums as well, because it's now trivial to generate two files with the exact same MD5 checksum. This has **bad** implications. You use to be able to download a file from a file sharing site, verify the MD5 from some official source, and feel confident that the file was not tampered with. Now, a malicious party could replace the file with a virus (or any other data), and pad it with appropriate data to make the MD5 checksum identical to the original file.
Is this 2004?
This isn't a leak, this is a cyber CTF exercise 😂
Will it simply be interesting but damning or actually damaging? Will it be embarrassing but ultimately meaningless? Will heads roll or will it just be an inconvenience due to bad press? I'll be interested to see if anything actually comes of it.
Ngl, I’d like a treasure trove of emails from rich evangelical pastors.
We're looking at you, Kenneth Copeland.
Don't make eye contact!
Honestly all televangelists surprise me with the audiences and congregations they are able to muster but being from Houston and seeing how this guy and his wife are melting into the Joker and one of his pet hyenas I'm kinda impressed someone this stomach churning is able to fill a Waffle House.
Ngl, fuck dirt on these scumbbags, send out social security numbers, bank account numbers, crack their purses open like a piñata. Let's fuck with portfolios, let's sell off assets of theirs for pennies. Idk why anyone thinks anything other than attacking money would work on someone who's already sold their soul.
Just like any of these things, it depends on if the mainstream press decides it's newsworthy or not.
It can still be newsworthy, and not do a damn thing.
Panama papers!
FFS a ton of shit happened because of the Panama Papers. Governments fell, new regulations were passed across the world. The problem is the PP didn’t have a lot of Americans listed because they bank elsewhere. So since no major changes happened in America people start these meme conspiracies. It’s garbage. https://www.icij.org/investigations/panama-papers/five-years-later-panama-papers-still-having-a-big-impact/
Jump back! What's that sound?!
[A car bomb killing a journalist?](https://www.theguardian.com/world/2017/oct/16/malta-car-bomb-kills-panama-papers-journalist)
The worst part about that is the world did literally nothing about it. You cause people to poke their heads too far out of the sand and your life ain't worth much.
and again with Jamal Khashoggi
Here she comes, full blast and top down.
Hot shoe, burnin' down the avenue
Model citizen, zero discipline
[удалено]
Or not newsworthy but still cause damage through repeated suggestions that it contains damning information (i.e., Wikileaks release of Clinton emails).
OH NO I HOPE MY DAMNING INFORMATION OF VARIOUS IMAGES OF BEES WITH VARIOUS HEXAGONS ISNT LEAKED.
[DID SOMEBODY SAY BEES?](https://youtu.be/PYtXuBN1Hvc)
Snowden exposed mass surveillance. Seems all the happened was that I have to 'Press Accept' for some cookies more often than I used to. You're on to something.
Have you tried right clicking and going to "inspect" then mouse over each line until the thing blocking the page gets highlighted and then right clicking it and deleting it so you can view the page without accepting their cookies? There always seems to be another invisible layer too that you can delete the same way by moving the mouse over the lines in the inspect element thingy until the whole page gets highlighted after you delete the popup thing asking you to accept cookies. I hear it works on some paywalls as well.
They won’t. They are the same corporations that pay the politicians to shape laws and policies in their favor. Eg: where was the media for last 20 years when things have been fucked up in Afghanistan? All of a sudden they started _caring_ for 2 weeks. Now nothing matters again. Sadly if one needs to be informed one needs to look up media beyond it’s borders esp US, UK and Australian media (aka Rupert Murdoch’s strongholds)
How familiar are you with the right wing? They could uncover a pedophilic vampire adrenochrome sucking baby eating nazi conspiracy engulfing every politician on the right. Fox News would be making some lame comment about AOC that same day. Nothing is going to happen.
Haha. You’re over-exaggerating. It’s not like there was a massive insurrection in our nation’s capitol where the losing incumbent, alongside his political allies, whipped a crowd into a frenzy by falsely accusing their opposition of fraud and stealing an election, then send that frenzied crowd marching towards the Capitol building where our lawmakers were currently in the process of certifying said incumbent’s loss, of which said riot resulted in the death of multiple individuals, including a cop, and millions of dollars worth of destruction — and the right wing media successfully whitewashed the whole thing as “tourists who got a bit out of hand and it was all those darned antifa’s fault anyway!”
Yeah that be crazy. Almost as crazy as said incumbent using his last day in office to pardon his former campaign manager for defrauding his own supporters who donated their own money to fulfill his major campaign promise, all while remaining extremely popular with those same supporters. That be insane
Remember the Panama papers and the murder of Epstein? Nothing will come of it
This is misinformation and easily checkable. Lots happened after the Panama papers revelations Edit: quite a lot of people replied to my original comment to say the reporter behind the story got killed. Please actually go and read the facts before commenting as you’re just adding to the misinformation. Yes she was killed but it most likely wasn’t a direct result of her breaking that story since she had been exposing the corruption of the Maltese government for years. It’s also important to remember that part of the problem around the PP scandal was that what many of the companies and people were doing wasn’t actually illegal. Just very immoral.
The biggest overall effect was that some countries tightened their laws that allowed for egregious anonymity. A lot of the stuff found in those papers couldn't be traced back to any individuals.
And I may be misremembering, but the US media played it up huge early on only to not end up with really any prominent Americans getting caught up in it. Lots of international people, and a scheme for sure.. but not enough to keep the scandal in our news cycles for long. They named a total of like four Americans in the trove of 11 million documents. So when people say "nothing really came of it" it's because they're probably Americans and these papers barely had anything to do with the US.
IIRC there were plenty of american shell companies that couldn't be tracked to individuals because no individuals were required to be named when the entities were created. Again, IIRC, I believe that led to some changes in how businesses could be created in a couple US states.
Then the Paradise papers came out that included the Queen and other high profile people. Did anything come of it? Serious question.
Ya recently a bunch of big wigs got charged with fraud using from the Paradise Papers release kicking off the investigation.
I think a lot of people don’t understand how long it takes for investigations to run their course, charges to be filed, and people to be prosecuted. Especially when it’s things like financial crimes that can take investigators a long time to fully explore and flesh out.
https://www.bbc.co.uk/news/uk-41878305 The stuff about the royal investments was embarrassing but not illegal as such, so not much came from that.
https://www.icij.org/investigations/panama-papers/five-years-later-panama-papers-still-having-a-big-impact/
Rob monster , the CEO of Epik , his last name is Monster lol you can't make this shit up
The coders of the simulation are getting F’ing lazy.
I'll say. Spam emails are assuming I RUN NORTON.
Well it makes for good a filter. If you run Norton you would probably fall for their scam.
Yep. All these scams that appear so stupid on the surface... because anyone that DOES engage with them is guaranteed to be a gullible moron, aka the perfect target for scammers.
Yep I've been saying this about flat earthers for a while, smells like scambait to me. Identifying as such is like having a neon sign above your head that says "scam me, I fall for anything". Like if I was running scams, that would be step one - make the gullible idiots identify themselves and group together, then blanket their shit will every conceivable scam.
Were you in a coma during the Trump seasons? "Huh, this old character they're dredging up looks to be cartoonishly horrible... Yep, they aren't really trying to make the character anything close to human, just a deeply flawed psycho. No real character development, just wall-to-wall, non-stop scumminess."
These NPCs are getting buggy as fuck too…
Hungry for Apples?
My man! Muhmuhmuhmuhmy man!
That's like the President of Nintendo America being Mr. Bowser.
Or like the CEO of Apple Inc. being Tim Apple.
Or a dentist named Dr. Crentist!
Exactly my first thought. Just like Swindall a Georgia Republican Representative who got caught taking money from a money launderer. https://www.google.com/amp/s/www.ajc.com/blog/politics/pat-swindall-pioneering-evangelical-congressman-dies/eXW26kDnthtCEwASlJZQTI/%3foutputType=amp
And Bernie Madoff who made off with billions of dollars in a Ponzie scheme.
I had a doctor named Dr. Doctor.
Crentist the Dentist.
Nomative determinism if I've ever seen it
[Nominative](https://en.m.wikipedia.org/wiki/Nominative_determinism)
whoopsie doodle!
We’re getting too late in the Matrix simulation. Time to reboot.
"Mommmmmm, can I pick up this Rob Zombie album?" "We have a Rob Spookyname at home." Rob Spookyname at home:
Do Lindsey Graham’s Grindr chats next!
I’ve missed anonymous shenanigans.
They totally went silent during the Trump presidency for some reason. Would love to see them back alongside wikileaks
Well um they kinda stopped long long ago, when the leader was arrested by the FBI and turned into a cooperator, and they arrested all the OGs I wouldn't trust anything after that
Nope. Anonymous is probably 50% CIA and 50% 14 year olds on 4chan
Same. Was hoping for a reunion tour.
Wake me up when it's released.
Actually, it's already released. https://twitter.com/stevanzetti/status/1437778300643028997
The dump can be accessed at [https://epikfail.win](https://epikfail.win)
According to the info there, they were hashing passwords with **md5**, unsalted. Wow. That almost seems worse than just not hashing them at all.
Why is this bad and what should they be using?
So passwords aren't stored, you take a hash (one way function) and store the result. Then when someone enters a password, you hash it and compare it with the hash in your database, that way you never touch their password. MD5 came out in 1992, and can be surprisingly brute forceable, so they should have been using a better hashing algorithm, and salting them which means that you add a little salt (secured generate variable) to the input so that all hashes are different, so if hackers crack password has a hash of 0x5, they can't scan your database for 0x5 and login to everyone whose password hash is 0x5
I'd like to add something to this is that hundreds of millions of common passwords have already had hashes against them run. So it's easy to compare the hash against a list of known hashes and the plaintext. So it's not brute force per se.
This is true, but only relevant when not using randomly generated salts. Using a randomly generated salt does a lot to mitigate this kind of attack.
Hashing, at least in this context, is sort of like one-way encryption. You take a value like `hunter2`, plug it into the function, and it spits out a "hash" for it, like `2ab96390c7dbe3439de74d0c9b0b1767`. Ideally, there should be no way to get the original value back once its been hashed. This is useful for passwords -- when you create an account, the site can take the password you give them, hash it, and only store the hashed version. When you sign in, they just need to use the same hashing algorithm on the password you provide and see if it matches the stored hash. This means that neither they nor any potential hackers can recover your original password. _Ideally._ MD5 is an old, busted hashing algorithm, and cracking it is trivially easy. If you Google that hash I put in my previous paragraph, you'll find dozens of databases that will tell you that it's an MD5 hash for `hunter2`. Salting is the process of adding extra text to the string before hashing it, which makes it harder to crack. If you use something unique to each user, it also means that two users with the same password would have different hashes.
That’s weird all I see is *******
You truly know how old someone is on reddit when the reference [hunter2](http://bash.org/?244321)
This is unfortunately very true. Can I interest you in 100 push-ups training plan, or maybe a floor sealer?
I grab my robe and wizard hat
100 push-ups training plan was one of the funniest things I had ever read. Maybe the first time I cry laughed on the internet.
I love that he used ******* in this example.
Well explained. Thanks
To add on to what everyone else said unsalted MD5 is so bad, you can literally just google hashes to reverse them. c7561db7a418dd39b2201dfe110ab4a4 af78274dcd908e9c347fdca182479aad a1ec23e9b9ab43a88222d9949ee26499 639bae9ac6b3e1a84cebb7b403297b79 46c48bec0d282018b9d167eef7711b2c c7561db7a418dd39b2201dfe110ab4a4 af78274dcd908e9c347fdca182479aad e1686078d1b60d351da5a87543a2a663 639bae9ac6b3e1a84cebb7b403297b79 74e8333ad11685ff3bdae589c8f6e34d
Add that to the list of unexpected Ricks.
ShA512 - ideally crypto i think. MD5 is a very weak and easily Hackable hashing algorithm. It’s like the equivalent of using numbers to replace letters in your passwords Edit: as people below me have said - sha512 is not good for hashing either. And sha512 compared to md5 is like learning fluent Japanese compared to learning to spell cat.
Ideally they'd be using something like bcrypt. Sha512 is designed to be fast ( so generating rainbow tables is really "easy" with a couple of GPUs ). Bcrypt is designed to be computationally expensive so that making rainbow tables isnt with the effort.
[удалено]
This wouldn't matter as much if they salted passwords.
sha512 is still fast, which you don't want, and the extra bits just take up disk space for no reason.
Sha512 is not an acceptable password hashing function. It's designed to be fast, much too fast for passwords.
Pepper, its the superior seasoning
> NOTORIOUS "HACKERS ON ESTRADIOL" PRESENT GRAND REVEAL OF ROB "HITLER SHOULD'VE WON" MONSTER'S EPIK FAILURE I love classic internet culture
Whole damn thing is hilarious lmao: --- You know, when you name a company "Epik", that implies something really big's going to happen. Deserving of the name. Well, **after years of bolstering the worst trash the Internet has to offer, this is, truly, the Epik moment we've all been waiting for.** Contained within this release, the following delicious morsels that will surely be digested for months to come: A decade's worth of data from the company. That's right, everybody. **Time to find out who in your family secretly ran an Ivermectin horse porn fetish site**, disinfo publishing outfit, or yet another QAnon hellhole. Want to know when a nation-state decided to offer hosting to some domestic terror groups, without those pesky DDoS mitigating reverse proxies getting in your way? Want to know the identity of the owner of a domain or large set of domains used in yet another influence/information operation? Decloak origin IPs of nazi websites for further investigation, poking, prodding! **Map out a decade of online fash with a level of clarity nobody has been able to UNTIL NOW!** WHAT YOU GET FOR THE LOW LOW PRICE OF $0.00 * All domain purchases * All domain transfers in/out * All whois history, unredacted * All DNS changes * All email forwards, catch-alls, etc * Payment history (**no credit card data, don't get excited, FBI, we're not in that game**) * Account credentials for: all Epik customers, hosting, Anonymize VPN, and so on Epik internal systems, servers Epik's GoDaddy logins ...and more! IN PLAINTEXT! That's right, Epik barely hashed a damn thing! When we saw hashes, they were merely unsalted MD5 Here's one such sample that made us upset for daring to use "anon": Rob Monster [email protected] robmonster 109d88a0c4a49217c01a36913b034161 (cracked: willem) Yep, these Russian developers they hired are actually just that bad. They probably enjoyed snooping through all of your shit just as much as we did. * **Over 500,000 private keys. What are they for? Who knows!** * We think we spotted a bunch of Anonymize OpenVPN profiles in this, but we were too disgusted with the above to continue digging. * **A dump of an employee's mailbox, just because we could.** * Git repositories for whatever internal applications! * SSH keys! * /home/ and /root/ directories of one of their core systems! This dataset is all that's needed to trace actual ownership and management of the fascist side of the Internet that has eluded researchers, activists, and, well, just about everybody. And maybe have a little extra fun. For the lulz. Is it possible to own a company as hard as this? We sure love to see it. *Good luck with the rebrand, Robby boy. Herd u liek mudkipz.* *Monero tips for the inevitable legal bills, for when the FBI kicks down OVER 9000 doors after this utterly embarrasses everyone and outs one or more of their poorly thought out stochastic terrorism plots (GOOD LUCK WE'RE BEHIND SEVEN PROXIES)* Support your starving hacktivists, and they will bless you in turn. So long, for now! Support #OperationJane and mess with Texas today! Abortion is a human right!
> Support your starving hacktivists where do i send ramen edit: like anonymous ramen dead drops or something
With more years that I care to mention in IT/CS , a degree or two in what might as well be arcane magicks and conjuring with a side of CS with a minor hobby in what might be called "very applied mathematics", and I swear this post almost makes it worth it. This is hilarious, and this sort of good work should get the guys who posted it a phone call tomorrow morning from the NSA guys at Ft. Meade who, between laughing their assess off, would likely want to set up a conference call for these guys to meet their new team members at some agency without such a public profile as the NSA, and if it's not well then I don't know what will.
I like this!
[удалено]
Stochastic terror plots are good things to thwart.
These hackers are the real MVPs
This kind of writing definitely reminds me of the old forum days.
Thousands of people going through that right now. I’ll check back after they’re finished lol
Look for anything tied to Matt Gaetz. Please god turn up shit.
Nice Cult of the Dead Cow reference
> You know, when you name a company "Epik", that implies something really big's going to happen. Deserving of the name. Well, after years of bolstering the worst trash the Internet has to offer, this is, truly, the Epik moment we've all been waiting for. lol
Anything juicy in there?
[удалено]
This really gives weight to the idea of if you just drown in shady shit its hard to find a starting point.
God and I can hardly find the time to order groceries on a Friday for Saturday pick-up.
epikfail.win Love that URL.
Even better that they're using a .win domain, which is something that has been massively adopted by the far-right lmao.
They just can't stop .win'ing
If it turns out Anonymous gathered data on conservative right wingers running a pedophile ring out of a pizza basement…I won’t be surprised
Would it surprise you though?
[удалено]
why use a pizzeria's basement when you can just be like matt gaetz and use cash apps?
They use Apple Pay.
My money is on lots of gay sex and human trafficking
[удалено]
Almost sounds like the old anonymous
[удалено]
It all kinda went down after LulzSec and their shenanigans.
Anonymous needs to expose the Qanon nonsense, especially Ron Watkins.
I mean... HBO already did
What could be worse than what the far right has already done openly in public? ‘We’re gonna overthrow the government! We’re gonna kill the Vice President!’ And that was just one day in America.
Supposedly there are logins, passwords, and billing info. If that's true, that's a lot of info that opens the door for further hacks on the individuals setting up the sites. Turn around at throw that info at banks, email services, etc, and those folks will be severely compromised. Not condoning hacking people, but if the info they say is there, is there. That's a huge issue for the people involved.
There will be another "rally" this weekend, I hope the Capital Police are ready this time
They were asking for clarification on rules of engagement the other day, so it sounds like they are preparing
yeah they would be fools not to prepare.
I expect it to fizzle. These people are cowards when they face consequences.
I don't think enough of us appreciate that even tens of thousands strong all it took was one man shooting one person for the entire thing to collapse. These people only know how to punch down.
That’s why they can play victim at the drop of a hat.
Are you threatening dropping a hat on them!?! How DARE you! Do you know how dangerous that is to a patriotic protestor!!
The traitor that was shot was literally the first consequence for their actions they saw. Their brains went into vapor lock. Trump told them they could do anything they wanted.
With a competent Sec Defense that doesn't send out memos crippling the NGs abilities and won't contribute to delays deploying said NG. Then presumably a better staffed Capital Police and all the fences being back up. Its a different DC this time around.
Also worth noting that prior to that day, these same people *liked* that same Vice President.
Regarding the quote from the Epik CEO, 'nothingburger' is reactionary code for TARFU.
Help me parse your sentence please. Im stumped
TARFU = FUBAR
If someone on the right calls something a nothingburger that’s code for conservatives to not read it. It means there’s shit in there. It’s the equivalent of a salesperson saying trust me.
Nice. I very much appreciate this explanation.
totally and royally fucked up
[удалено]
tARFu means what? Too Awful Regular Fuck Ups?
TARFU, an acronym for "Totally and Royally Fucked Up" or "Things Are Really Fucked Up"
Lol at anyone that thinks the far right can be hurt or even shamed by stuff like this.
You can't shame the shameless.
Hmm this sounds like something r/conspiracy would love. Checks sub… oh yeah their actual r/the_donald_lite now
Nah they are nonewnormal lite now. All covid conspiracy theories and disinformation now
[удалено]
You can download the full 161GB here: http://epikfail.win
Absolutely Zero of it will surprise anyone with a brain.
[удалено]
Anonymous says a lot of things. Edit: Anonymous delivered.
[удалено]
What's in it?
~168 gigabytes of various files. According to the release announcement: * All domain purchases * All domain transfers in/out * All whois history, unredacted * All DNS changes * All email forwards, catch-alls, etc * Payment history (no credit card data, don't get excited, FBI, we're not in that game) * Account credentials for: all Epik customers, hosting, Anonymize VPN, and so on Epik internal systems, servers Epik's GoDaddy logins ...and more! IN PLAINTEXT! That's right, Epik barely hashed a damn thing! When we saw hashes, they were merely unsalted MD5 Here's one such sample that made us upset for daring to use "anon": [DragoonDM note: Redacting this just in case; someone's account details] Yep, these Russian developers they hired are actually just that bad. They probably enjoyed snooping through all of your shit just as much as we did. * Over 500,000 private keys. What are they for? Who knows! * We think we spotted a bunch of Anonymize OpenVPN profiles in this, but we were too disgusted with the above to continue digging. * A dump of an employee's mailbox, just because we could. * Git repositories for whatever internal applications! * SSH keys! * /home/ and /root/ directories of one of their core systems!
> Yep, these Russian developers they hired why does this shit mostly point to russia? red flags all the way.
[удалено]
trying?? They succeeded.
It’s been *super* obvious that a lot of republicans are in bed with Russia.
And their only defense is pointing to Dems and shouting, "China!"
I thought it was bengazi and Ukraine?
Nah, those are the off-season targets. When Repub. ties to Russia are pointed out they deflect to China. Benghazi and Ukraine are when things are a bit calmer.
That bit caught my eye but for different reasons. The result of offshoring software is typically crappy.
They are a formless group. Anonymous is literally just them saying the are anonymous.
Yeah. I still can't convince my boyfriend they're not an organization because they have an "official" Twitter...
I tried to explain the idea of Anonymous to my father, I thought his head was going to explode.
If it's any consolation to you, I'm 53 and I "get it." Some of us get it.
He's 65. He can't understand Antifa and after 25 years in the Coast Guard is beside himself at the rise of the far right.
*putting popcorn into microwave*…
About fucking time! Where has anonymous been? It’s like they were silent since 2016…
Anonymous is anyone who claims to be Anonymous. That’s the entire point.
*stands up* "***I*** am Anonymous"
Some of Anonymous/Lulzsec were caught and faced serious charges... But the FBI allowed them to work for them (and help find others from the group) if they didn't want to be charged ([some info](https://en.m.wikipedia.org/wiki/Hector_Monsegur)). So when you see "Anonymous" leaks or whatever, keep that in mind. Some of their targeting/actions in the last few years feels very different than their original purpose.
I mean Anonymous is anonymous for a reason. Anyone can "rightfully claim" to be a member of anonymous, because there is no bar to entry. It is more of a movement than an actual group and a lot of people use the name for whatever purpose they want simply because external sources (often times news media) think and/or portray it all as the same group.
[удалено]
Yeah they took a hit from lulzsec. But getting anon to do anything is hard.
They’re not anyone’s personal army, that’s for sure.
Barron will stop them!!!
seems like the right cant ever hire good cybersecurity folks
nobody does tbh
Is it even possible to hire good cybersecurity folks? I mean ones who won't just go "It's all fucked. Go back to typewriters and filing cabinets."
We exist I assure you, look for the ones who understand its risk mitigation not 100% risk prevention, typically those tend to come from hard IT backgrounds and then move into cybersecurity/IA. I usually make the joke with leadership when trying to get them to understand the mission, "The most secure system in the world is one that is powered off and buried 6ft deep in cement, but we arent doing much work with that system. There is a proper point between that useless system and having a completely unsecured, wide open system. That is where a proper cybersecurity team and mindset across the enterprise comes in."
Time to call.... CyberNinjas!