PMBD
Welcome,
Guest
. Please
login
or
register
.
2024 October 05, 04:07:17
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search:
Advanced search
138712
Posts in
1637
Topics by
5290
Members
Latest Member:
troubleneko
PMBD
The Pirate Ship
ARR!
TSR: In Ur Accounts, Deletin Ur Stuffs!
0 Members and 1 Chinese Bot are viewing this topic.
« previous
next »
Pages:
1
...
164
165
[
166
]
167
168
...
185
Author
Topic: TSR: In Ur Accounts, Deletin Ur Stuffs! (Read 961099 times)
fway
ARR!
Posts: 410
ESTP
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2475 on:
2009 December 11, 06:02:09 »
Just for kicks, I was on bookface and decided to do a search on TSR and what do you know, TSR has a bookface page.
http://www.facebook.com/search/?q=The+Sims+Resource&init=quick#/TheSimsResource?v=wall&ref=search
Just another way to be doxed I suppose. Not fanning it, but I just wanted it to be known. You might want to make everything private/change names/etc. if you want to expose them on there, you'll have to become a "fan" in order to post.
Oh and I just found the page for PMBD! Awesome.
Logged
-
Doughnuts?
ShanOw
ARR!
Posts: 210
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2476 on:
2009 December 11, 06:24:42 »
TSR have a twitter thingo as well... the drivel from that is enough to bore you stupid, they're worse then those "now eating cereal" ... "now walking" people.
Logged
Sims Central
-
SimSearch
-
My Blog!
The one who no longer needs stopping!
catbyte
Landlubber
Posts: 7
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2477 on:
2009 December 11, 07:46:33 »
Quote from: Pescado on 2009 December 10, 19:41:36
But there's one key thing that differentiates such attackers, which are very common and have hit sites, but the ATTACK PROFILE is different. 12 year old l33t h4xx0r d00dz don't steal account information from databases and then strike back at people who have expressed anti-TSR sentiments. 12s will just vandalize your site, wipe your database, and run off to brag to their friends about it. Happens all the time, even in this community. Sometimes people blame TSR for that, but I always have rejected such claims, as the attack profile does not match that of a targeted move.
So very true. It's not like PMBD has it's own personal army of hackers out to destroy TSR. in fact, it doesn't need one as TSR is doing a good job itself.
Logged
Moune
ARR!
Posts: 380
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2478 on:
2009 December 11, 13:38:27 »
So, where did Johan go?
Logged
* Formerly known as Peachfish *
Got a hungry sim that needs a nice place to have dinner?
HERE
is a new dining room for you.
kenmtl
ARR!
Posts: 1308
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2479 on:
2009 December 11, 13:45:36 »
Probably at the hospital, I heard his foot got stuck in Thomas's ass.
Logged
I'm in ur forums propagating ur discussions
Like free shit? Me too. Get it here!
Paleoanth
ARR!
Posts: 1179
1337 |-|@X0r
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2480 on:
2009 December 11, 13:52:16 »
I vote for all night committee meeting to try and address Pescado's logic with more razzle dazzle.
Logged
Get my Barn set at
Calalilysims
Shakeshaft is a THIEF and Thomas is pathetic.
Pescado
Pirate King
Posts: 2095
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2481 on:
2009 December 11, 14:30:02 »
Quote from: Moune on 2009 December 11, 13:38:27
So, where did Johan go?
My guess? He's probably busy and there is nothing particularly nefarious or untoward about his absence. It's not like he doesn't have important things to be doing other than lurking here in this forum. Not EVERYTHING is part of a vile TSR conspiracy. Just MOST things. Unless they are Thomas-based.
Logged
Give a man a fire, and you warm him for a day. Set a man on fire, and he will be warm for the rest of his life.
Moune
ARR!
Posts: 380
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2482 on:
2009 December 11, 17:45:33 »
Well, it was fun having him around. Especially when you started talking to him, Pes.
Logged
* Formerly known as Peachfish *
Got a hungry sim that needs a nice place to have dinner?
HERE
is a new dining room for you.
johan
ARR!
Posts: 58
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2483 on:
2009 December 11, 23:58:25 »
No worries, i'm still here
Like Pescado guessed i've been busy with other things.
Quote from: Pescado on 2009 December 10, 19:41:36
Quote from: johan on 2009 December 10, 18:12:19
I agree that it's most likely some individual(s) from within the community that is behind it but i wouldn't so easily jump to the conclusion that it necessarily has to be TSR though.
It could for example be someone from your side of the fence that likes to stir up shit and see what happens or just for giving TSR an even worse reputation.
If this is the case it has been working pretty well so far.
That could be a plausible theory, IF the hacking had been attained with independent information. However, the flaw in this argument is that to acquire the information necessary to carry out the hack, one would have to be a TSR DB admin. That means this individual is one of yours, not one of ours. Believe me, if I had a TSR DB admin, I wouldn't be squandering it on anything as utterly puerile as false-flag defacement.
To begin with i would like to clarify that the only ones with access to the database are the founders and one paid staff member, six individuals including me, three of them i meet daily. I've known all them for at least ten years, some my whole life. I would say that i know them well enough to rule out the possibility that one of them would have performed the hacking or that they would have provided information that made it possible for someone else to do it.
Every one of them are intelligent enough to realize how utterly stupid it would be to do such things.
Since you don't know them i can understand why you think this is a possibility but from where i stand it's simply not a possibility.
Now i'm not really sure what hacking incident we're talking about here so i'm going to assume it's either buggybooz, the petition or both.
If we start with the petition, what i know about that is what i've read here, there are some flaws in your reasoning:
* Obvious one, bluesoup did not use the same password for the petition as on TSR
Quote from: johan on 2009 December 10, 18:12:19
We can't completely rule out that information somehow was leaked from our database, either intentionally by someone on staff or by some security leak in our system.
A computer security leak on your system would require that someone have the technical skills needed to independently find and exploit it. To independently find and exploit such a vulnerability would involve skills on par with some of the best in the community. For this individual to be sufficiently motivated to want to smear TSR, so unknown as to not be one of us already, and so stupid and short-sighted as to squander such an advantage on false-flag defacement would be extremely implausible. If it is a figure OUTSIDE the community, then they would simply not CARE about attempting a false flag defacement using your database's information, and would simply have vandalized your site, and run home to brag about it to his friends. Given this understanding of how hackers operate, it is clear and obvious that whoever is doing this is one of your staff, one of your staff with database access. If it is not you and you do not know who it is, then TSR has some real problems internally.
Quote from: johan on 2009 December 10, 18:12:19
Since i personally know everyone with access to the database (and we are very few) that option is not a compelling explanation to me, i truly do not believe it is the case.
I have every reason to believe that it is likely the case that the person with the database access did not personally carry out the hackings. However, it is manifestly clear that this person clearly released this information to people who he knew WOULD. This seperation between knowledge and use also fits the pattern of destruction, as the information used was not employed skillfully, and effectively squandered any advantage that your side could have gained through its use. Basically, one of you felt that TSR could avoid responsibility for it by releasing the information to a rogue operator. From a legalist standpoint, this is almost certainly true, as enough plausible deniability can be created by such a scenario to rule out any real possibility of legal conviction, but that is not sufficient to convince ME. I know how the game works, and I see what you did there.
Quote from: johan on 2009 December 10, 18:12:19
I also don't see the motive for doing so.
What could we possibly have to gain from having some other site in the community hacked?
Before some pirate throws in a standard reply about how evil and immoral TSR is please think just a little bit further.
All continued hackings after the first one we got the blame for would only add to our "guilt" and for what? Just for the fun of messing with someone?
Motive? Well, from a logical, calculating perspective, this was an utterly stupid, bone-headed move. If you were going to misuse private information to hack sites, such an act effectively squandered any possible advantage you could have gained through its long-term use. So you are right, the motive for this does not make any logical sense and TSR has absolutely nothing whatsoever to gain from such an act. This is why you disbelieve it.
However, you disregard the element of simple stupidity. The fact of the matter is, most people are NOT calculating and saavy hackers and veteran netwarriors, and this likely holds true for most of your staff. Someone on your staff acted out of a desire for simple, petty vengeance against something that pissed them off. They ignored what would have been logical in favor of acting irrationally. Is this hard to believe? TSR staffers are not chosen because they are robot-like beings stripped of most emotional impulses. Such people do not make good artists and do not relate well to the type of community you keep.
Quote from: johan on 2009 December 10, 18:12:19
The other option, that we had a security leak, is to me no more attractive than the first option however it would be more likely.
Well, a security leak, or someone is violating your stated policy. There is every reason to believe your security fault lies in the wetware rather than the software.
Quote from: johan on 2009 December 10, 18:12:19
Although i agree that an old school Wizard wouldn't do stupid shit like this the situation nowadays are a bit different.
You have probably just like me seen what happens to a server once you connect it to the Internet, it doesn't take very long before signs of port scans and other probes start showing up in your logs.
For the most part probably not real hackers in the proper meaning of the word but rather 12's hanging on various l33t sites are running scanners (that they didn't write themselves) to find known exploits in various systems.
Not only vulnerabilities at the web application level (SQL injections for example, which can work on all kind of web applications if you're not careful with checking POST/GET variables used in queries) but also on the operating system and services levels. Once you find one, inject a suitable pre-made rootkit and there you go. Or if you find a way to inject SQL get a list of logins or add yourself as an admin. You're in without necessarily having to know very much, you just need some time, persistence and access the right tools.
I've seen it happen
I'm familiar this: But there's one key thing that differentiates such attackers, which are very common and have hit sites, but the ATTACK PROFILE is different. 12 year old l33t h4xx0r d00dz don't steal account information from databases and then strike back at people who have expressed anti-TSR sentiments. 12s will just vandalize your site, wipe your database, and run off to brag to their friends about it. Happens all the time, even in this community. Sometimes people blame TSR for that, but I always have rejected such claims, as the attack profile does not match that of a targeted move.
Quote from: johan on 2009 December 10, 18:12:19
There were some weird things going on around the time of the buggybooz incident that we didn't manage to find adequate explanations for and because of that we took measures to improve security on our servers and applications.
We also changed the database to use encrypted passwords some time after that.
That seems to be the "official explanation", but I don't really buy that. While the database may NOW be using hashed passwords, this is a bit like closing the barn door after the horses have left.
Quote from: johan on 2009 December 10, 18:12:19
Perhaps it's even more likely that something like this is what happened to the other community sites, with the right tools you don't have to be a wizard in order to get access to a system.
I would imagine cheap shared servers are not always up to date and properly protected from such attacks. Even if they are at the operating system the forum software might be open for attacks, for example.
Again, I know all this. However, remember, the attack profile. People who scan and nuke do so with automated scripts aiming for quantity, not quality. This is common netwar material and I basically disregard this as having any association with any community-relevant motive. Happens all the time, like you said. Every admin knows that. But this? This is different. This is a leveraged attack. Someone harvested SPECIFIC information, and then spent a lot of time looking for a SPECIFIC place to employ it to commit an act that shows every sign of being politically motivated. While not quite in the realm of wizardry, a targeted, politically motivated attack, using information gleaned from an undisclosed security flaw, is still highly skilled. For someone to do such an act, he would have to be on the skill level of someone like myself or Delphy. Such figures are not exactly COMMON in this community. So to claim that THIS is what happened is effectively to accuse either a known member of the community, or to postulate the existence of some unknown, yet powerful, dark horse coder with strong political motivations for one side (either to hack in the name of TSR, or to defame TSR by conducting a false flag attack). And that? That is on the verge of tinfoil hat territory.
Quote from: johan on 2009 December 10, 18:12:19
So although i can see the logic behind your arguments i think you over simplify things just a little too much, intentional or not.
I don't simplify things too much at all. I consider all the angles, and I discard that which simply doesn't fit. The result seems like a simple Reader's Digest, but honestly, to explain it to people in this community, it sort of has to be. In short, the only explanation that FITS is that an agent is operating with the assistance of a database administrator. It is, in all likelyhood, NOT the database administrator himself, because such a smoking gun would render you open to criminal charges and would certainly destroy TSR's reputation utterly, as there would be no doubters if you could meet the level of proof needed to convince Delphy, who is a good programmer with a solid understanding of web programming, but not a netwarrior.
So, obviously, we're dealing with agent-by-proxy here. Someone released the information to an agent, perhaps on request, or simply knowing what they would do with it. You're certain NO ONE would EVER do that? That is a very strong assertion to make. Not even one I would make of my own staff, which is why I do not hand out database access. If you, personally, would never consider such an act, as, frankly, even if you were of malicious intent, from a technical standpoint, it is a really STUPID thing to do, and you seem like you have a decent understanding of technical things, are all of your database administrators techs? I doubt that.
[/quote]
Logged
I am the main Dish of the Day. May I interest you in parts of my body?
Pescado
Pirate King
Posts: 2095
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2484 on:
2009 December 12, 00:22:40 »
Quote from: johan on 2009 December 11, 23:58:25
To begin with i would like to clarify that the only ones with access to the database are the founders and one paid staff member, six individuals including me, three of them i meet daily. I've known all them for at least ten years, some my whole life. I would say that i know them well enough to rule out the possibility that one of them would have performed the hacking or that they would have provided information that made it possible for someone else to do it.
You know the saying: A little trust goes a long way. The less you use, the further you go. You place a lot of faith in your perfect understanding of these people and their motives. Is this realistic, I ask? History is full of betrayals by those closest to the betrayed, and it doesn't take nearly as much underhandedness to disregard an inconvenient policy as it does to outright stab someone in the back. People cut corners all the time. Everyone does it. And there is a saying: Three can keep a secret, if two of them are dead.
Quote from: johan on 2009 December 11, 23:58:25
Every one of them are intelligent enough to realize how utterly stupid it would be to do such things.
You seem to have extreme faith in the ability of those you know to behave rationally at all times. Is this REALLY consistent with your known observations? While you believe that every one of them is intelligent enough to realize that this is stupid, you're also a technician. Are you sure you haven't overestimated the capacity of the lesser mortals for rationality and intelligence? It's an easy misunderstanding to have. Technicians are people that are intrinsically smarter and more rational than the common man. That's why we do what we do. It's easy to forget that others are not like us, though. The fact of the matter is, TSR is not a site of technicians, and artists are simply not as rational as we are. What you believe may be an irrational move that has absolutely no gain for you may not mesh with the assessment of an irrational artist lashing out in response to a perceived insult. You know how they are. If it weren't for the fact that they wouldn't be useful that way, they should all be drugged and sedated.
Quote from: johan on 2009 December 11, 23:58:25
Now i'm not really sure what hacking incident we're talking about here so i'm going to assume it's either buggybooz, the petition or both.
If we start with the petition, what i know about that is what i've read here, there are some flaws in your reasoning:
* Obvious one, bluesoup did not use the same password for the petition as on TSR
If you're referring to the "obvious" BlueSoup accounts, perhaps. Not necessarily true of several possible throwaway accounts. In any case, precisely HOW the petition was hacked is largely in the realm of speculation, as any real evidence has long since been lost to time. This is immaterial to the fact that agents of TSR are now in possession of this information. There is a mathematical law that if a continuous function connects that has values of A and C at specific times, then at some time between those times, it has passed through B, an intermediate value between A and C.
The bottom line: We are not attempting to prove that any particular singular actor within TSR did anything. In fact, we have every reason to believe most of the shadier actions were performed by agents that can be easily disavowed. That's sort of the point. I know how the game is played, and I know when how to spot clumsy play.
Your post did not continue on to address other incidents. The aforementioned Buggybooz incident was not addressed, but again, if you say that there are only 6 who have the DB access, unless you are postulating targeted penetration by a semi-wizard, one of these MUST have been complicit. There were others, too: Others have had sites attacked by this vector. While it is possible you have indeed sealed the problem and it won't happen again, it is clear that this *HAS* happened, and in the cosmological view, anything that DOES happen, HAS happened, and will happen again.
Logged
Give a man a fire, and you warm him for a day. Set a man on fire, and he will be warm for the rest of his life.
Pottymouth
Paden
ARR!
Posts: 4822
Great Cat of no mercy.
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2485 on:
2009 December 12, 01:05:46 »
Quote from: johan on 2009 December 11, 23:58:25
usual brain vomit and bullshit designed to confuse, along with smoke and mirrors with a tiny bit of a sleep aid to make all of you bored enough to hopefully fall asleep and get off of my ass
Honestly, why do you continue to come here and beat the dead horse? *shakes head* What a way to start the weekend.
Logged
The tea is not fit to drink; it's been stewed and is old.
Pescado
Pirate King
Posts: 2095
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2486 on:
2009 December 12, 01:33:40 »
My guess is that he's genuinely convinced that he hasn't done anything wrong, and that no one he knows would, either, probably based on the idea that he wouldn't. It's easy to believe that, but the truth is that other people are evil. It's their nature. If they were truly good, they would be you!
Logged
Give a man a fire, and you warm him for a day. Set a man on fire, and he will be warm for the rest of his life.
johan
ARR!
Posts: 58
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2487 on:
2009 December 12, 01:36:19 »
Oops, i think i managed to submit my reply when it wasn't finished.
Here is the full reply, please disregard my previous post.
No worries, i'm still here
Like Pescado guessed i've been busy with other things.
To begin with i would like to clarify that the only ones with access to the database are the founders and one paid staff member, six individuals including me, three of them i meet daily. I've known all them for at least ten years, some my whole life. I would say that i know them well enough to rule out the possibility that one of them would have performed the hacking or that they would have provided information that made it possible for someone else to do it.
Every one of them are intelligent enough to realize how utterly stupid it would be to do such things.
Since you don't know them i can understand why you think this is a possibility but from where i stand it's simply not.
Now i'm not really sure what hacking incident we're talking about here so i'm going to assume it's either buggybooz, the petition or both.
If it is only theese two then i don't see a consistent pattern.
If we start with the petition, what i know about that is what i've read here, an obvious flaw in your logic behind it must be a TSR db admin is that bluesoup did not use the same password for the petition as on TSR.
Ignore that for a second and imagine that we got our hands on the petition, why on earth would we hand it over to Atwa (as was claimed by coconut)? I can't think of a motive for us wanting it in the first place but if we somehow got it i can't think of any better way of revealing ourselves than to start distributing it, it just doesn't make any sense.
As for buggybooz, and this is taken from memory and from going through my correspondance with delphy, it was indeed established that she had used the same password on MTS and TSR (a very peculiar one, at least for use on MTS).
So in this case it can theoretically have come from our database. I don't know if the same password was used on other sites as well.
Whoever was behind this must have known what username buggybooz had on TSR and that was not well known in the community. Her account on TSR was logged in to by someone with exactly the same user agent string (which were not a very common one, i compared it to other logins in our login history and it was fairly unique) and an IP that was the same or was in the same range as was used on s2c (Hide my IP), slightly after the hacking took place on MTS.
That same signature also:
* logged in as "hamilton" on MTS (that's Thomas account on there)
* logged in as "sherriesim" on MTS, both with Hide my IP and unproxied IP's
* logged in as "leftywillnot" on TSR
* logged in to a bunch of FA accounts and removed a lot of files
Around this time Atwa informed us that her webmail account had been logged in to for quite some time by someone else. In the list of IP's she got from the service provider we were able to match them to someone's unproxied IP, someone who was linked with the hacking. Unfortunately we didn't get the user agent from that list but i have a very strong suspicion that it would have matched the hackers signature.
What the hacker did using buggyz account on MTS is also very strange, some pro-paysite propaganda was posted. I find it more likely that it was intentionally done to point fingers at TSR than any other explanation for it, there has to be some bounderies for what level of stupidity you can think is probable.
My conclusion from all of this is that it was likely someone in the anti-TSR camp behind the buggy incident.
I don't have all the answers but there's enough things pointing in the same direction to convince ME.
I have to cut here because i really need to go to bed now...
Logged
I am the main Dish of the Day. May I interest you in parts of my body?
Pescado
Pirate King
Posts: 2095
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2488 on:
2009 December 12, 01:57:45 »
Quote from: johan on 2009 December 12, 01:36:19
Around this time Atwa informed us that her webmail account had been logged in to for quite some time by someone else. In the list of IP's she got from the service provider we were able to match them to someone's unproxied IP, someone who was linked with the hacking. Unfortunately we didn't get the user agent from that list but i have a very strong suspicion that it would have matched the hackers signature.
Now, you'll understand if over here, we don't consider any claim by Atwa to be credible. Atwa has repeatedly proven to be dishonest and underhanded...even within YOUR circles. Do you really believe any claims she makes? It is not just us that considers her to be dishonest...she is dishonest on your site as well, and has repeatedly been sacked for it.
Quote from: johan on 2009 December 12, 01:36:19
What the hacker did using buggyz account on MTS is also very strange, some pro-paysite propaganda was posted. I find it more likely that it was intentionally done to point fingers at TSR than any other explanation for it, there has to be some bounderies for what level of stupidity you can think is probable.
I have an alternate hypothesis: That the Buggybooz incident does not specifically represent an act perpetuated for the gain of TSR as a whole, or is even specifically related to the paysite/anti-paysite movement, but is actually an extension of a TSR internal political struggle, likely centering in some way around Atwa. Under this hypothesis, an objective need not fulfill the rational interests of TSR in order to be carried out, it merely needs to fill the perceived interests of a specific actor within TSR. I postulate this because, frankly, I find the idea that that antipaysite activitist is specifically targeting TSR using information that can ONLY have come from high-level TSR administration, to be preposterous. If we *HAD* such an operative, I would be putting them to far better use than false flag operations against other antipaysite and even essentially neutral actors. Similarly, you point out that these actions do not in any way benefit TSR. On the other hand, what if they happen to benefit some specific faction within TSR, and therefore, this is all part of an internal power struggle? You point out that you have no less than 6 people who have this access. Is it possible that one or more of them is being manipulated as part of a power play by one of TSR's artist factions, which we all know exists? I find this explanation to be extremely likely, whereas it is very UNLIKELY that it comes from anything on the antipaysite side of the fence, which has no such power plays, as we do not offer any power, privileges, or authority to anyone.
Logged
Give a man a fire, and you warm him for a day. Set a man on fire, and he will be warm for the rest of his life.
SnarkyShark
ARR!
Posts: 1584
Re: TSR: In Ur Accounts, Deletin Ur Stuffs!
«
Reply #2489 on:
2009 December 12, 03:26:21 »
Quote from: TSR
To begin with i would like to clarify that the only ones with access to the database are the founders and one paid staff member, six individuals including me, three of them i meet daily. I've known all them for at least ten years, some my whole life. I would say that i know them well enough to rule out the possibility that one of them would have performed the hacking or that they would have provided information that made it possible for someone else to do it.
Every one of them are intelligent enough to realize how utterly stupid it would be to do such things.
-
These are the same people who've only recently thought it might be a good idea to begin encrypting passwords. These are also the same people who thought it an acceptable practice to share the personal information of certain TSR members with their mods and featured artists (people they do not feel it necessary to run background checks on) without ever considering the consequences, or even the likelihood of a backlash.
Yeah, an
exceptionally
bright bunch over there.
Logged
Pages:
1
...
164
165
[
166
]
167
168
...
185
« previous
next »
Jump to:
Please select a destination:
-----------------------------
The Pirate Ship
-----------------------------
=> Avast!
=> ARR!
Loading...