Computermix, Ipquarx, and Cca - CBM being hacked into to steal keys [chat+pics]

[Ipquarx]

ITT: "People who use dedicated hosting services which are graciously provided to them for free are idiots!"

Encryption doesn't mean anything, if it's there, it can be cracked open and taken.

Might as well delete your keydat from your own personal computer, because if it gets stolen ITS YOUR FAULT!!

[Ad Bot]

[Acerblock]

I've lost several accounts to "hacking" and "phishing", don't even tell me I'm exempt from discussion.

Encryption doesn't mean anything, if it's there, it can be cracked open and taken.

...Why are you blaming us then? We are basically victims of hacking. I honestly don't see how you aren't supporting us, as you can relate to what happened to our keys.

[Blockzillahead]

The keys were encrypted oh my god, it's not like we left them out in the open. This is literally the same thing if someone gets into your computer, swipes your key.dat and decrypts it. All that's different is that it's in a different place.

encrypted in what? did you wrap it up in a Christmas wrapper or something that it was this easy to retrieve? there was no encryption

[Kochieboy]

ITT: "People who use dedicated hosting services which are graciously provided to them for free are idiots!"
Might as well delete your keydat from your own personal computer, because if it gets stolen ITS YOUR FAULT!!

I guess you want everything to be perfect and foolproof. You might as well not even use an internet connection, it's the best protection against hacking.

When you connect to the internet and utilize resources, you're fair game to anything. Quit acting like the internet is supposed to be safer and more guarded like fort knox.

[Acerblock]

encrypted in what? did you wrap it up in a Christmas wrapper or something that it was this easy to retrieve? there was no encryption

I'm talking about the key.dat file which is where your key is right now.

I guess you want everything to be perfect and foolproof. You might as well not even use an internet connection, it's the best protection against hacking.

When you connect to the internet and utilize resources, you're fair game to anything. Quit acting like the internet is supposed to be safer and more guarded like fort knox.

What you were saying about networking, this seems to be your own attitude. By your definition, anyone's key is at risk right now because oh my gosh, could it be? We're on the INTERNET! *gasp*

[Kochieboy]

What you were saying about networking, this seems to be your own attitude. By your definition, anyone's key is at risk right now because oh my gosh, could it be? We're on the INTERNET! *gasp*

Yes we are, my files as we speak can be compromised at any time. Must I make a tutorial on how networking works for you?

[Ipquarx]

Yes we are, my files as we speak can be compromised at any time. Must I make a tutorial on how networking works for you?

You act like hacking is so easy. It isn't. The software you're running has to be vulnerable. Let me tell you, it's 100% possible to not have any vulnerabilities.

[Kochieboy]

You act like hacking is so easy. It isn't. The software you're running has to be vulnerable. Let me tell you, it's 100% possible to not have any vulnerabilities.

False, there can always be a hole.

This is an absolute truth in all computing studies.

[Ipquarx]

False, there can always be a hole.

can

CAN. keyword CAN. That doesn't mean there ALWAYS IS.

[Blockzillahead]

I'm talking about the key.dat file which is where your key is right now.

yeah... and? that's not good enough. that's like storing the keys in plain text. a method to decrypt the .dat file already surfaced and spread. if the key.dat is stored on their network, what you need to do is encrypt the whole file into something else again. something atrociously convoluted so no one can just take the file and brute it. don't ask me how, ask the guys who are running these services. I expect them to keep my information safe and to at least have some knowledge on this before running a delicate service like this where PROPER ENCRYPTION IS MANDATORY. but wait they wont because they don't know how to and I don't blame them, things like this need to be managed by actual professionals who are experts in networking. so on top of that we can add amateur to the list too.

bottom line; don't use free services and you wont have problems

[chubaka452]

Might as well delete your keydat from your own personal computer, because if it gets stolen ITS YOUR FAULT!!

It is your fault for having malware and trojans

[badguy098]

Look.This is probably a Stupid troll...Thats probably our offline keys and not our online ekys

[Kochieboy]

CAN. keyword CAN. That doesn't mean there ALWAYS IS.

Everyone thought that anything at some point couldn't be exploited at some point. There will always be an exploit oiut there, while maybe not know, it can be abused.

Any computer science professor or computer tech teacher would tell you this.

Quit acting like it can't happen, because it can.

[$trinick]

A key.dat file, by itself, is useless to 'hackers.' Only when you have a second key.dat file generated on the same computer with a key you know can you extract the key from the first key.dat. I explained the process here.

The issue is that CBMHost is not a secure or professional hosting service. Any legitimate hosting service would use FTP jailing AND access restrictions to prevent users from accessing other users' key.dat files. They'd also (hopefully) use secure passwords on administrator accounts. None of the people involved in this are known for RATing, so I highly doubt that a keylogger or other tool of its kind was used to break in. It was negligence on behalf of CBMHost that left some kind of access violation open for exploitation.

[Ipquarx]

Everyone thought that anything at some point couldn't be exploited at some point. There will always be an exploit oiut there, while maybe not know, it can be abused.

Any computer science professor or computer tech teacher would tell you this.

Quit acting like it can't happen, because it can.

You're claiming that every piece of code ever written can be exploited (Within a reasonable amount of time) to the point of being 100% insecure.

You see, that's incorrect because if you write code that has no bugs in it whatsoever, then it cannot be exploited. And guess what? That's 100% possible.