Author Topic: Computermix, Ipquarx, and Cca - CBM being hacked into to steal keys [chat+pics] (Read 51209 times)

Boost · November 02, 2014, 01:57:30 AM

ah stuff

Ad Bot · Advertisement

Maxxi · November 02, 2014, 01:58:58 AM

Quote from: Cowboy6 on November 02, 2014, 01:57:03 AM

Sorry, I meant full keys.

Heres the twist cowboy, he could be lying.
MOR is always so full of stuff, why would he just list out his plans on what he did to you out of all people?
And that seems really sinister aswell, if he told you that he only got the "partial keys", then how do you believe him? He could be loving lying.
He is always so full of stuff.

Dreams_Of_Cheese · November 02, 2014, 01:59:53 AM

Quote from: Maxxi on November 02, 2014, 01:51:43 AM

He ddos'd people continously on the forums through wireshark and steam calls.
I do know that he is really really loving fishy because I was involved in several cases with him and Gatysh, I used to be in calls and we'd investigate.

well, yeah i remember that
i want to know if he was ever even a part of the community

Maxxi · November 02, 2014, 01:00:11 AM

Quote from: Dreams_Of_Cheese on November 02, 2014, 01:59:53 AM

well, yeah i remember that
i want to know if he was ever even a part of the community

I don't remember him being a part of the community.

Maxxi · November 02, 2014, 01:02:18 AM

Quote from: Maxxi on November 02, 2014, 01:58:58 AM

Heres the twist cowboy, he could be lying.
MOR is always so full of stuff, why would he just list out his plans on what he did to you out of all people?
And that seems really sinister aswell, if he told you that he only got the "partial keys", then how do you believe him? He could be loving lying.
He is always so full of stuff.

>noedit: even if he wasn't lying, he would find another way anyway.
he is literally persistent to the point of obsession.
He wants to ruin this game.
he wants to ruin everything about this game.
He will not stop until he gets what he wants.

--LegoPepper-- · November 02, 2014, 01:02:28 AM

okay. there's more than one party that contributes to the scenario here.

i signed up for cbm. i put my key out there, i knew the risk and i took it. this creates the foundation of the problem because my key could now be used for unintended purposes if compromised. therefore, in the long run, i would be responsible if, say, someone spammed research all over the forums or went around in a dirty client crashing servers all because of my key. as a player, it is my responsibility to maintain the security of my key, and i failed.

some guy thought 'hey, im gonna hack into cbm and see if i can get all these keys.' because of this, our keys are now even more risk. they didn't need to be, someone didn't have to do this. said individual contributes to the risk.

alongside the guy was, well, "the press." everyone behind the publication of this information. if this didn't happen, the problem may have well been covered up. the guy who got our keys would just have them and may not use them for anything wrong. if the guy who stole the keys was going to use them mischievously then yeah there would still be a problem, but the fact that this was made public doesn't help. it feeds the problem. it's quite possible that if nobody publicized this information, there might never be the risk of deactivation.
yes, there would be deactivation if a problem occurred, but because the information is now out in the public it is quite possible that the keys would be deactivated without there ever being a problem.

as i said before, every party contributes. ultimately the scenario wouldn't occur if users kept their keys.

Maxxi · November 02, 2014, 01:12:34 AM

Did we just get ddos'd?

Quote from: --LegoPepper-- on November 02, 2014, 01:02:28 AM

okay. there's more than one party that contributes to the scenario here.

i signed up for cbm. i put my key out there, i knew the risk and i took it. this creates the foundation of the problem because my key could now be used for unintended purposes if compromised. therefore, in the long run, i would be responsible if, say, someone spammed research all over the forums or went around in a dirty client crashing servers all because of my key. as a player, it is my responsibility to maintain the security of my key, and i failed.

some guy thought 'hey, im gonna hack into cbm and see if i can get all these keys.' because of this, our keys are now even more risk. they didn't need to be, someone didn't have to do this. said individual contributes to the risk.

alongside the guy was, well, "the press." everyone behind the publication of this information. if this didn't happen, the problem may have well been covered up. the guy who got our keys would just have them and may not use them for anything wrong. if the guy who stole the keys was going to use them mischievously then yeah there would still be a problem, but the fact that this was made public doesn't help. it feeds the problem. it's quite possible that if nobody publicized this information, there might never be the risk of deactivation.
yes, there would be deactivation if a problem occurred, but because the information is now out in the public it is quite possible that the keys would be deactivated without there ever being a problem.

as i said before, every party contributes. ultimately the scenario wouldn't occur if users kept their keys.

The only reason that this topic exists is the sheer amount of security risk it presents to this game.
Someone found a way to crack the Key.dat, just announcing that this is happening and that this is going down makes the game developer aware of the problem, If he revokes the keys in the image then he would simply probably either do the select options:
A. Give people new keys through email.
B. Tie the keys to their steam accounts
I know for a fact that Badspot wouldn't just revoke keys because some stuffstain grabbed them using some hacky method off a FTP server, the amount of major security risk that it presents to the game and the users of the game is simply erratic, if nobody knew about this he could've grabbed the whole loving database within the next few months, or even a year for times sake.
This had to be announced because as said before, the breach of security has already been found, Man of Reason will not stop until he has everyone's keys unless everyone is aware of the issue and can understand how big of a risk that they are taking not knowing about the problem.
This topic is meant to alarm the player, I didn't spend 7 days stuffting around doing nothing, I spent them finding evidence because I didn't want some stuffhead cracking everyone's keys.

gr8dayseth · November 02, 2014, 01:13:42 AM

was the forums down for like 5 minutes?

here we go again

Kishgal · November 02, 2014, 01:17:23 AM

the forums were down for a few minutes
#spooky #happening #theysaidiwascrazy

WaterOre · November 02, 2014, 01:18:26 AM

I can confirm the forums were down for about two minutes on my end.

This is some deep conspiracy stuff, it'll be extremely interesting to see what happens with this. I really hope the keys are not revoked, a ton of prominent community members are on that list.

Swat 3 · November 02, 2014, 01:18:36 AM

Quote from: --LegoPepper-- on November 02, 2014, 01:02:28 AM

okay. there's more than one party that contributes to the scenario here.

i signed up for cbm. i put my key out there, i knew the risk and i took it. this creates the foundation of the problem because my key could now be used for unintended purposes if compromised. therefore, in the long run, i would be responsible if, say, someone spammed research all over the forums or went around in a dirty client crashing servers all because of my key. as a player, it is my responsibility to maintain the security of my key, and i failed.

some guy thought 'hey, im gonna hack into cbm and see if i can get all these keys.' because of this, our keys are now even more risk. they didn't need to be, someone didn't have to do this. said individual contributes to the risk.

alongside the guy was, well, "the press." everyone behind the publication of this information. if this didn't happen, the problem may have well been covered up. the guy who got our keys would just have them and may not use them for anything wrong. if the guy who stole the keys was going to use them mischievously then yeah there would still be a problem, but the fact that this was made public doesn't help. it feeds the problem. it's quite possible that if nobody publicized this information, there might never be the risk of deactivation.
yes, there would be deactivation if a problem occurred, but because the information is now out in the public it is quite possible that the keys would be deactivated without there ever being a problem.

as i said before, every party contributes. ultimately the scenario wouldn't occur if users kept their keys.

They didn't have the raw keys. They cracked the key.dat, which EVERYONE has on their server.

Maxxi · November 02, 2014, 01:20:15 AM

Quote from: Badspot on November 02, 2014, 01:17:31 AM

I made a full database backup before applying an smf patch. Database is huge so it takes a few minutes.

We're fine.

Ceist · November 02, 2014, 01:22:58 AM

so who is MOR?

Rockinboy2000 · November 02, 2014, 01:23:56 AM

Quote from: Ceist on November 02, 2014, 01:22:58 AM

so who is MOR?

Man of Reason

guy who ddosed the forums last year/last winter

Ceist · November 02, 2014, 01:25:25 AM

Quote from: Rockinboy2000 on November 02, 2014, 01:23:56 AM

Man of Reason

guy who ddosed the forums last year/last winter

i know that, but i thought someone said they figured out who hes an alt of or somethin