www.gmindo.web.id/forum
Forum ini sudah tidak dipakai lagi. Silakan ke forum baru di www.gmindo.web.id/forum Very Happy

Terima kasih

GMC Forum Hacked?

Topik sebelumnya Topik selanjutnya Go down

GMC Forum Hacked?

Post by Pinneaple Studios on Sun 28 Apr 2013, 18:43

Exclusive: Interview With The GameMaker Community Hacker



Just over a month ago, Game Maker Blog reported that the popular GameMaker Community forums had been hacked. YoYo Games,
the company who own the GameMaker program and operate the board,
estimated that between 5000-8000 user accounts had been compromised by a
password logging script.

They were wrong.

Game Maker Blog has hosted an exclusive interview with the hacker who
stole the credentials and passwords of over 200,000 community members.

Prior to starting the interview, it was vital that the individual
proved that he was who he claimed to be. Appropriate proof was provided,
and we are very confident that the information provided is accurate.
Minor changes to phrasing have been made to improve readability and
clarify context.

Continue reading for our full interview with the GameMaker Community forum hacker.







Thank you for contacting Game Maker Blog. Why did you decide to write to us, and what do you hope to achieve by doing so?
“I saw the official forum topic about the hack and cringed at the amount of misinformation that was present, and especially the attitude of prominent community member NakedPaulToast. Since the topic is now locked, this seemed like the easiest way to convey the truth.”

Details on how the hack was achieved are scarce. How did you gain access to the login script on the forum server?

“Basically, one of the forum administrators used the same password on
his own site which I hacked, so I retrieved the password and logged
into his account on the GameMaker Community forums. Escalating from that
to system level access is rather trivial.”

Were you able to access the database?

“The login script itself has to have access to the database, so why
would it be safe? The web server executes PHP code which needs user
credentials to connect to the MySQL database. Thus the web server has
‘direct’ access to the database.

In the forum topic NakedPaulToast seemed to convey
that being able to modify a login script does not mean the database
was/can be compromised. It can and was compromised. I downloaded the
entire database.

In addition, I modified the forum’s login script to store plaintext
passwords in the now-famous ‘log.txt’ file. I also changed the forum’s
code to force everyone who’s password wasn’t recorded in ‘log.txt’ to
logout and log back in.”

How many plaintext passwords did you gain access to in total?

“211,016 users and their hashed passwords were compromised, and of
those passwords 96.8% have been cracked so far in addition to the 2163
unique plaintext passwords which were recorded by the login script.

The forum software, IP.Board, uses the md5(md5($salt).md5($pass))
algorithm, which is basically a triple MD5 hash with unique randomized
salts. With a GPU you can achieve 3 billion tries per second easily.
Most of the passwords were cracked using dictionaries and mutations.”

Which administrator had their site compromised originally, and which site was it?

Trollsplatterer. His site www.trollsplatterer.be
was in his profile and thus lead me to compromise it and retrieve his
password. The site was compromised through a simple SQL injection.”

What do you plan to do with the acquired data?

“I’ve so far sold the data to a friend to be used to compromise Runescape
accounts and sell the gold on them for good money (according to him).
Personally I’ve used it to gain access to the email accounts of a few
individuals.

Because of the relations of GameMaker creator Mark Overmars,
the board actually contains quite a few high profile users. These are
ideal to have in your database bank to compromise other sites.”

Are you a GameMaker user yourself?

“Yes, and I have been for a multitude of years. Ever since I took up
hacking years ago I’ve been wanting to hack the GameMaker Community
forums just for the fun of it. Hacking websites you visit is the
nectarine of life and unimaginably fun and exciting.”

How would you sum up the way in which YoYo Games handled the situation?

“They downplayed the situation or are even more incompetent than I thought.

First of all, no other announcement than the topic on the forum was
made. Second, they could’ve easily determined how long the script had
been running by looking at the modified files and especially the
creation date of ‘log.txt’. Third, they have done nothing else than
reset admin passwords and upgrade the forum software to prevent this
from happening again.

The incompetence of the GameMaker Community forum administrators led to their security downfall.

Security audits anyone?”



Game Maker Blog
was criticized by both community members and YoYo Games staff for
suggesting that the forum hack may have affected all 200,000+ members of
the board, with YoYo Games employee and shareholder Mike Dailly quoted as saying
“the post on GMB was vastly over-exaggerated” and “sensationalized”,
further claiming that the compromised data was “virtually useless”.

Given that YoYo Games were getting ready to attend GDC 2013
just as news of the hack came to light, it seems very likely that they
did indeed downplay this massive security violation. As the issue was
not addressed thoroughly, thousands upon thousands of users are
currently not aware that their username, email address, and plaintext
password have been compromised.

Community members expressed concerns on the matter: “I think consumers knowing if their data is secure is more important than the GDC…”

At the very least, YoYo Games should send an email to their mailing
list subscribers to alert them to the breach. The user-base should be
given complete and utter priority, and it certainly seems like we
haven’t been.

Click here to contact YoYo Games »
Spoiler:
Maaf Kalo Udah Kadaluarsa, Just Share Bagi Yg Belom Tahu
avatar
Pinneaple Studios
GM Intermediate
GM Intermediate

100%
Jumlah posting : 839
Points : 980
Join date : 06.01.13
Age : 15
Lokasi : Depok :D

Lihat profil user

Kembali Ke Atas Go down

Re: GMC Forum Hacked?

Post by Kevin Blaze Coolerz on Sun 28 Apr 2013, 19:10

ak baru tau Pacman
cz udah jarang ke gmc Hammer

btw ini udah selsai kah masalah ny?
avatar
Kevin Blaze Coolerz
Admin
Admin

100%
Jumlah posting : 3323
Points : 3795
Join date : 06.01.13
Age : 22
Lokasi : Palembang

Lihat profil user http://kevin-blaze-coolerz.blogspot.com/

Kembali Ke Atas Go down

Re: GMC Forum Hacked?

Post by Asuna on Sun 28 Apr 2013, 20:09

aku juga jarang buka gmc, sandbox juga Hammer
avatar
Asuna
Global Moderator
Global Moderator

100%
Jumlah posting : 1711
Points : 1901
Join date : 10.01.13

Lihat profil user

Kembali Ke Atas Go down

Re: GMC Forum Hacked?

Post by zebrakelabu on Wed 01 May 2013, 15:42

gara2 post ini, yang punya GMB dicopot jabatannya sebagai global moderator
avatar
zebrakelabu
Admin
Admin

100%
Jumlah posting : 933
Points : 960
Join date : 06.01.13
Lokasi : Jakarta

Lihat profil user http://www.project25games.com

Kembali Ke Atas Go down

Re: GMC Forum Hacked?

Post by Pinneaple Studios on Wed 01 May 2013, 16:32

GMB apaan mas?
avatar
Pinneaple Studios
GM Intermediate
GM Intermediate

100%
Jumlah posting : 839
Points : 980
Join date : 06.01.13
Age : 15
Lokasi : Depok :D

Lihat profil user

Kembali Ke Atas Go down

Re: GMC Forum Hacked?

Post by Asuna on Wed 01 May 2013, 17:34

GMB?
Game Master aBal-abal?
avatar
Asuna
Global Moderator
Global Moderator

100%
Jumlah posting : 1711
Points : 1901
Join date : 10.01.13

Lihat profil user

Kembali Ke Atas Go down

Re: GMC Forum Hacked?

Post by zebrakelabu on Fri 03 May 2013, 11:54

people please!

GMB= Game Maker Blog
avatar
zebrakelabu
Admin
Admin

100%
Jumlah posting : 933
Points : 960
Join date : 06.01.13
Lokasi : Jakarta

Lihat profil user http://www.project25games.com

Kembali Ke Atas Go down

Re: GMC Forum Hacked?

Post by Pinneaple Studios on Fri 03 May 2013, 12:48

Kesihan....
Lah kok di copot?
avatar
Pinneaple Studios
GM Intermediate
GM Intermediate

100%
Jumlah posting : 839
Points : 980
Join date : 06.01.13
Age : 15
Lokasi : Depok :D

Lihat profil user

Kembali Ke Atas Go down

Re: GMC Forum Hacked?

Post by zebrakelabu on Fri 03 May 2013, 14:55

katanya sih karena menyalahgunakan jabatannya sebagai moderator untuk beriklan demi kepentingan dia. ga tau bener ato ngga
avatar
zebrakelabu
Admin
Admin

100%
Jumlah posting : 933
Points : 960
Join date : 06.01.13
Lokasi : Jakarta

Lihat profil user http://www.project25games.com

Kembali Ke Atas Go down

Re: GMC Forum Hacked?

Post by Asuna on Fri 03 May 2013, 15:54

what the hell?? why can a staff do such a criminal action?
atau karena akunnya udah di-hijacked deh Curiga

sekalian aja akunnya diban/situsnya diblokir dan pelakunya dipidana plus denda Razz
avatar
Asuna
Global Moderator
Global Moderator

100%
Jumlah posting : 1711
Points : 1901
Join date : 10.01.13

Lihat profil user

Kembali Ke Atas Go down

Re: GMC Forum Hacked?

Post by Sponsored content


Sponsored content


Kembali Ke Atas Go down

Topik sebelumnya Topik selanjutnya Kembali Ke Atas

- Similar topics

 
Permissions in this forum:
Anda tidak dapat menjawab topik