Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Uber Hacked - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

Uber Hacked

2

Comments

  • Are the leaders of uber still toxic trash? If I was the hacker, I'd be worried that Travis fuck has already hired a hit team.

    Thanked by 1afn
  • afnafn Member

    @TimboJones said: Are the leaders of uber still toxic trash? If I was the hacker, I'd be worried that Travis fuck has already hired a hit team.

    Do they know where/who to hit tho? I am assuming the hacker won't be giving his address ...

  • @afn said:

    @TimboJones said: Are the leaders of uber still toxic trash? If I was the hacker, I'd be worried that Travis fuck has already hired a hit team.

    Do they know where/who to hit tho? I am assuming the hacker won't be giving his address ...

    What would happen if they used FastestVPN?

  • @Chuck said:

    @afn said:

    @TimboJones said: Are the leaders of uber still toxic trash? If I was the hacker, I'd be worried that Travis fuck has already hired a hit team.

    Do they know where/who to hit tho? I am assuming the hacker won't be giving his address ...

    What would happen if they used FastestVPN?

    Nah he used TotallylegitVPN

  • KrisKris Member
    edited September 17

    In these situations, I don't think about the shitbird CEOs, this 50-75m incident response is a drop in the budget.

    My heart is with the hundreds of security personnel and sysadmins (many like us) who will have stressful days and sleepless nights due to this. It's all been taken. Sneakers secrets, OneLogin, Confluence, Slack, quite literally everything. This also includes their HackerOne account that had open reports, which means exploits may ensue.

    It's going to be a month or two to rebuild everything, and I honestly commend them on somehow keeping the system online while investigating an incident response and cleaning up.

    Vote with your wallets, but I wish nothing like this upon anyone. Brings me back to flashes of Staminus. Just with more fail due to SSO and PAM management which allowed them to spread faster.

    People who maintain servers - think about Canary Tokens and juicy filenames. You can not only create docx, but pdf, AWS tokens, even secret DNS names you plant with CNAMES to notify you if breached.

    You may not have $$$$ for a SoC checking your files or crazy security, but if you place passwords.docx or ach_details.pdf / ssh_jump_server.txt (with the hostname CNAME'd to a canary token) , or stuff like ach_raises_2023.pdf on a share-drive, you might be able to stop something like this in its track.

    He used nmap and scanning tools. Had they had a honeypot, or even simple canary token via DNS CNAME / DNS, this could've been avoided.

    Free: https://canarytokens.org/generate

    Be safe out there.

  • This wasn't the first, and probably, not the last time.

    Thanked by 2afn Chuck
  • Negligible impact on stock price, because... yeah it's just a hack and it's weekned.

  • @vyas11 said: It is typical for "hacker" to use a Windows machine?

    I don't see why not, especially as this hacker is a young'n'. Probably games on the same machine and that is still not the smoothest of experiences on Linux. Most likely heavily uses Linux too though, via hosted resources, local VMs, WSL, ete., but with Windows as the desktop because it is needed for other reasons.

    I'm Linux everywhere server-side for personal stuff, but still have a Windows as the main OS on the laptop and home desktop.

  • Was all billing information compromised too?

  • @Kris said:
    In these situations, I don't think about the shitbird CEOs, this 50-75m incident response is a drop in the budget.

    My heart is with the hundreds of security personnel and sysadmins (many like us) who will have stressful days and sleepless nights due to this. It's all been taken. Sneakers secrets, OneLogin, Confluence, Slack, quite literally everything. This also includes their HackerOne account that had open reports, which means exploits may ensue.

    It's going to be a month or two to rebuild everything, and I honestly commend them on somehow keeping the system online while investigating an incident response and cleaning up.

    Vote with your wallets, but I wish nothing like this upon anyone. Brings me back to flashes of Staminus. Just with more fail due to SSO and PAM management which allowed them to spread faster.

    People who maintain servers - think about Canary Tokens and juicy filenames. You can not only create docx, but pdf, AWS tokens, even secret DNS names you plant with CNAMES to notify you if breached.

    You may not have $$$$ for a SoC checking your files or crazy security, but if you place passwords.docx or ach_details.pdf / ssh_jump_server.txt (with the hostname CNAME'd to a canary token) , or stuff like ach_raises_2023.pdf on a share-drive, you might be able to stop something like this in its track.

    He used nmap and scanning tools. Had they had a honeypot, or even simple canary token via DNS CNAME / DNS, this could've been avoided.

    Free: https://canarytokens.org/generate

    Be safe out there.

    Well, if there's a proper TAO hack, they'll just change the Canary hostname in the hosts file and it's defeated.

    Also, real world issue where valid reads are needed by real people (and their legit credentials get stolen) and then you're only watching fake files or dealing with false positives.

    Armchair security is fucking easy.

  • @vyas11 said: It is typical for "hacker" to use a Windows machine?

    Operating systems are just another tool. Does it really matter who uses what OS, as long as they get their job done? Windows has WSL now as well.

  • @Daniel15 said:

    @vyas11 said: It is typical for "hacker" to use a Windows machine?

    Operating systems are just another tool. Does it really matter who uses what OS, as long as they get their job done? Windows has WSL now as well.

    Indeed. I was talking in the context of the "Hacker Persona" shown in TV/movies, etc. Where typically Windows is not shown, however, some terminal based application is.

  • @vyas11 said:

    @Daniel15 said:

    @vyas11 said: It is typical for "hacker" to use a Windows machine?

    Operating systems are just another tool. Does it really matter who uses what OS, as long as they get their job done? Windows has WSL now as well.

    Indeed. I was talking in the context of the "Hacker Persona" shown in TV/movies, etc. Where typically Windows is not shown, however, some terminal based application is.

    You also have to make sure to wear a hoodie, in a dark room, with green text on a black background and giant progress bars that say "HACKING IN PROGRESS...". Otherwise it's not truly hacking.

  • such attacks usually done by people familiar with infrastructure, i.e. ex-employees.
    It will be too funny if its not. I mean if it's hacked by someone who have not been in Uber earlier.

    wow

  • @desperand said:
    such attacks usually done by people familiar with infrastructure, i.e. ex-employees.
    It will be too funny if its not. I mean if it's hacked by someone who have not been in Uber earlier.

    wow

    "We can now confirm that the attack was commited by a former Uber employee...
    ...an 18-year old driver from New Delhi..."

    :)

    Thanked by 1desperand
  • @default said:
    Was all billing information compromised too?

    Really desperate to know this. Need to cancel my cards if that's true.

  • @xetsys said:

    @default said:
    Was all billing information compromised too?

    Really desperate to know this. Need to cancel my cards if that's true.

    I already did as a precaution.

  • We have no evidence that the incident involved access to sensitive user data (like trip history).

    https://www.uber.com/newsroom/security-update/

    Weird that they only specify trip history and not user billing and accounts but I assume all user PII is on different infra. But who knows, the hacker had access to a lot

  • @Daniel15 said:

    @vyas11 said:

    @Daniel15 said:

    @vyas11 said: It is typical for "hacker" to use a Windows machine?

    Operating systems are just another tool. Does it really matter who uses what OS, as long as they get their job done? Windows has WSL now as well.

    Indeed. I was talking in the context of the "Hacker Persona" shown in TV/movies, etc. Where typically Windows is not shown, however, some terminal based application is.

    You also have to make sure to wear a hoodie, in a dark room, with green text on a black background and giant progress bars that say "HACKING IN PROGRESS...". Otherwise it's not truly hacking.

    Red Bull?

  • emgemg Member

    @Daniel15 said:

    You also have to make sure to wear a hoodie, in a dark room, with green text on a black background and giant progress bars that say "HACKING IN PROGRESS...". Otherwise it's not truly hacking.

    What make me laugh are those real time password cracking progress bars that look like spinning slot machine wheels. The display flickers with high speed random characters until the hacker's computer suddenly finds a password character. That character locks in place with a loud click sound. The remaining characters continue to flicker as the computer isolates them here and there until the entire password is revealed, yielding full control to the hacker. It does not work that way in real life.

  • I get a 404 error for this

  • TimboJonesTimboJones Member
    edited September 19

    @emg said:

    @Daniel15 said:

    You also have to make sure to wear a hoodie, in a dark room, with green text on a black background and giant progress bars that say "HACKING IN PROGRESS...". Otherwise it's not truly hacking.

    What make me laugh are those real time password cracking progress bars that look like spinning slot machine wheels. The display flickers with high speed random characters until the hacker's computer suddenly finds a password character. That character locks in place with a loud click sound. The remaining characters continue to flicker as the computer isolates them here and there until the entire password is revealed, yielding full control to the hacker. It does not work that way in real life.

    I don't know if anything beats the CSI where a hacker is breaching their firewall and there's TWO people just typing away on the same keyboard trying to stop it.

    Edit: lol, video title "Two Idiots, One Keyboard".

    Thanked by 1emg
  • Daniel15Daniel15 Member
    edited September 19

    @TimboJones said:

    @emg said:

    @Daniel15 said:

    You also have to make sure to wear a hoodie, in a dark room, with green text on a black background and giant progress bars that say "HACKING IN PROGRESS...". Otherwise it's not truly hacking.

    What make me laugh are those real time password cracking progress bars that look like spinning slot machine wheels. The display flickers with high speed random characters until the hacker's computer suddenly finds a password character. That character locks in place with a loud click sound. The remaining characters continue to flicker as the computer isolates them here and there until the entire password is revealed, yielding full control to the hacker. It does not work that way in real life.

    I don't know if anything beats the CSI where a hacker is breaching their firewall and there's TWO people just typing away on the same keyboard trying to stop it.

    Edit: lol, video title "Two Idiots, One Keyboard".

    Sometimes the technical people that the writers collaborate with do this intentionally just to troll people. The other people working on the show (director, actors, whoever reviews the script, etc) don't know that much about hacking and so they don't question it.

    Thanked by 2emg stevewatson301
  • uubub ub bberer

    never used, no data.

    NO ubub

  • @emg said:
    What make me laugh are those real time password cracking progress bars that look like spinning slot machine wheels. The display flickers with high speed random characters until the hacker's computer suddenly finds a password character. That character locks in place with a loud click sound. The remaining characters continue to flicker as the computer isolates them here and there until the entire password is revealed, yielding full control to the hacker. It does not work that way in real life.

    It wouldn't make for very interesting film/TV if they just showed a blank screen for 15 hours and then it spat out a one line result.

    And of course, there's this classic from Jurassic Park:

  • @TimboJones said: Also, real world issue where valid reads are needed by real people (and their legit credentials get stolen) and then you're only watching fake files or dealing with false positives.

    Armchair security is fucking easy.

    I can tell if you thought this was the only method and not one of many... Go trust SentinelOne and think you're safe.

  • ralfralf Member
    edited October 11

    And today I received the first piece of spam to the email address that's only ever been used for Uber. Sigh.

    Guess they must at least have geo information from the DB as well he spam was tailored to UK.

    Thanked by 1emg
Sign In or Register to comment.