New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Anony PayPal Leak?
So anyway... Apparntly PP got hacked and leaked a bunch of passwords?
Not confirmed so far; here's a news story; it's all over the net.
http://news.sky.com/story/1007144/paypal-passwords-leaked-by-anonymous
Anybody heard anything?
Comments
I have read some news, it seems related to zpanel?
@giang how do you assume that?
Looks like PP havent confirmed it as of yet though
!
"Update 2: PayPal has responded with the following statement:
“It appears that the exploit was not directed at PayPal after all, it was directed at a company called ZPanel. The original story that started this and was retweeted by some of the Anonymous Twitter handles has now been updated.”
"
http://thenextweb.com/insider/2012/11/05/anonymous-leaks-sensitive-data-from-alleged-paypal-hack-on-global-protest-day/
You mean.. zPanel that fail of a WHT project?
I read it in TNW, link: http://thenextweb.com/insider/2012/11/05/anonymous-leaks-sensitive-data-from-alleged-paypal-hack-on-global-protest-day/
Yeah I read that; but apparantly it wasnt paypal that was targetted, but more "zPanel, Symantec Imageshack and some Ausi sties".
Eurgh.
lulz, so funneh
Meh, i can't wait until these criminals and anarchists get locked up...
zpanel fails
Sup @joepie91, how goes the recode?
@asadHaider why would anon target them? Shitty code is shitt
!
Yeah, I strongly doubt these leaked details originate from ZPanel. Sounds more like a mixup by TWN on reporting what exactly happened.
Also, the "ZPanel being hacked" isn't really much more than a certain group of skids releasing the password reset vuln that I found in ZPanel a while ago.
Be a bit more careful with what you say. It's quite rude to throw in an arbitrary group of people with views you don't like, with criminals.
EDIT: And no, the passwords do not come from PayPal.
Many of these "hacker" groups are nothing more than trolls who can take an issue, such as downtime, and use FUD (fear, uncertainty, doubt) to say they DDoSed Twitter during a maintenance issue and scummy "media" (blogger) websites ready to run with a story without little or no "reporting" but just referring to another blogger
Of course i know that not all of Anonymous are criminals, but hacking stuff is criminal regardless of my personal opinion on the political message.
I was refering to your (mis)use of the term 'anarchists'.
http://forums.zpanelcp.com/showthread.php?12227-ZPanel-in-the-news-attacked-by-Anonymous&p=75821#post75821
They "hacked" a old version so he says.
All in all I am surprised of the comments in here about how zPanel fails. Their new versions are looking more and more like a viable product.
What does WHT forum have to do with a open panel that's been around for quite some time?
How does a zpanel exploit link to PayPal passwords?
Okay, full ZPanel story:
On November 4, a dump was released by a group named HTP (not Anonymous) of the intercepted IRC logs of one of my IRC leafs (the compromise happened roughly 3 months ago). One of the things gained from those logs was the password reset vulnerability in ZPanel that I found quite a while ago (which has already been fixed in the current ZPanel version). Some companies such as ImageShack and Symantec were also compromised and listed in this dump.
On November 5, Anons compromised a large number of sites, and some Anons made incorrect claims such as having "hacked PayPal".
Most likely a blog wrote about the two separate incidents above in one post, and some media outlet somewhere picked this up as being one story, with the usual media pass-through distortion as a result - effectively mutating into the claim that "Anonymous hacked ZPanel".
What is really the case, is that HTP leaked the ZPanel vulnerability I found. HTP is not part of Anonymous.
@JoePie So you're the real reason of making the news here? O.O keep it down; the press may be at your inbox in seconds.
@HC_Ro I read a few things on WHT; I mis-referenced it earlier by saying it was WHT related; thought it was a group of people who started it from WHT. The things i've read on WHT (ironically can't find the links..) Was negatives on how bad it was; bad sanitizing of the inputs etc. May of been older versions however.
@joepie91 ouch, sorry to hear about the compromise. Able to share what happened?
Oh well. I've got a lot of faith in zpanel, perhaps my observation is off but it seems to be a great project that is only getting better. I still prefer kloxo for security though. Unbreakable beast that panel is.
Nah, I've passed that stage... a year ago or so? Inbox was absolutely flooded with e-mails. That was in the time some idiot claimed I was part of LulzSec and some bigger idiots (press) actually believed it without factchecking. It's quite annoying how easily misinformation spreads via media.
Recently a significant amount of new vulnerabilities was found in ZPanel; vulnerabilities that WebSec did not find. The templater still uses eval(). It's by no means a secure panel, still isn't.
TL;DR HTP broke into ircd account on one of my IRC leafs and modified the UnrealIRCd source and recompiled to log messages; and released these after a 3 month delay or so. Also jacked the config file and DDoSed the hub. I have no evidence of them having ever gotten any further than the ircd account on that particular leaf. Nothing particularly impressive - the biggest problem was when I found out that people had ignored my advice to use client-to-client encryption, and virtually all communication was in plaintext and thus logged. People should really stop trusting IRC as a protocol.