Home > Forum > Categories > Random Tracks > Silas, have you been hacked?

Silas, have you been hacked?

  • Nick-BC
  • Topic Author
  • User
  • User
More
9 years 10 months ago #226840 by Nick-BC
Silas, have you been hacked? was created by Nick-BC
Just got a message which obviously wasn't from you.

Please Log in or Create an account to join the conversation.

  • flowing alpy
  • User
  • User
More
9 years 10 months ago #226842 by flowing alpy
Replied by flowing alpy on topic Re: Silas, have you been hacked?
Hey Silas, Silver for Solstice or s4s this year looks do-able.

Please Log in or Create an account to join the conversation.

  • flowing alpy
  • User
  • User
More
9 years 9 months ago #226874 by flowing alpy
Replied by flowing alpy on topic Re: Silas, have you been hacked?
He must be skiing some great snow.

Please Log in or Create an account to join the conversation.

  • kamtron
  • User
  • User
More
9 years 9 months ago #226877 by kamtron
Replied by kamtron on topic Re: Silas, have you been hacked?
TAY should use SSL. Completely insecure as-is

Please Log in or Create an account to join the conversation.

  • BrianT
  • User
  • User
More
9 years 9 months ago #226879 by BrianT
Replied by BrianT on topic Re: Silas, have you been hacked?

TAY should use SSL. Completely insecure as-is


I can't believe I never noticed this before...

Via the HTTP request to log in
www.turns-all-year.com/skiing_snowboardi...ex.php?action=login2
POST index.php?action=login2

200 OK turns-all-year.com 20 B
208.113.215.5:80 235ms

ParamsHeadersPostResponseHTMLCacheCookies
Parametersapplication/x-www-form-urlencodedDo not sort
cookielength 180
passwrd mypassword
user myusername

Yeah, don't EVER use a decent password that you use with anything else on this site. This really should be addressed.

Please Log in or Create an account to join the conversation.

  • BrianT
  • User
  • User
More
9 years 9 months ago #226880 by BrianT
Replied by BrianT on topic Re: Silas, have you been hacked?
You can see from the above POST request to send the username/password is sent in CLEAR text, there's nothing hashing this and it's completely able to be sniffed anywhere on the wire/net. :(

Please Log in or Create an account to join the conversation.