1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Adult Friend Network Gets Hacked - Again

Discussion in 'BlackHat Lounge' started by Reaver, Nov 14, 2016.

  1. Reaver

    Reaver Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2015
    Messages:
    1,904
    Likes Received:
    5,465
    Gender:
    Female
    • Thanks Thanks x 3
  2. Joseph Lich

    Joseph Lich BANNED BANNED

    Joined:
    Nov 25, 2015
    Messages:
    402
    Likes Received:
    79
    More than 399 million accounts are fake ones. No worry.
     
  3. Reaver

    Reaver Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2015
    Messages:
    1,904
    Likes Received:
    5,465
    Gender:
    Female
    That is not the point of this post. The fake accounts don't matter. This network clearly has security issues that needs to be fixed. They've been hacked twice now. That's a problem, don't you think?
     
  4. Joseph Lich

    Joseph Lich BANNED BANNED

    Joined:
    Nov 25, 2015
    Messages:
    402
    Likes Received:
    79
    I don't pay adult website a dime so I don't care.
     
  5. thetrustedzone

    thetrustedzone Jr. VIP Jr. VIP

    Joined:
    Jun 15, 2010
    Messages:
    2,577
    Likes Received:
    2,085
    Home Page:
  6. Stephen Kurt

    Stephen Kurt BANNED BANNED

    Joined:
    Jan 15, 2016
    Messages:
    50
    Likes Received:
    10
    patch it.
     
  7. Reaver

    Reaver Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2015
    Messages:
    1,904
    Likes Received:
    5,465
    Gender:
    Female
    Then they need diapers. Or surgery.

    You'd think. Not sure if they're being cheap or just have people working on it that don't know what they're doing.
     
  8. Joseph Lich

    Joseph Lich BANNED BANNED

    Joined:
    Nov 25, 2015
    Messages:
    402
    Likes Received:
    79
    I am not sure either. All these fixes are really invisible to me.
    My main interest is fucking real shit.
     
  9. tasburrfoot

    tasburrfoot Regular Member

    Joined:
    Dec 16, 2008
    Messages:
    323
    Likes Received:
    152
    You can't secure yourself - it's just not possible. You can only hope someone doesn't pop you, and if it happens that your response game is on point.

    Sure you can patch SQLi and the known exploits, to keep out skiddies, but ultimately you draw someone's attention you're going to get owned, there is just no way around it without completely disconnecting yourself the Internet. And even then, DMZ servers have been owned time and time again.

    lots of times its not even the main site(in this case ADF) that gets popped, but some peripheral company or vendor and then they leverage that laterally to gain access.

    Read through the latest HTP5 E-zine(Hack The Planet - it's still a little dated, 2014 I believe, Nacash mirrors it on GitHub)and you'll see just how easy it is to traverse through "side channels" once you break one link in a very long chain.

    They dumped sucuri, linode, and several other high profile security PROVIDERS - even giving an 0day to the trendmicro site(that would be Norton AV).

    It would be great if there was a simple 1-click fix to security, but there isn't.

    The real question is why all the passwords were either cleartext or sha1.. Someone had to OK that.. And then someone had to actually implement that - without even questioning it. Unsalted too...
     
    • Thanks Thanks x 1
    Last edited: Nov 14, 2016
  10. laur.laurix

    laur.laurix Power Member

    Joined:
    May 8, 2013
    Messages:
    740
    Likes Received:
    277
    Occupation:
    Reverse Engineering Maniac
    Location:
    Mars
    Who gives a fox?
     
  11. Winston_

    Winston_ BANNED BANNED

    Joined:
    Jul 9, 2016
    Messages:
    41
    Likes Received:
    11
    Gender:
    Male
    I wonder if she can understand this. lol
     
  12. Noah Hawryshko

    Noah Hawryshko Senior Member

    Joined:
    Apr 28, 2016
    Messages:
    871
    Likes Received:
    729
    Gender:
    Male
    Occupation:
    Biotechnology Engineer at Silph. Co, Saffron
    Location:
    Kanto
    Is that you, Donald?
     
  13. Winston_

    Winston_ BANNED BANNED

    Joined:
    Jul 9, 2016
    Messages:
    41
    Likes Received:
    11
    Gender:
    Male
    I'm not following?
     
  14. Sherbert Hoover

    Sherbert Hoover Jr. Executive VIP Jr. VIP

    Joined:
    Dec 26, 2010
    Messages:
    1,290
    Likes Received:
    10,796
    • Thanks Thanks x 10
  15. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,986
    Likes Received:
    3,744
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Exploiting Loopholes!
    Home Page:
    Just a new trend for bhw spammers?! (Just random brain vomit guys, dont get offended)
     
  16. Neon

    Neon BANNED BANNED Jr. VIP

    Joined:
    Nov 3, 2013
    Messages:
    3,107
    Likes Received:
    7,705
    Gender:
    Male
    nice signature Roy <3
     
  17. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,986
    Likes Received:
    3,744
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Exploiting Loopholes!
    Home Page:
    Ol' times dude!
     
    • Thanks Thanks x 1
  18. Jamie.TM

    Jamie.TM Newbie

    Joined:
    Nov 7, 2016
    Messages:
    14
    Likes Received:
    1
    Gender:
    Male
    Biggest issue is large amount of passwords saved in plain text in this age..
     
  19. Reaver

    Reaver Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2015
    Messages:
    1,904
    Likes Received:
    5,465
    Gender:
    Female
    Do you think being hacked like that damages their bottom line? I don't think they were doing too good to begin with.
     
  20. Noah Hawryshko

    Noah Hawryshko Senior Member

    Joined:
    Apr 28, 2016
    Messages:
    871
    Likes Received:
    729
    Gender:
    Male
    Occupation:
    Biotechnology Engineer at Silph. Co, Saffron
    Location:
    Kanto
    They don't seem like as big a brand as AM was, so it's not as damaging to them as it was to AM when they got hacked.

    Also, the kind of guys who click on an ad for "hot women in your neighbourhood looking to fuck" probably aren't the best fact checkers, so the hack should go undetected for the larger populous.