Jump to content

Hey Fcp Guys... Care To Explain This?

Sysvr4

By Sysvr4,
in General Poker Forum

 Share Followers 0

Recommended Posts

Sysvr4

Sysvr4 0

Posted
  • Author
Posted
We can't rule out some player's e-mail addresses being found when the forum was hacked into a few months back as the hackers would have had access to e-mail addresses.
Thanks for the reply, Bob. I wasn't aware at the time of my posting that the forum server had been compromised. I wonder if you could disclose the type of information held on the compromised server. For instance, was it just the information we registered with on the forum (ie, our names, email, and street addresses) or was there more sensitive information as well (neteller, etc)?
The hackers did not have access to the forum passwords as we don't even have access to them and the forum and poker accounts are totally separate and not connected in any way.
Well, if my experience is any measure, they probably DID have access to the passwords, but I imagine they were in encrypted form only. Meaning that if they had enough time and computing power, they could run an MD5 or crypt() brute-force password cracker and eventually determine a good number of our passwords. Would that be an accurate statement?
We haven't provided our e-mail database to any other companies other then the On Game Network. That being said there's no question that some spammers do have some FCP e-mail addresses.
Fair enough.
The most likely way that the spammer received your e-mail address is via a Network Sniffer that is installed somewhere on one of the servers located between our e-mail server and your e-mail server on the internet. If one were on a server while we were sending out a mass e-mail they would get a number of FCP addresses.
I have to take issue with this assessment, but please don't take this rebuttal personally.What you have described is jut not how internet email (as defined by the various RFCs on SMTP) works. It works more like the following (simplified greatly for obvious reasons):1. You send an email to user@domain.com2. Your outgoing SMTP server says, "I'll take that message and deliver it for you"3. Your outgoing SMTP server does a DNS query to determine the controlling mail server (MX record) for the recipient domain (in our example, domain.com)4. Your outgoing SMTP server connects directly to that controlling server and hands the message off to it for delivery5. The mail server for the recipient domain delivers the message to a local account or another sub-server in that domain (but, and this is important, almost never through an external network)Thus, there is no "server located between our e-mail server and your e-mail server on the internet". It goes directly from your server to my server. Now, that said, there is the remote possibility that someone installed a network sniffer on a router between your server and mine, but I can tell you that, from my experience, it's nearly impossible to do. The vast majority of internet routers are made by Cisco and run their proprietary IOS software. You have to install a special list of packet matching rules on the router (having full access to it in order to do so) and then point it to a local server to store the raw packets. Then you have to logon to that server and decode the packets and their payload from hex into something readable. Like I said, it's not impossible, but it's non-trivial.An attacker *could* have installed a sniffer on your server while it was compromised and very easily stored and analyzed any information going through it. If possible, if you could disclose what kind of information that might be, I'm sure many here would appreciate it (including me).Again, I appreciate your reply and help you can provide me and other users with regard to what information may have been compromised. Thanks,Jeff
Link to post
Share on other sites
DanielSon

DanielSon 0

Posted
Posted
Thanks for the reply, Bob. I wasn't aware at the time of my posting that the forum server had been compromised. I wonder if you could disclose the type of information held on the compromised server. For instance, was it just the information we registered with on the forum (ie, our names, email, and street addresses) or was there more sensitive information as well (neteller, etc)? Well, if my experience is any measure, they probably DID have access to the passwords, but I imagine they were in encrypted form only. Meaning that if they had enough time and computing power, they could run an MD5 or crypt() brute-force password cracker and eventually determine a good number of our passwords. Would that be an accurate statement?Fair enough.I have to take issue with this assessment, but please don't take this rebuttal personally.What you have described is jut not how internet email (as defined by the various RFCs on SMTP) works. It works more like the following (simplified greatly for obvious reasons):1. You send an email to user@domain.com2. Your outgoing SMTP server says, "I'll take that message and deliver it for you"3. Your outgoing SMTP server does a DNS query to determine the controlling mail server (MX record) for the recipient domain (in our example, domain.com)4. Your outgoing SMTP server connects directly to that controlling server and hands the message off to it for delivery5. The mail server for the recipient domain delivers the message to a local account or another sub-server in that domain (but, and this is important, almost never through an external network)Thus, there is no "server located between our e-mail server and your e-mail server on the internet". It goes directly from your server to my server. Now, that said, there is the remote possibility that someone installed a network sniffer on a router between your server and mine, but I can tell you that, from my experience, it's nearly impossible to do. The vast majority of internet routers are made by Cisco and run their proprietary IOS software. You have to install a special list of packet matching rules on the router (having full access to it in order to do so) and then point it to a local server to store the raw packets. Then you have to logon to that server and decode the packets and their payload from hex into something readable. Like I said, it's not impossible, but it's non-trivial.An attacker *could* have installed a sniffer on your server while it was compromised and very easily stored and analyzed any information going through it. If possible, if you could disclose what kind of information that might be, I'm sure many here would appreciate it (including me).Again, I appreciate your reply and help you can provide me and other users with regard to what information may have been compromised. Thanks,Jeff
Zomg computer expert....haxhaxhaxh
Link to post
Share on other sites
FCP Bob

FCP Bob 1,312

Posted
Posted
Thanks for the reply, Bob. I wasn't aware at the time of my posting that the forum server had been compromised. I wonder if you could disclose the type of information held on the compromised server. For instance, was it just the information we registered with on the forum (ie, our names, email, and street addresses) or was there more sensitive information as well (neteller, etc)? Well, if my experience is any measure, they probably DID have access to the passwords, but I imagine they were in encrypted form only. Meaning that if they had enough time and computing power, they could run an MD5 or crypt() brute-force password cracker and eventually determine a good number of our passwords. Would that be an accurate statement?Fair enough.I have to take issue with this assessment, but please don't take this rebuttal personally.What you have described is jut not how internet email (as defined by the various RFCs on SMTP) works. It works more like the following (simplified greatly for obvious reasons):1. You send an email to user@domain.com2. Your outgoing SMTP server says, "I'll take that message and deliver it for you"3. Your outgoing SMTP server does a DNS query to determine the controlling mail server (MX record) for the recipient domain (in our example, domain.com)4. Your outgoing SMTP server connects directly to that controlling server and hands the message off to it for delivery5. The mail server for the recipient domain delivers the message to a local account or another sub-server in that domain (but, and this is important, almost never through an external network)Thus, there is no "server located between our e-mail server and your e-mail server on the internet". It goes directly from your server to my server. Now, that said, there is the remote possibility that someone installed a network sniffer on a router between your server and mine, but I can tell you that, from my experience, it's nearly impossible to do. The vast majority of internet routers are made by Cisco and run their proprietary IOS software. You have to install a special list of packet matching rules on the router (having full access to it in order to do so) and then point it to a local server to store the raw packets. Then you have to logon to that server and decode the packets and their payload from hex into something readable. Like I said, it's not impossible, but it's non-trivial.An attacker *could* have installed a sniffer on your server while it was compromised and very easily stored and analyzed any information going through it. If possible, if you could disclose what kind of information that might be, I'm sure many here would appreciate it (including me).Again, I appreciate your reply and help you can provide me and other users with regard to what information may have been compromised. Thanks,Jeff
Hi Jeff, thank you for your post. I'm not a techie so I don't always use the correct terms.The forum software was compromised a couple months back by some hackers when they attacked not only the FCP Forum but many others that use the same software that we do. The software provider had a patch for the vulverability in less then 24 hours and we installed it right away and that closed that hole.The forum software and server are totally separate from the poker accounts. The only information in your forum accounts is your Forum User Name and the e-mail address that you have registered with the forum. Your passwords are encrypted and we have no way to access them ourselves. Also, your real name is nowhere in your forum account.When I was talking about servers I guess I meant routers. I was told that packet sniffers between us and you might also be a source of the e-mail addresses. Our e-mail server is totally separate from the poker accounts and from the forum server and accounts. That server is only used for sending e-mails.The most likely way that your e-mail address got in the hands of the spammers was when the forum was hacked I would imagine.
Link to post
Share on other sites
DanielSon

DanielSon 0

Posted
Posted

If sys is right about them being able to crack the encrypted passwords for the forums then that easily could have been what happened to my neteller account. All they needed was my email account and password to my email to hack into it and I registered the same email with the forums and had the same password...My bad I guess...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 0
Go to topic listing
×
×
  • Create New...