HardwareZone Forum hit by security breach

[Vid]

Yup, I am assuming the servers are properly secured so there should be little to no vector attack vulnerability, so intrusion will be from site. So pen test, code review and vulnerability assessment is the way to go. Pen test being one of the most important especially by good qualified white hats.

 

Yes, correct. Pen tests and code reviews are very important for IT infrastructure. All depends on how much money the company wants to invest in them.

[Xers007]

Yup, I am assuming the servers are properly secured so there should be little to no vector attack vulnerability, so intrusion will be from site. So pen test, code review and vulnerability assessment is the way to go. Pen test being one of the most important especially by good qualified white hats.

Tbh how many company are willing to pay for all these test and assessment as it will not be one off. Even those rather big company like uber also kanna.

they hack my account also dont gain anything mah. At most they get to see all the little demons and devils only, who want sia.

 

Mayb @radx acct nong nong time ago tio hack liao.

So radx is not really radx

[Unltd]

Tbh how many company are willing to pay for all these test and assessment as it will not be one off. Even those rather big company like uber also kanna.

So radx is not really radx

Uber case is cause they placed their codes on GitHub la... hahaha different...

 

You tried logging out and logging in for MCF before? I think can brute force, no captcha, I tried more than 3 attempts no logout period, can try consecutively.... lol

[Xers007]

Uber case is cause they placed their codes on GitHub la... hahaha different...

 

You tried logging out and logging in for MCF before? I think can brute force, no captcha, I tried more than 3 attempts no logout period, can try consecutively.... lol

Yah brute force can do wonders, i guess the senior mod at hwz set his password as "default"

[macrosszero]

This forum got all our critical info... Better start to delete the info before something happens...

 

Never submitted it in the first place, despite all of the freebies dangled.

[Pocus]

I remember someone said SSL would be implemented here but till now no sound no action.

 

SSL will not help much if the forum is compromised by brute force hacking of the user ID.

There are so many holes to plug for cyber security, server patches, FW patches, application patches, secured technology like 2FA. You start to think if it's worth the money and effort for only a forum meant for Tok Cock Sing Song.

 

At the end of the day, dun put too much private info in your current profile and account.

Edited February 20, 2018 by Pocus

[Ash2017]

if knowing that hardware zone got hacked since Sep 2017, then later mcf announced hacked, will a simple sorry by SPH be acceptable.

 

or you guys will demand at least one happy ending session or a meal with Jack ma.

[Jamesc]

So the hackers now know my password is

 

Ilikesex696969

 

Do I need to change it?

 

[Atonchia]

So the hackers now know my password is

 

Ilikesex696969

 

Do I need to change it?

 

Think better change it.

 

Mine was:

ReAL_poliS999-No_BluFf_no_UDtable.

 

Think I will also change them now.

[Kusje]

Just visited hwz...

 

Still trying to cover up... No surprise from our govt controlled media.

[Angcheek]

MCF got hack bo ?    

[Icedbs]

HWZ has some deluxe accounts that need to pay $$$ right?

 

So would that compromise payment details?

[DACH]

Just visited hwz...

 

Still trying to cover up... No surprise from our govt controlled media.

Announced in ST today.

So the hackers now know my password is

 

Ilikesex696969

 

Do I need to change it?

 

I thought your password is:

 

IhatemyMIL4ever

 

 

[Kusje]

Announced in ST today.

I thought your password is:

 

IhatemyMIL4ever

 

ð ð ð

 

@Mustank one should be easy to guess.

 

piakpiak

Cover up is not just about the hack itself but also about what personal details have been exposed.

 

They claim that no telephone numbers have been exposed (as they had previously deleted that data) but hwz people claim that in order to sign up, they need to provide their mobile and if duplicated, they cannot create a new account. How to block same numbers from creating an account if you don't actually store those numbers? I'm not an IT person but I know there should be some way to encrypt the data and still be able to compare it later but that might still be able to be decrypted depending on the encryption used. To just say that numbers were deleted without acknowledging the latter fact seems disingenuous to me.

 

Forumers have been reporting such hacks for months but the admin just sweeps it under the bed. This particular hack was exposed in a thread the admin created to calm the forum and let them know that they investigated the claims and found no evidence of the accounts being compromised. The hilarious part is when the hacker used the admins account to modify that post and let everyone see that there has indeed been a hacking incident.

Edited February 20, 2018 by Kusje

[Unltd]

You guys realise there’s no reply from mods or higher hor for this topic...

[DACH]

You guys realise thereâs no reply from mods or higher hor for this topic...

Just hope they do something.

The recent spammings have suggested that something needs to be done on the security breach.

[Kusje]

You guys realise thereâs no reply from mods or higher hor for this topic...

Pang chance leh.

 

It was posted at 10 pm last night after office hours. Admin also work office hours one.

 

Anyway, after hwz admin boo boo, will you really believe whatever mcf admin writes?

 

It's just a car forum... No matter how much you trust the admin, do they really need your personal data? If the answer is no, then why give it to them?

Just hope they do something.

The recent spammings have suggested that something needs to be done on the security breach.

The spam has nothing to do with security of the personal data la.

I reckon MCF only has my email address and if you Google hard enough with it, might be able to find out my real name but that's all I guess. It's still troubling since there are so many psychos on the internet these days. Someone might start harassing me irl if they don't like my views on here.

[Mustank]

Announced in ST today.

I thought your password is:

 

IhatemyMIL4ever

 

ð ð ð

 

@Mustank one should be easy to guess.

 

piakpiak

Hahahaha my password really is piakpiak69!!!!!! Damn!!!!!!!

I did not sign as premium member.

 

Free gift come with a risk. My opinion only. Don't flame me.

Hahaha me too

 

The Rings of Power in J. R. R. Tolkien's Middle-earth legendarium are magic rings created by Sauron or by the Elves of Eregion under Sauron's tutelage. Sauron intended three of the rings to be worn by Elves, Seven by Dwarves, Nine by Men, and one, the One Ring, by the Dark Lord Sauron himself in Mount Doom.

 

Sauron intended the rings to subvert these races of Middle-earth to his power, since the One Ring controlled the others. Sauron's plan was not completely successful, for the Elves hid their rings and did not use them while Sauron held the One, and the Dwarves did not respond to the One's control as Sauron expected. But the Men who wore the Nine were enslaved by Sauron, and became the Nazgûl ("ring wraiths").

 

Three Rings for the Elven-kings under the sky,

Seven for the Dwarf-lords in halls of stone,

Nine for Mortal Men, doomed to die,

One for the Dark Lord on his dark throne

In the Land of Mordor where the Shadows lie.

One Ring to rule them all, One Ring to find them,

One Ring to bring them all and in the darkness bind them.

In the Land of Mordor where the Shadows lie.