• Last Updated:
  • Jan 8th, 2021 11:52 pm
Tags:
44 replies
Deal Addict
Jul 21, 2005
1838 posts
914 upvotes
Alberta
Explains why their site has been down for a while. Hope they come back soon. At least API still works.
Deal Addict
User avatar
Feb 2, 2010
1160 posts
1016 upvotes
A lot of talk about this in the interwebs. Apparently the download history was stored on a separate server, so that at least appears to be secure. I imagine there will be a fairly large fallout over this in the coming days. There's a good argument here for the use of a VPN, password utilities and PayPal.
Deal Guru
User avatar
Feb 10, 2007
12458 posts
3685 upvotes
I don't see how any of the arguments are valid.
Tapout123 wrote: There's a good argument here for the use of a VPN, password utilities and PayPal.
[self promotion rule violation, removed twice already][self promotion rule violation, removed twice already]Trolling or Threadcrapping Trolling - woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop
Deal Addict
User avatar
Feb 2, 2010
1160 posts
1016 upvotes
sexyj wrote: I don't see how any of the arguments are valid.
Then you'd be an excellent target for one of these site breaches. I imagine that if you use the same password\email address combo on all sites they'd have control over your bank account, credit cards and social media pages already.
Deal Guru
User avatar
Feb 10, 2007
12458 posts
3685 upvotes
LOL, using a VPN and reusing passwords have nothing to do with each other.

Stop trying to put buzz words together to make it seem like a thing.

On the other hand... the passwords are encrypted
Tapout123 wrote: Then you'd be an excellent target for one of these site breaches. I imagine that if you use the same password\email address combo on all sites they'd have control over your bank account, credit cards and social media pages already.
[self promotion rule violation, removed twice already][self promotion rule violation, removed twice already]Trolling or Threadcrapping Trolling - woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop
Deal Addict
Sep 13, 2011
1115 posts
736 upvotes
Canada
sexyj wrote: I don't see how any of the arguments are valid.
You are right, except for paypal, it offer some protection versus giving a pirate website your credit card, right ?
Deal Expert
Jan 17, 2009
19603 posts
28586 upvotes
ONTARIO
If you want to use a credit card with indexers/usenet providers but worried about something like this happening, I definitely recommend getting one of those free reloadable cards from either KOHO or STACK (or get both).
Both are completely free and you get a virtual card number instantly after you sign up (plus a physical one in the mail).

I use them for purchases like this.

I just e-transfer enough onto the card to pay for my usenet provider renewal/indexer subscription and then afterwards, the card remains empty. I can even lock the card too if I want so it can't be used.
That way if it gets compromised, well it's a reloadable card with no funds, so who cares. There's no money for them to take.
Deal Addict
User avatar
Feb 2, 2010
1160 posts
1016 upvotes
sexyj wrote: LOL, using a VPN and reusing passwords have nothing to do with each other.

Stop trying to put buzz words together to make it seem like a thing.

On the other hand... the passwords are encrypted
Buzzwords? Lol.. You really have no idea about why they hack sites like this do you?

They have your last connected IP address, i.e., you dont use a VPN, so they know the city you connected from. They have your hashed password for all users, which is good enough to exploit some sites, but if you've logged into the site since the keylogger was installed they have your UNENCRYPTED password. Now if you have just a few passwords, i.e., don't use a password utility, then they now have a password and email address to try on about a billion websites, including bank sites, credit card sites, social media sites, your email provider etc. If you used a credit card since the keylogger was installed, i.e. you didn't use PayPal, they have your CC information, and that coupled with everything else they have, gives them pretty much free reign to charge a boatload of stuff until the CC cuts it off.

Enough buzzwords for you, or do I make my point?
Deal Addict
User avatar
Feb 2, 2010
1160 posts
1016 upvotes
BobSagget wrote: If you want to use a credit card with indexers/usenet providers but worried about something like this happening, I definitely recommend getting one of those free reloadable cards from either KOHO or STACK (or get both).
Both are completely free and you get a virtual card number instantly after you sign up (plus a physical one in the mail).

I use them for purchases like this.

I just e-transfer enough onto the card to pay for my usenet provider renewal/indexer subscription and then afterwards, the card remains empty. I can even lock the card too if I want so it can't be used.
That way if it gets compromised, well it's a reloadable card with no funds, so who cares. There's no money for them to take.
Did you use your real name\address when you created the Stack\Koho account? I'm not saying that's good or bad, just curious as to whether or not they check.
Deal Expert
Jan 17, 2009
19603 posts
28586 upvotes
ONTARIO
Tapout123 wrote: Did you use your real name\address when you created the Stack\Koho account? I'm not saying that's good or bad, just curious as to whether or not they check.
Yes when I signed up for the cards I used my real info.

However I am not sure if they check or not? I can't remember. I just remember the process was incredibly fast. I signed up on the website and then installed the app on my phone, logged in and had my virtual card number details ready to go. I just e-transferred over the funds and it took like 5 minutes to appear on the card.
I made my first purchase on AliExpress using my STACK card like 10 minutes after signing up.

Also I should mention one nice perk with the STACK card is they don't charge FX fees. So I use that specifically for renewing my usenet provider subscription which is charged in USD.
Deal Addict
User avatar
Feb 2, 2010
1160 posts
1016 upvotes
BobSagget wrote: Yes when I signed up for the cards I used my real info.

However I am not sure if they check or not? I can't remember. I just remember the process was incredibly fast. I signed up on the website and then installed the app on my phone, logged in and had my virtual card number details ready to go. I just e-transferred over the funds and it took like 5 minutes to appear on the card.
I made my first purchase on AliExpress using my STACK card like 10 minutes after signing up.

Also I should mention one nice perk with the STACK card is they don't charge FX fees. So I use that specifically for renewing my usenet provider subscription which is charged in USD.
Interesting, thanks for the info. I'll look into this for Usenet renewals.
Deal Addict
Jul 21, 2005
1838 posts
914 upvotes
Alberta
Tapout123 wrote: Buzzwords? Lol.. You really have no idea about why they hack sites like this do you?

They have your last connected IP address, i.e., you dont use a VPN, so they know the city you connected from. They have your hashed password for all users, which is good enough to exploit some sites, but if you've logged into the site since the keylogger was installed they have your UNENCRYPTED password. Now if you have just a few passwords, i.e., don't use a password utility, then they now have a password and email address to try on about a billion websites, including bank sites, credit card sites, social media sites, your email provider etc. If you used a credit card since the keylogger was installed, i.e. you didn't use PayPal, they have your CC information, and that coupled with everything else they have, gives them pretty much free reign to charge a boatload of stuff until the CC cuts it off.

Enough buzzwords for you, or do I make my point?
No offence dude, but I'm with @sexyj on this one. You sound just like our dimwit security guy at my place. All he knows is the buzzwords and how to create panic. I wouldn't be surprised if you were wearing a tinfoil hat as well as you type this. So much paranoia. You make it sound like you know what you are talking about, but in reality, you have no idea aside from something you read on the internet. Yes while what you said is theoretically true, do you really think these guys are going to be going around reading through key logs and checking your IP information and all that sh*t to get your CC number? This is a non-event really. If you used the same username/pass for a pirate site as your bank account, well you kind of deserve to get owned. My guess is this was just another ransom demand, give us money or we will release this information onto the dark web. Time goes by, NZBGeek comes back online from their backups, and world moves on. Some credit cards might be compromised, bank detects unusual activity and kills the card, reverses the charges and gives you a new card.

Anyways, you sound like the media, blow up a story and make everyone afraid for the sake of having a story.
Deal Expert
Mar 25, 2005
21989 posts
2806 upvotes
Tapout123 wrote: Buzzwords? Lol.. You really have no idea about why they hack sites like this do you?

They have your last connected IP address, i.e., you dont use a VPN, so they know the city you connected from. They have your hashed password for all users, which is good enough to exploit some sites, but if you've logged into the site since the keylogger was installed they have your UNENCRYPTED password. Now if you have just a few passwords, i.e., don't use a password utility, then they now have a password and email address to try on about a billion websites, including bank sites, credit card sites, social media sites, your email provider etc. If you used a credit card since the keylogger was installed, i.e. you didn't use PayPal, they have your CC information, and that coupled with everything else they have, gives them pretty much free reign to charge a boatload of stuff until the CC cuts it off.

Enough buzzwords for you, or do I make my point?
Its a hashed password...what good is it?
Deal Guru
User avatar
Feb 10, 2007
12458 posts
3685 upvotes
LOL, the fact that you think this is a movie and people can use "last connected IP" to make any attempts at hacking is hilarious
Tapout123 wrote: Buzzwords? Lol.. You really have no idea about why they hack sites like this do you?

They have your last connected IP address, i.e., you dont use a VPN, so they know the city you connected from. They have your hashed password for all users, which is good enough to exploit some sites, but if you've logged into the site since the keylogger was installed they have your UNENCRYPTED password. Now if you have just a few passwords, i.e., don't use a password utility, then they now have a password and email address to try on about a billion websites, including bank sites, credit card sites, social media sites, your email provider etc. If you used a credit card since the keylogger was installed, i.e. you didn't use PayPal, they have your CC information, and that coupled with everything else they have, gives them pretty much free reign to charge a boatload of stuff until the CC cuts it off.

Enough buzzwords for you, or do I make my point?
[self promotion rule violation, removed twice already][self promotion rule violation, removed twice already]Trolling or Threadcrapping Trolling - woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop
Deal Addict
User avatar
Feb 2, 2010
1160 posts
1016 upvotes
eblend wrote: No offence dude, but I'm with @sexyj on this one. You sound just like our dimwit security guy at my place. All he knows is the buzzwords and how to create panic. I wouldn't be surprised if you were wearing a tinfoil hat as well as you type this. So much paranoia. You make it sound like you know what you are talking about, but in reality, you have no idea aside from something you read on the internet. Yes while what you said is theoretically true, do you really think these guys are going to be going around reading through key logs and checking your IP information and all that sh*t to get your CC number? This is a non-event really. If you used the same username/pass for a pirate site as your bank account, well you kind of deserve to get owned. My guess is this was just another ransom demand, give us money or we will release this information onto the dark web. Time goes by, NZBGeek comes back online from their backups, and world moves on. Some credit cards might be compromised, bank detects unusual activity and kills the card, reverses the charges and gives you a new card.

Anyways, you sound like the media, blow up a story and make everyone afraid for the sake of having a story.
Wow, such ignorance. Do you even know what a keylogger is? You sound like the dimwit users we get calls from all the time asking why they cant access their email after we lock their account because they were hacked. I mean I guess it's possible the two of you know more than the IT security teams in every corporation who spend all their time protecting people like you from themselves, but I doubt it. The fact that hackers go to such great lengths to steal this information, coupled with the fact that they usually sell it on the dark web for big $$ means nothing right? The people who pay for this information, they just do it because they're bored right? MS and Oracle and all the other corporations that spend huge $$ on security to plug holes like this, they're just paranoid right? Ultimately you and sexyj are welcome to continue with your kindergarten-level internet security practices, but you really should stick to speaking about topics you are familiar with, like, say, interpretive dance, and leave IT security to IT professionals.
Deal Guru
User avatar
Feb 10, 2007
12458 posts
3685 upvotes
Do you use VPN to connect to rfd too so your "connected IP" isn't exposed to the hackerz ?

LOL Face With Tears Of Joy
Tapout123 wrote: Wow, such ignorance. Do you even know what a keylogger is? You sound like the dimwit users we get calls from all the time asking why they cant access their email after we lock their account because they were hacked. I mean I guess it's possible the two of you know more than the IT security teams in every corporation who spend all their time protecting people like you from themselves, but I doubt it. The fact that hackers go to such great lengths to steal this information, coupled with the fact that they usually sell it on the dark web for big $$ means nothing right? The people who pay for this information, they just do it because they're bored right? MS and Oracle and all the other corporations that spend huge $$ on security to plug holes like this, they're just paranoid right? Ultimately you and sexyj are welcome to continue with your kindergarten-level internet security practices, but you really should stick to speaking about topics you are familiar with, like, say, interpretive dance, and leave IT security to IT professionals.
[self promotion rule violation, removed twice already][self promotion rule violation, removed twice already]Trolling or Threadcrapping Trolling - woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop
Deal Addict
User avatar
Feb 2, 2010
1160 posts
1016 upvotes
sexyj wrote: Do you use VPN to connect to rfd too so your "connected IP" isn't exposed to the hackerz ?

LOL Face With Tears Of Joy
Pretty intelligent response. It's about on par with your level of understanding of how these things work.

Seriously, dude, you and Kasakato and others can surf the web anyway you want. I'm only pointing out why they steal these things, what they use them for and how various technologies are available to users to mitigate the fallout from this kind of hack. For most people it is just the inconvenience of having to get a new CC when theirs is compromised, for others this is the beginning of identity theft, regardless, this type of data is valuable for a reason. Just because you don't want to think about that doesn't mean others shouldn't be smart about how they do things online.
Deal Guru
User avatar
Feb 10, 2007
12458 posts
3685 upvotes
LOL... bro.

If you didn't include VPN in your response, I would have agreed with your stm. But the fact that you are still trying to make it a thing... just laughable.

There is no argument to use a VPN in terms of a database hack, keylogger, whatever.

Using a VPN will not protect you from anything other than someone sniffing your password on a open wifi. You should look up on how VPN work to update your "enterprise IT knowledge"

:facepalm:
There's a good argument here for the use of a VPN, password utilities and PayPal.
Tapout123 wrote: Pretty intelligent response. It's about on par with your level of understanding of how these things work.

Seriously, dude, you and Kasakato and others can surf the web anyway you want. I'm only pointing out why they steal these things, what they use them for and how various technologies are available to users to mitigate the fallout from this kind of hack. For most people it is just the inconvenience of having to get a new CC when theirs is compromised, for others this is the beginning of identity theft, regardless, this type of data is valuable for a reason. Just because you don't want to think about that doesn't mean others shouldn't be smart about how they do things online.
[self promotion rule violation, removed twice already][self promotion rule violation, removed twice already]Trolling or Threadcrapping Trolling - woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop
Deal Expert
Mar 25, 2005
21989 posts
2806 upvotes
Tapout123 wrote: Pretty intelligent response. It's about on par with your level of understanding of how these things work.

Seriously, dude, you and Kasakato and others can surf the web anyway you want. I'm only pointing out why they steal these things, what they use them for and how various technologies are available to users to mitigate the fallout from this kind of hack. For most people it is just the inconvenience of having to get a new CC when theirs is compromised, for others this is the beginning of identity theft, regardless, this type of data is valuable for a reason. Just because you don't want to think about that doesn't mean others shouldn't be smart about how they do things online.
You never told us how hashed passwords are used...

Top