Why would you buy a HON account for $35 lol. They're free and most people don't have enough skins to make it worth that much.

From the reddit comments it seems he didn't actually get usable passwords, just the hashed passwords which can be compared to a database of known password hashes. So if you password is likely to not have ever been picked up on a 'common password' list you're prob safe. There's no way mine would ever been compromised if that's the case.

It's going to be interesting to see how S2 holds on after yet another monumental fuck-up. HON is a fantastic game, I like it more than LoL and Dota2, but S2 are just too bad at running it for it to succeed.

Dota2 is the opposite, worst actual game out of the three (IMO) but everything else is amazing, the armor system for customizing heros especially - shame the game itself still feels like Dota1 (in a bad way, IMO)

he was brute forcing them with specific hashcat hash masks which cuts down the time needed to do larger passwords but you miss a fair majority of them.
doing this on multiple computers with gpus allows someone to split the work load for certain key spaces to make things faster. from personal experience brute forcing passwords length 4-8 only takes about 5 hours with a simplistic char set of alpha numeric. anything larger (ex including symbols) a hash mask needs to be implemented for any reasonable time frame for 8 length passwords.

also you cant compare a salted hash to a hash database. you wont get any results unless that hash database has found a hash collision where 2 hash inputs provide the same output but the chances of that are slim especially for passwords because most databases have a max password length and i can guarantee you will not get a collision within any 16 length string.

edit:: i guess he was selling usernames that were original and 1 word. people have a fascination of one work nicknames for videogames. check out battle.net for example starcraft and diablo 2 and warcraft2 were heavily populated of people who collected original names and then of course there were the illegal names with characters that were not allowed in names any more and people paid up to 150$ for some of those.



even if you change the password since the exploit is still active changing it wont matter he can get it back as easily as he did anyone elses. best thing you can do is change the password to all your other accounts and wait it out.

This post was edited by AbDuCt on Dec 17 2012 10:07pm

azrad finds vulnerability allowing guest->system local privilege escalation for vista, 7 and 8
azrad does not report vulnerability

This post was edited by Azrad on Dec 18 2012 12:30am

HoN acknowledges the security breach:

http://forums.heroesofnewerth.com/showthread.php?469222-Security-Issue-12-16

reddit posts about the ryanc hacking (lolling to read)

http://www.reddit.com/r/HeroesofNewerth/comments/150kar/sooooooo_whats_happening_to_ryanc_charges_being/
http://www.reddit.com/r/HeroesofNewerth/comments/14zouf/seriously_s2_communication_is_key/


Ryan_HTP stated that servers are still vulnerable and the patch was only for game clients to force a password change and that a full disclosure database details will be exposed at a later date.

I believe the CyberPolice have been contacted.

Tracked good info

Good thread.

WordPress Pingback Vulnerability Serves DDoS attack feature



Accunetix a web application security company reported vulnerabilities found in the Wordpress Pingback feature. According to report, Pingback vulnerability exists in the WordPress blogging platform that could leak information and lead to distributed denial of service (DDoS) attacks.

"WordPress has an XMLRPC API that can be accessed through the xmlrpc.php file. When WordPress is processing pingbacks, it's trying to resolve the source URL, and if successful, will make a request to that URL and inspect the response for a link to a certain WordPress blog post. If it finds such a link, it will post a comment on this blog post announcing that somebody mentioned this blog post in their blog." Bogdan Calin explained.

Pingback is one of three types of linkbacks, methods for Web authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to, or referring to their articles. Some weblog software, such as Movable Type, Serendipity, WordPress, and Telligent Community, support automatic pingbacks where all the links in a published article can be pinged when the article is published.
A new tool has been released that automates the pingback vulnerability autonomously, distributed on the software development site Github as "WordpressPingbackPortScanner" . That tool exposes the API and lets attackers scan other hosts, multiple WordPress blogs and with a specialized URL, reconfigure routers.

Tool description - "Wordpress exposes a so called Pingback API to link to other blogposts. Using this feature you can scan other hosts on the intra- or internet via this server. You can also use this feature for some kind of distributed port scanning: You can scan a single host using multiple Wordpress Blogs exposing this API."

The bug is already reported on Wordpress community, but Softpedia notice that the ticket was closed at the time after someone argued that “there are so many ways to orchestrate a DDOS attack.”

All the wordpress blogs are at risk,can be heavily abused by attackers. Since the Wordpress also supports URL credentials , the attacker can use a link like http://admin:admin@192.168.0.1/changeDNS.asp?newDNS=aaaa to reconfigure internal routers.

He also says that disabling the Pingback feature won't fix the solution ,the ultimate solution is a patch.


Batchwiper malware, new virus targets Iranian computers

Iranian CERT is sounding the alarm over another bit of data-deleting malware it's discovered on PCs in the country. Dubbed Batchwiper, the malware systematically wipes any drive partitions starting with the letters D through I Drive, along with any files stored on the Windows desktop of the user who is logged in when it's executed

Why naming Batchwiper ? The name was chosen because the malware is packed in a batch file.

The malware initiates its data wiping routine on certain dates, the next one being Jan. 21 2013. However, the dates of Oct. 12, Nov. 12 and Dec. 12, 2012, were also found in the malware's configuration, suggesting that it may have been in distribution for at least two months.

GrooveMonitor.exe is the original dropper, which is a self-extracting RAR file, once executed it extracts the following files:

-- \WINDOWS\system32\SLEEP.EXE, md5: ea7ed6b50a9f7b31caeea372a327bd37

-- \WINDOWS\system32\jucheck.exe, md5: c4cd216112cbc5b8c046934843c579f6

-- \WINDOWS\system32\juboot.exe, md5: fa0b300e671f73b3b0f7f415ccbe9d41

Then juboot.exe is executed, which create and execute following batch file :

\Documents and Settings\%User%\Local Settings\Temp\1.tmp\juboot.bat

According to the Iranian CERT advisory, "However, it is not considered to be widely distributed. This targeted attack is simple in design and it is not any similarity to the other sophisticated targeted attacks."

In past, Iran has accused the US and Israel of being behind the Flame attack as well as the Stuxnet virus. Such attacks are seen as en effort to cripple the Islamic Republic's nuclear program, which Western countries fear is being used to make a bomb.


Holiday deals can really be hiding hacker surprises

It is that time of year which everybody loves. It is the holiday season and you will start to see a lot more people express good attitudes and wish everyone else a happy new year. As a matter of fact it may be hard to think that with all of this much goodwill in the air there is someone out there who is trying to take advantage of that. But the fact is no matter what time of year it is there are always going to be bad guys around every corner and they will try to stalk their prey at anytime. It does not matter what time of year it is, the bad guys like to work all year round and you always have to be on the lookout for them.

As a matter of fact this time of year is a very good time when it comes to black hat hackers. This is because there are so many people online around this time and they are looking for a bunch of deals for their Christmas shopping. The retailers really go full throttle around this time of year and they want to be able to make as much money as they can. This time of year may be known as the holidays to most people but to people in the financial industry it is known as the fourth quarter and it is the most important quarter of the year. They want to be able to make as much money as they can throughout this time period so they will offer deep discounts wherever they can.
And since you have so many people online trying to advantage of these deep discounts that are being offered, it is the perfect time for a black hat hacker to try and strike. With so many emails and so much different types of information being sent back and forth it is hard for the average person to be able to discern what is real and what is not. They do not know which emails are really offering a real deal and which ones are fake and trying to get something out of you. Normally you would tell a person that if a deal seems to be too good to be true that it probably is and there are some bad guys behind the offer. But at this time of year all of the deals seem too good to be true and it is hard to tell which one is a bad deal and which on is a good deal.

That is why as a consumer, you have to keep a more vigilant eye out than you normally would. Yes, the bad guys are going to be out there in full force and you have to make sure you are more prepared than ever. When you go to visit websites you have to make sure that the domain is correct and that it matches the website that you thought you were going to. If it does not match the domain that you thought you were going to then you should leave right away without clicking on anything. And if you get an offer in your email account then you should not click the link in the email. What you should do is type the website in directly and go to it that way. You never know where a link in your email account is going to take you. So make sure that you do it the right way so that you know where you are going.

When it comes to the holidays the bad guys do not take a day off. So make sure that your common sense does not take a day off as well.

zmg its a new version of the smurf!
http://en.wikipedia.org/wiki/Smurf_attack

Samsung Exynos kernel exploit offer Root without Flashing

A user over at the XDA Developers Forum has gone searching through Samsung Exynos kernels and has found one whopper of an exploit. There’s both good and bad news with this exploit so head down below for more details on this new found glory. This exploits affects a number of Samsung-made devices, along with potentially any device using an Exynos 4412 or 4210 processor and Samsung kernels.

The vulnerability was described on Saturday by the user "alephzain" on XDA Developers, a forum for mobile developers.

This Vulnerability could give remotely downloaded apps the ability to read user data, brick phones, or perform other malicious activities. This functionality can be exploited by some malicious apps to gain root access to the device, wipe/steal sensitive data, install malicious codes, and could also be used to potentially brick the phone.

According to xda-developers user supercurio, Samsung has been made aware of the security hole, but the company has not publicly acknowledged the issue.

In fact, Chainfire has created an APK file that uses dubbed ExynosAbuse, to gain root privileges and install the latest release of SuperSU on any Exynos4-based device.



ExynosAbuse to root a number of devices including:
- Samsung Galaxy S2 GT-I9100
- Samsung Galaxy S3 GT-I9300
- Samsung Galaxy S3 LTE GT-I9305
- Samsung Galaxy Note GT-N7000
- Samsung Galaxy Note 2 GT-N7100
- Verizon Galaxy Note 2 SCH-I605 (locked bootloaders)
- Samsung Galaxy Note 10.1 GT-N8000
- Samsung Galaxy Note 10.1 GT-N8010

While the ability to root your phone without a lot of work is pretty great, keep in mind that this is still a very dangerous exploit and that you should be vigilant when it comes to which apps you’re downloading.