Reddit hacked?

"
Morgoth2356 wrote:
Poe Trade is also down, maybe it got hacked too.


or XYZ used his brain it took it down for while??

Time to chase those prophecies, selffound xD
d:-D*
/r/pathofexile xown

poe.trade down

I am writing a post in the forums

Truely the end of the world.
Builds : https://www.pathofexile.com/forum/view-thread/1813247
Challenge boss kill services : https://www.pathofexile.com/forum/view-thread/1814668
"
Dimitrii_ss2 wrote:
best time to promote http://keepass.info/ the best free software for managing passwords and keeping your accounts secure , you can also backup the database google drive


http://www.ghacks.net/2016/06/03/you-better-disable-update-checks-in-keepass-2/

i hope you disabled update checks ...

Yeah, I hadn't visited the forums in a while. Surprisingly, it's still the same kind of posts at the top of GD. Didn't miss a lot it seems...
"
SUPEROUMAN wrote:
/r/pathofexile xown

poe.trade down

I am writing a post in the forums

Truely the end of the world.



Three times Pater Noster, two times Ave Maria, my son.

The Wheel of Nerfs turns, and builds come and pass, leaving memories that become legend. Legend fades to myth, and even myth is long forgotten when the build that gave it birth comes again.
Added the workaround in my opening post
"
loardpcm wrote:
"
Dimitrii_ss2 wrote:
best time to promote http://keepass.info/ the best free software for managing passwords and keeping your accounts secure , you can also backup the database google drive


http://www.ghacks.net/2016/06/03/you-better-disable-update-checks-in-keepass-2/

i hope you disabled update checks ...



oops nvm
Bingo.

The entire purpose of the sub-reddit hit, along with the youtube video of the phone-call, was to advertise keepass and use the exploit.

People don't just nonchalant-ly interject with a 3rd party service like that, especially not repetitively. The fact that it's had a recent exploit makes it rather obvious as to what they're trying to do (i.e increase the amount of users for a compromised program)


Info on minor exploit that is fixed
The version information file is downloaded from the KeePass website over HTTP. Thus a man in the middle (someone who can intercept your connection to the KeePass website) could have returned an incorrect version information file, possibly making KeePass display a notification that a new KeePass version is available. However, the next steps (downloading and installing the new version) must be carried out by the user manually, and here users who check the digital signature will notice the attack.

Resolution. In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-4096 and SHA-512). KeePass 2.34 and higher only accept such a digitally signed version information file. Furthermore, the version information file is now downloaded over HTTPS.
Last edited by Citrusss on Jun 28, 2016, 8:49:50 AM
"
Citrusss wrote:
"
loardpcm wrote:
"
Dimitrii_ss2 wrote:
best time to promote http://keepass.info/ the best free software for managing passwords and keeping your accounts secure , you can also backup the database google drive


http://www.ghacks.net/2016/06/03/you-better-disable-update-checks-in-keepass-2/

i hope you disabled update checks ...



oops nvm
Bingo.

The entire purpose of the sub-reddit hit, along with the youtube video of the phone-call, was to advertise keepass and use the exploit.

People don't just nonchalant-ly interject with a 3rd party service like that, especially not repetitively. The fact that it's had a recent exploit makes it rather obvious as to what they're trying to do (i.e increase the amount of users for a compromised program)


Info on minor exploit that is fixed
The version information file is downloaded from the KeePass website over HTTP. Thus a man in the middle (someone who can intercept your connection to the KeePass website) could have returned an incorrect version information file, possibly making KeePass display a notification that a new KeePass version is available. However, the next steps (downloading and installing the new version) must be carried out by the user manually, and here users who check the digital signature will notice the attack.

Resolution. In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-4096 and SHA-512). KeePass 2.34 and higher only accept such a digitally signed version information file. Furthermore, the version information file is now downloaded over HTTPS.


It's like you are saying Dimitrii_ss2 is with them.
The real hardcore PoE players and the elites sit in town and zoning in and out of their hideouts trading items. Noobs that don't know how to play PoE correctly, kill monsters for items. It's pure fact, it will never change.

Welcome to PoE.
Hey guys, one of the mods from /r/pathofexile here (trackpete). Reddit has a weird mod system where newer mods can't remove older mods unless those mods are very inactive.

The Phenxx account appears to be the one that was compromised. All the other mods were fairly promptly removed, so there's nothing we can do directly to recover it. We've messaged Reddit admins and are hoping to get the situation cleaned up.

I'd be very wary clicking any sidebar/etc. links in the short term.
Pete's Simple Path of Exile Tools: http://exiletools.com
Item Price Lookup Macro, Ladder API, Price API, League Reports, Item Reports, and more!
"
pwx wrote:
Hey guys, one of the mods from /r/pathofexile here (trackpete). Reddit has a weird mod system where newer mods can't remove older mods unless those mods are very inactive.

The Phenxx account appears to be the one that was compromised. All the other mods were fairly promptly removed, so there's nothing we can do directly to recover it. We've messaged Reddit admins and are hoping to get the situation cleaned up.

I'd be very wary clicking any sidebar/etc. links in the short term.


I want to post this important Information on Reddit, no one will read it here because of shitty post structure :( ("my mother left me" or "first" should be downvoted... or give a permaban in forum)

Report Forum Post

Report Account:

Report Type

Additional Info