If you have an account at webhostingtalk...

Status
Not open for further replies.
subigo

subigo

New member
Oct 20, 2007
3,993
104
0
46
TACOS $1.00!
zensix.com
You better make sure you don't use the same password on any other websites. Oh, and cancel any credit card you might have used with them or their partner sites...

In case you've been wondering why you've had an increase in SPAM lately:

See here.

I know for a fact that all of my information is currently being passed around bit torrent, etc...
 


Being a member there since early 2002 I have seen allot things go down there but this by far has been the worse hit yet. This guy really went to town on WHT!
 
Dang it... a lot of copies floating around still... I was able to find one in 10 seconds. Looks like the Hashes in the file have an extra string included in the hash so dehashing them will have to be done brute force rather than dictionary thankfully...

Still very annoying...
 
volknet said:
Dang it... a lot of copies floating around still... I was able to find one in 10 seconds. Looks like the Hashes in the file have an extra string included in the hash so dehashing them will have to be done brute force rather than dictionary thankfully...

Still very annoying...
Click to expand...

Is it a salted md5? If so they can still do a dictionary attack, the software to do it with salted hashes costs like $20, but of course they can find it for free.
 
I don't understand how they could use a dictionary attack with any effectiveness since it's a salted hash (specially if they didn't leave the salt default) but good to know there is such a thing. (Not that I plan on decoding any of it...)
 
volknet said:
I don't understand how they could use a dictionary attack with any effectiveness since it's a salted hash (specially if they didn't leave the salt default) but good to know there is such a thing. (Not that I plan on decoding any of it...)
Click to expand...

PasswordsPro

If you have a graphics card with CUDA, they have software that can do 100 - 165 million attempts per second on a salted md5 and 270 million per second on a non salted md5:

Extreme GPU Bruteforcer
 
Man, if only these bitches would put half the energy into AM that they do with this hacking bull shit, they'd own a couple small islands.
 
The point of a salt is that your keyspace expands almost infinitely.

However if you have one credit card decoded then you can of course get the salt brute force and then get the rest.
 
So, reading the thread over there today (I didn't download the CC table since I'm not affected) they were storing CCs in plain text, with CVV2 values. Both things are illegal.
 
keliix06 said:
So, reading the thread over there today (I didn't download the CC table since I'm not affected) they were storing CCs in plain text, with CVV2 values. Both things are illegal.
Click to expand...

LOL yea, WHT clearly wasn't PCI complaint, that could cost them. (even more)
 
I had a premium account a while ago (probably listed in that database, though I swear I paid by paypal?), but if my credit card data is in the file, it's for a long expired PayPal debit card where the new cards were never re-activated.
 
Status
Not open for further replies.
Top Bottom