Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 01-30-2016, 02:28 AM   #1
webcamnews
Registered User
 
webcamnews's Avatar
 
Industry Role:
Join Date: Apr 2015
Posts: 92
Was CrakRevenue Hacked?

I got this email today:
Our system has detected that your current CrakRevenue password is rather long.
.......

We contact you today, respectfully and kindly, asking you for your cooperation on this. Please kindly change your password when you have a free moment to ensure no future issues!

=========
Now, why should i change my pass since is long enough? Was CrakRevenue database compromised?
__________________
webcam.news [@] gmail . com

Follow WEBCAMNEWS On Twitter

www.webcamnews.com - Latest XXX News
webcamnews is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 03:07 AM   #2
MFCT
Confirmed User
 
Industry Role:
Join Date: Jan 2015
Posts: 1,489
I don't think they've been hacked. My understanding is they're migrating to new software or a new system. And the password length limit for this new system is 16 characters. If your password is longer than that (mine was), you'll have to change it to a 16-character one in order for them to transfer your record. Nothing to worry about.
__________________
Keeping you abreast of the teens that get undressed.
Girls By Location - Couples By Location - Guys By Location - Trans By Location
MFCT is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 03:16 AM   #3
EddyTheDog
Just Doing My Own Thing
 
EddyTheDog's Avatar
 
Industry Role:
Join Date: Jan 2011
Location: London, Spain, New Zealand, GFY - Not Croydon...
Posts: 24,820
Quote:
We contact you today, respectfully and kindly, asking...
I hate it when people put that sort of thing in correspondence - So creepy...

In fact it's a really bad email.....
EddyTheDog is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 05:18 AM   #4
ravo
Confirmed User
 
ravo's Avatar
 
Industry Role:
Join Date: Jun 2001
Location: Skype: ravo.fpctraffic
Posts: 5,427
Sounds like a phishing attempt, from someone in Nigeria or Indonesia.
__________________
AdultAdBroker - Buy and Sell Your Flat Rate Banners, Links, Tabs, Pops, Email Clicks and Members' Area Traffic - updated May 2024
ravo is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 05:58 AM   #5
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Quote:
Originally Posted by MFCT View Post
I don't think they've been hacked. My understanding is they're migrating to new software or a new system. And the password length limit for this new system is 16 characters. If your password is longer than that (mine was), you'll have to change it to a 16-character one in order for them to transfer your record. Nothing to worry about.
You do realise that the system can't know how long your password is right? The hashing algorithms used dont store the lenght of the password, although they do have limitations of the maximum lenght that it can store. So, whatever the hashing algorithm they used, the length of the hash is THE SAME for a password of 1 char and 100 char.
So in essence, your assumption is stupid.
The OP assumption has more merit.
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 06:46 AM   #6
ottopottomouse
She is ugly, bad luck.
 
ottopottomouse's Avatar
 
Industry Role:
Join Date: Jan 2010
Posts: 13,177
Quote:
We contact you today, respectfully and kindly, asking...
Anything beginning like that I would be expecting to come from Mr Blessing Mkimbo off of Nigeria.
__________________
↑ see post ↑
13101
ottopottomouse is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 06:46 AM   #7
kkkkkk
svp get banned svp
 
Industry Role:
Join Date: Dec 2005
Posts: 1,628
ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ
kkkkkk is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 07:52 AM   #8
adultmobile
No, I am not banned
 
adultmobile's Avatar
 
Industry Role:
Join Date: Nov 2003
Location: ChatGF.com
Posts: 5,345
Anyone checked if the link is nigerian phishing or or crackrev legit?
__________________

TubeCamGirl.com
adultmobile is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 07:56 AM   #9
ITraffic
Confirmed User
 
Industry Role:
Join Date: Jul 2013
Posts: 2,726
Maybe they hired Mr Konta Tama MANAGER AUDIT AND ACCOUNTANCY DEPARTMENT to run their tech support?
ITraffic is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 11:42 AM   #10
freecartoonporn
Confirmed User
 
freecartoonporn's Avatar
 
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
Quote:
Originally Posted by ladida View Post
You do realise that the system can't know how long your password is right? The hashing algorithms used dont store the lenght of the password, although they do have limitations of the maximum lenght that it can store. So, whatever the hashing algorithm they used, the length of the hash is THE SAME for a password of 1 char and 100 char.
So in essence, your assumption is stupid.
The OP assumption has more merit.
this
freecartoonporn is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 12:30 PM   #11
olivierx
Confirmed User
 
Industry Role:
Join Date: Jan 2012
Posts: 122
If they know lenght of your password then their database is not crypted..... i hope your password with them is unique in case someone get their hand on database would see your password with decoding anything..
olivierx is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 12:39 PM   #12
CurrentlySober
Too lazy to wipe my ass
 
CurrentlySober's Avatar
 
Industry Role:
Join Date: Aug 2002
Location: A Public Bathroom
Posts: 38,205
i lik short passwords
__________________


👁️ 👍️ 💩
CurrentlySober is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 01:59 PM   #13
CPA-Rush
small trip to underworld
 
Industry Role:
Join Date: Mar 2012
Location: first gen intel 80386/nintendo-gb/arcade/ps1/internet person
Posts: 4,927
lol hopefully .
__________________

automatic exchange - paxum , bitcoin,pm, payza

. daizzzy signbucks caution will black-hat black-hat your traffic

ignored forever :zuzana designs
CPA-Rush is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 02:18 PM   #14
CaptainHowdy
Too lazy to set a custom title
 
CaptainHowdy's Avatar
 
Industry Role:
Join Date: Dec 2004
Location: Happy in the dark.
Posts: 92,207
Quote:
Originally Posted by CPA-Rush View Post
hopefully .
__________________
Enroll in the SWAG Affiliate Asian Live Cam Program and get 9 free quality link-backs!
Get those links up ASAP! --> TJEEZERS.Cam. Setup in 48 Hours max.
CaptainHowdy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 11:45 PM   #15
Crak_Eric
Confirmed User
 
Crak_Eric's Avatar
 
Industry Role:
Join Date: Feb 2014
Location: Finesse King
Posts: 712
Quote:
Originally Posted by webcamnews View Post
I got this email today:
Our system has detected that your current CrakRevenue password is rather long.
.......

Now, why should i change my pass since is long enough? Was CrakRevenue database compromised?
Hi guys,

No, we weren't hacked, and we're sorry if there was any confusion relating to this e-mail.

We feared some might think 'phishing' so we did make it a point to say we didn't want you to respond with your password, that we weren't asking your password, and we even gave official instructions on how to make the change via CrakRevenue's official website rather than doing it through a link, for those exact reasons.

----------------------------------------------------------------------------------------
Here's the e-mail you received (in original, full context)
----------------------------------------------------------------------------------------

Well, this is embarrassing.

Our system has detected that your current CrakRevenue password is rather long.

We are working on modifying some technical things behind CrakRevenue, mainly on how we store data. And the thing is, your current CrakRevenue passwords exceeds the new allowed password char limit.

We contact you today, respectfully and kindly, asking you for your cooperation on this.
Please kindly change your password when you have a free moment to ensure no future issues!

New passwords must be between 4 - 16 characters max.

Please note, we are NOT asking you for your password.

Please do not respond with your password.

We ask that you head on over to your CrakRevenue Profile (crakrevenue.com/account) and change your password to something shorter. That’s all!

Thanks for your help on this!

----------------------------------------------------------------------------------------

But yep, if you have a longggg password — the "dude don't hack me bro" defcon level-1 kind — you received this e-mail. Passwords exceeding 16 chars will become problematic in a future update. Think of it this way: it's really no different than any other site dictating how long your password must be when you first sign up.

Anyway, sorry for the scare!
__________________
Crak_Eric is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 11:49 PM   #16
kkkkkk
svp get banned svp
 
Industry Role:
Join Date: Dec 2005
Posts: 1,628
ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ
kkkkkk is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-30-2016, 11:50 PM   #17
MFCT
Confirmed User
 
Industry Role:
Join Date: Jan 2015
Posts: 1,489
Quote:
Originally Posted by ladida View Post
You do realise that the system can't know how long your password is right? The hashing algorithms used dont store the lenght of the password, although they do have limitations of the maximum lenght that it can store. So, whatever the hashing algorithm they used, the length of the hash is THE SAME for a password of 1 char and 100 char.
So in essence, your assumption is stupid.
The OP assumption has more merit.
You were saying, bro?
__________________
Keeping you abreast of the teens that get undressed.
Girls By Location - Couples By Location - Guys By Location - Trans By Location
MFCT is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-31-2016, 12:18 AM   #18
plaster
So Fucking Banned
 
Industry Role:
Join Date: Apr 2015
Posts: 2,295
What a weird email.

Yo crak... you realize that in this thread you shouldn't know the length of password unless you store them insecure. . Right?
plaster is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-31-2016, 02:59 AM   #19
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Quote:
Originally Posted by MFCT View Post
You were saying, bro?
I was saying what is true and still is.
There is no way for them to know the length of your password in a hashed form. The explanation also makes no sense because the hashing algorithm will just truncate the rest of the chars, if for example it has an input limit (which im not sure which one does other then the old 3DES from the htpasswd days) it just truncates the rest.

For example, if you try to hash a password "12345678901234567890" but it has a limit of 16 input chars, it will hash only first 16 and you can log in with "1234567890123456gjflsagjfksalfjdsaklfjdsaklfjdsak lfsa" if you want, because it will only check for the first 16 chars.

Regarding the email, only other thing that could prompt this is if their input form on website now has a limit of max 16 chars, but it was not like that before. So they have your password hashed with >16 chars, and if you tried to login with the >16 chars password now, the input form would truncate it and send it truncated to the database, which obviously would produce a different hash now then the one stored already in the database and you would not be able to log in.
So yea, they can't know the length of your pass when its hashed.

Ofc, this is if they are hashing them and not storing plaintext
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-31-2016, 03:13 AM   #20
LizardKing
Confirmed User
 
LizardKing's Avatar
 
Industry Role:
Join Date: Jul 2014
Location: Austria
Posts: 521
Quote:
Originally Posted by CurrentlySober View Post
i lik short passwords
"penis" - hope its not too short!
__________________
Get your site reviewed and listed at Porn Sites XXX
LizardKing is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-31-2016, 03:39 AM   #21
j3rkules
VIP
 
j3rkules's Avatar
 
Industry Role:
Join Date: Jul 2013
Posts: 22,105
Thanks god it is not the Nigerian Prince.
j3rkules is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-31-2016, 08:03 AM   #22
adultmobile
No, I am not banned
 
adultmobile's Avatar
 
Industry Role:
Join Date: Nov 2003
Location: ChatGF.com
Posts: 5,345
Quote:
Originally Posted by jerkules View Post
Thanks god it is not the Nigerian Prince.

__________________

TubeCamGirl.com
adultmobile is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-31-2016, 08:41 AM   #23
webcamnews
Registered User
 
webcamnews's Avatar
 
Industry Role:
Join Date: Apr 2015
Posts: 92
Crak_Eric i know the original, full context email i got few days ago. I was asking something else in this thread:was database compromised? And now there is a new question: are passwords stored insecure? I mean do you really know the length of my pass? Is it true that if you know the length of my pass, the password is not encrypted in your system?
[later edit] P.S.: Nevermind....
__________________
webcam.news [@] gmail . com

Follow WEBCAMNEWS On Twitter

www.webcamnews.com - Latest XXX News
webcamnews is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 01-31-2016, 09:19 AM   #24
JamesDrews
Affiliate
 
JamesDrews's Avatar
 
Industry Role:
Join Date: May 2013
Location: Amsterdam
Posts: 370
Quote:
Originally Posted by MFCT View Post
I don't think they've been hacked. My understanding is they're migrating to new software or a new system. And the password length limit for this new system is 16 characters. If your password is longer than that (mine was), you'll have to change it to a 16-character one in order for them to transfer your record. Nothing to worry about.
Yep they will switch to a new dashboard system! I heard this from my AM.
JamesDrews is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-01-2016, 12:57 AM   #25
freecartoonporn
Confirmed User
 
freecartoonporn's Avatar
 
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
Quote:
Originally Posted by ladida View Post
I was saying what is true and still is.
There is no way for them to know the length of your password in a hashed form. The explanation also makes no sense because the hashing algorithm will just truncate the rest of the chars, if for example it has an input limit (which im not sure which one does other then the old 3DES from the htpasswd days) it just truncates the rest.

For example, if you try to hash a password "12345678901234567890" but it has a limit of 16 input chars, it will hash only first 16 and you can log in with "1234567890123456gjflsagjfksalfjdsaklfjdsaklfjdsak lfsa" if you want, because it will only check for the first 16 chars.

Regarding the email, only other thing that could prompt this is if their input form on website now has a limit of max 16 chars, but it was not like that before. So they have your password hashed with >16 chars, and if you tried to login with the >16 chars password now, the input form would truncate it and send it truncated to the database, which obviously would produce a different hash now then the one stored already in the database and you would not be able to log in.
So yea, they can't know the length of your pass when its hashed.

Ofc, this is if they are hashing them and not storing plaintext
this

majority are using md5 encryption with/without salt these days so imho theres not much issue about password length here, as the md5 encrption can take any amounts of characters as input and throws 32 char long string.
freecartoonporn is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-01-2016, 09:47 AM   #26
NoWhErE
Confirmed User
 
NoWhErE's Avatar
 
Industry Role:
Join Date: Sep 2005
Location: Canada
Posts: 9,777
Hi guys!

As some of you already know, we're currently migrating to a new a platform. The message you received was indeed from us and NOT a hack.

No security has been compromised. We are working on making our old system compatible with the new one and one of the steps is to migrate user credentials into a new setup that has a character limit on the password length.

We have a special decryption algorithm + salt that is transferring all of the information and flagging accounts that have passwords over the new limit.

At no time has your password been compromised or vulnerable.

We're sorry if this scared any of you. The emails went out quicker than expected and our comm team didn't have the time to warn you guys about the upcoming changes.

Remained assured that everything is still koscher.

Cheers!
__________________
skype: lordofthecameltoe
NoWhErE is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-01-2016, 04:02 PM   #27
ruff
I have a plan
 
ruff's Avatar
 
Industry Role:
Join Date: Aug 2004
Location: Seattle - Miami - St Kitts
Posts: 5,452
A whole lot of drama for exactly what now? This is the kind of crap you get when you have so many surfers in a webmaster forum.
__________________
CryptoFeeds
ruff is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-01-2016, 04:30 PM   #28
LetterTwenty7
Writer
 
LetterTwenty7's Avatar
 
Industry Role:
Join Date: Feb 2015
Location: EU
Posts: 1,768
So... Your password is?
__________________
Trusted by the best porn sites in the world
Get in touch with the most experienced writers here.
[email protected] | Skype: lettertwenty7 | Telegram: https://t.me/LT7_Digital
LetterTwenty7 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-01-2016, 04:31 PM   #29
Relic
So Fucking Banned
 
Join Date: Aug 2002
Posts: 10,300
Relic is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-01-2016, 08:05 PM   #30
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Quote:
Originally Posted by NoWhErE View Post
We have a special decryption algorithm + salt that is transferring all of the information and flagging accounts that have passwords over the new limit.
Ok, now this is total bullshit
There's no "special decryption algorithms" and the +salt thing also means nothing. You are now just digging whatever you write even more

Let me explain you one more thing
Hash = something that can't be decrypted. There is no "special algorithm" on that because it's just that, a hash. It can't be reversed. What it can be done is duplicated. Which would mean that you "duplicated" and hashed words of 16+ password lenght, which is so farfetched its insane to even think about. List of Rainbow Tables shows you the size of a rainbow table that has 1 to 10 char lengths. Im pretty sure you dont have the disk space to store rainbow table for passwords with 16+ chars.
Furthermore, if you were to try to "crack" the hash of a password for a 16+ chars, im also sure you would never ever hit it.

Your remark of "+ salt" also makes no sense. Would have been better if you didnt say anything.
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-01-2016, 08:18 PM   #31
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Here's md5 of a password with 21 chars
2061bf778a5cb9d7f72c55b09c46ba87

It's not even salted. Should be no problem no? You can do it fast since you probably have thousands of members when you were able to evaluate how big everyone's password is
From your answer i see you dont even understand what a salt is, or what is it's purpose.
Salt is used to make the redundancy on hashes even bigger. For example. "A" will always give a hash of 7fc56270e7a70fa81a5935b72eacbe29, so someone somewhere might have stored that same hash and saved it as "A", and someone might be able to reverse it by finding it, let's say, on google, or running it through hash breaking algorithms. Salt is invented so that each vendor/software platform could make up their own "salt" that could produce a different hash for "A", so that without knowing the salt, you can't replicate the hashing algorithm.
But still, password hashed with or without salt, you CANT KNOW ITS LENGTH.

so you were storing them plaintext?
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-01-2016, 08:26 PM   #32
plaster
So Fucking Banned
 
Industry Role:
Join Date: Apr 2015
Posts: 2,295
A good excuse would be to say that on initial choosing of password the system stored the number of digits chosen.

Does it really matter though? This isn't your bank... it's an affiliate program. Crak should just say "sorry"... new system won't store passwords going forward.
plaster is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-01-2016, 08:31 PM   #33
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
I don't care since i did nothing with them, it's just funny how from a simple question they dug themselves with this. The more they write, the more you see something's just not right there.

However, if you think there's no problem with someone knowing your affiliate password, you'd be dead wrong. Maybe not if you're 0 hit affiliate. But someone doing xxx$ weekly would definitely care. From knowing your traffic sources, from possible email intrusion, to switching payment methods.
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-01-2016, 08:32 PM   #34
Relic
So Fucking Banned
 
Join Date: Aug 2002
Posts: 10,300
run the sky is falling
Relic is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2016, 12:44 AM   #35
Google Expert
Webmaster
 
Google Expert's Avatar
 
Industry Role:
Join Date: Jun 2004
Posts: 14,295
Quote:
Originally Posted by Crak_Eric View Post
Hi guys,

No, we weren't hacked, and we're sorry if there was any confusion relating to this e-mail.

We feared some might think 'phishing' so we did make it a point to say we didn't want you to respond with your password, that we weren't asking your password, and we even gave official instructions on how to make the change via CrakRevenue's official website rather than doing it through a link, for those exact reasons.

----------------------------------------------------------------------------------------
Here's the e-mail you received (in original, full context)
----------------------------------------------------------------------------------------

Well, this is embarrassing.

Our system has detected that your current CrakRevenue password is rather long.

We are working on modifying some technical things behind CrakRevenue, mainly on how we store data. And the thing is, your current CrakRevenue passwords exceeds the new allowed password char limit.

We contact you today, respectfully and kindly, asking you for your cooperation on this.
Please kindly change your password when you have a free moment to ensure no future issues!

New passwords must be between 4 - 16 characters max.

Please note, we are NOT asking you for your password.

Please do not respond with your password.

We ask that you head on over to your CrakRevenue Profile (crakrevenue.com/account) and change your password to something shorter. Thatâ??s all!

Thanks for your help on this!

----------------------------------------------------------------------------------------

But yep, if you have a longggg password â?? the "dude don't hack me bro" defcon level-1 kind â?? you received this e-mail. Passwords exceeding 16 chars will become problematic in a future update. Think of it this way: it's really no different than any other site dictating how long your password must be when you first sign up.

Anyway, sorry for the scare!
Damage control mode: ON
Google Expert is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2016, 01:11 AM   #36
LizardKing
Confirmed User
 
LizardKing's Avatar
 
Industry Role:
Join Date: Jul 2014
Location: Austria
Posts: 521
Quote:
Originally Posted by Muad'Dib View Post
Our system has detected that
You just should not start harmless mails with this.
__________________
Get your site reviewed and listed at Porn Sites XXX
LizardKing is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-03-2016, 05:32 AM   #37
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Heh, they saw it's better to let it die.
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-03-2016, 07:28 AM   #38
olivierx
Confirmed User
 
Industry Role:
Join Date: Jan 2012
Posts: 122
md5 of 64 character password: 44b0786e70c3c1ce5c8edc4ca77f9819
md5 of 255 char password :e3491d81b6b929e6e45c042cbefc212b
md5 of 16 char password: a74298e4a259759687e3a5acb2e7ae12

Is crakrevenue storing unsecure password?
olivierx is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-03-2016, 08:02 AM   #39
potter
Confirmed User
 
Industry Role:
Join Date: Dec 2004
Location: Denver
Posts: 6,559
Quote:
Originally Posted by ruff View Post
A whole lot of drama for exactly what now? This is the kind of crap you get when you have so many surfers in a webmaster forum.
On the contrary actually.

Crack has stated that they know how long the passwords are (which means they either are storing passwords as plain text in their database, or they have a database schema with a huge security hole). Either way it means their form of password storage is compromised.

They've also now said they have a "de-cryption" method which is complete horse shit. If they're storing passwords with a hash method there's no way to de-crypt them. You can figure out what a password is from the hashed version - but it isn't de-cryption - it's a dedicated "guessing machine" that runs the billions of combinations through the hash function until it finds the match. That's not something they'd have the capacity for.
__________________

potter is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-03-2016, 09:38 AM   #40
Google Expert
Webmaster
 
Google Expert's Avatar
 
Industry Role:
Join Date: Jun 2004
Posts: 14,295
Quote:
Originally Posted by potter View Post
Either way it means their form of password storage is compromised.
This, tbh.

Programs DBs get hacked on a daily basis, no matter how big you are.

The question is what they did with it. Just dumped the email list, login infos or injected some custom written shells into the system for future use.
Google Expert is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2016, 03:00 AM   #41
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Crickets.
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2016, 06:12 PM   #42
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Bump for new age hash decryption+salt!
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2016, 06:51 PM   #43
patadeperro
Confirmed User
 
Industry Role:
Join Date: Feb 2013
Posts: 929
Another bump for the great phrase:"hash decryption+salt" hahahahahahah
__________________


email me at support (at) adultvideoblaster (dot) com
patadeperro is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-05-2016, 02:07 PM   #44
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Quote:
Originally Posted by NoWhErE View Post
We have a special decryption algorithm + salt
Hi. Can i buy your special hash decryption + salt algorithm? I'd resell to NSA if possible.
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-08-2016, 05:56 AM   #45
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Bump for perfect "hash decryption + salt" solution!
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-08-2016, 06:16 AM   #46
Penny24Seven
So Fucking What
 
Penny24Seven's Avatar
 
Industry Role:
Join Date: Jun 2007
Location: USA
Posts: 6,289
Quote:
Originally Posted by ladida View Post
Bump for perfect "hash decryption + salt" solution!
E=MC with a little 2 above the C
__________________
Our site is coming soon. It will be one of the best ever! I know so. Brian and Penny
Penny24Seven is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-08-2016, 08:13 AM   #47
tammix
Confirmed User
 
tammix's Avatar
 
Join Date: Apr 2006
Location: El-Kaliman Oasis, West Sahara
Posts: 2,164
hi eric do you have icq?
tammix is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-08-2016, 05:07 PM   #48
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Imagine this, they are no longer responding :P
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-10-2016, 11:24 AM   #49
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
You could make a fortune on this guys. Sell the hash decryption+salt thing!
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-11-2016, 07:04 AM   #50
Penny24Seven
So Fucking What
 
Penny24Seven's Avatar
 
Industry Role:
Join Date: Jun 2007
Location: USA
Posts: 6,289
So were they hacked? Still not sure
__________________
Our site is coming soon. It will be one of the best ever! I know so. Brian and Penny
Penny24Seven is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks

Tags
change, crakrevenue, kindly, password, hacked



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.