Hack…or Cover Up

11 03 2011

A few minutes ago someone pasted a link on a group to Merlin Swordthain saying that someone had hacked his account on the isellsl forum. As I was browsing the forum the whole site died.

It may be that someone took zFire up on his challenge to beat his security. I hope not really. But if they did, we could see quite an extended outage!

Move along now…there is nothing more to see.

Oh, but another theory: Merlin may have been watching for the posting of that URL. This may have been an attempt to bow out graciously – take the server down when people will think it is hacking… blame the griefers and walk away.

Either way – RedZone could be gone.

EDIT 3:12 SLT – This is a confirmed crack on the database.

ZFire had posted this earlier:

Originally Posted by zFire Xue
Let me be very clear when I say:
zFire did not “underestimate the tech savvy community of Secondlife if he thinks they will not [insert illegal hack attack here]…”

My server remains online, DDOS, URL probing, port scans, and seriously did you just try to “NUKE” me on port 139 Mr Germany?
They offer technical resumes, and warnings of everything they feel I did wrong.
My server is still online, even with low tech abuse reports to my ISP, DDOS of 860 million a second (Impressive but pointless), and whatever else.
This therefore means that my server is the most secure server and database in all of Secondlife.
That is a challenge.
Many people have already made battle cries, suggested methods, or claimed not to support methods of hacking.
Bring it on.

I am the guy that logs your shoe size right? Do you think any server software exists that does NOT log the IP, date and time of an attempted cybercrime? Wow this will be fun.

“My computer is bigger than your computer”
Cyber criminals need banning, so please feed attempts to isellsl.ath.cx

His site was actually an exercise in how not to do security, but I am annoyed that this crack was so unsubtle. That’s what happens when you challenge the whole Internet to come hack your server.

About these ads

Actions

Information

33 responses

11 03 2011
Katrina

Seeing as posted on the Jira was him saying he still reveals names? I think it may be some urgent cover up.

11 03 2011
no2redzone

It looks like a hack to me.

Sadly a rather unsubtle one.

zFire’s database was about as wide open as it could get but taking out his computer is just wrong. It make criminals of the good guys. zFire was going down – there was no need to do this.

Sadly I now predict zFire will play the victim with the authorities rather than have them talking to him about possible felonies he had committed.

On the plus side – RedZone is gone.

11 03 2011
Katrina

Either way, it is a blow about the people who think he can do no wrong with security, but then in his mind, People who do not like Redzone can do stuff like hack youtube.

11 03 2011
no2redzone

Update: The site came back briefly but with SQL errors. Looks like the crackers took out the content, and maybe zFire is now trying to fix it. He has a backup.

11 03 2011
no2redzone

And Katrina, yes: anyone who thinks zFire understands security is just the person I want: please come talk to me as I have a job lot of bridges going at a good price.

12 03 2011
Zaza

He seem to take his forum down… I wish people rape him badly in next few days…
Fucking egocentric bastard…

12 03 2011
Monkies

hey no2redzone, how do i privately contact you to send you info?

12 03 2011
no2redzone

As I prefer to stay anonymous, that is not easy :)

You may wish to share with Theia Magic instead – she will be discrete. But please be very careful. If you know about the crack, that could be reported as a computer crime and it would be unfair to pass that information to anyone who would then have a moral dilemma as to whether they had a duty to report it.

If it is general information about security and related issues – go right ahead.

13 03 2011
Monkies

all shall be revealed soon ;)

12 03 2011
Azure Twine

Those of us who know computer security have known about his vulnerabilities for months.

zfire is lucky really that so many of us have ethics and morals. I have faith in the proper authorities and the proper channels to get things done, Sure you can take out a database but databases usually have backups and you become a criminal and little more than a speedbump. That solves nothing and in many cases only makes the arrogant feel more righteous.

Yes virginia, there are ethical hackers :)

12 03 2011
Theia Magic

Hi Monkies,

as no2redzone said, I can get a message to them, just please don’t involve me in anything illegal :)

12 03 2011
Cathiee McMillan

Ok so has anyone actually looked at Redzones Statistics his claim about
catching copybots.
People Scanned: 9908991

Copybots found: 2393
Unique CB (CopyBot) users.
Copybot Average: 0.024%
Unique CBs vs Non-Unique Total Scans.
Total blocked CB visits: 7017
Average CB revisit attempts: 2.93
CBs with payment info: 25%
Last Refreshed: Mar 11 6:32:22 AM SL Time

UNIQUE COPYBOTs .024%
Zfires whole defense is that copyboters will be able to run around in SL and copybot stuff with out his product but the numbers on his own website do not match his claims.
Just silly people are wasting money on this device that is seriously flawed.

12 03 2011
no2redzone

The stats are a lie. I have had reliable information given to me that the number of people IP scanned by RedZone is 600,000. Still a lot of course, but nowhere near the fantastical 10 million claimed.

I am not really convinced RedZone caught any copybotters at all as zFire manually adds these. Many of the alleged copybotters are in fact just people zFire does not like. Anyone who knows Forceme Silverspar will know she is one of the most honourable people you could meet on SL – but zFire added her as a copybotter so that she would be autobanned on sims everywhere.

12 03 2011
Potosi Abonwood

I would bet money that the total unique scan total is by each individual RZ unit. In other words if I went to five different locations running RZ and got scanned at each it would count as five unique scans. That’s about the only way that number could be anywhere near that high.

Well that or it counts each IP it’s scanned as a unique user. Those with rapidly changing dynamic IPs would really crank that number up.

12 03 2011
Azure Twine

Wait this post makes no sense, who is Merlin?
And I can tell you that this was not any kind of coordinated effort on the part of greenzone users.

So someone hacked his computer?

12 03 2011
no2redzone

Azure, no one with a brain will suggest this was Greenzone Users. Merlin is Merlin Swordthain on the isell forums. He always posts in capitals so I don’t really read anything he says usually.

This hack was seriously wrongheaded. It has alerted zFire to his SQL injection hole that scores of people have known about for many months. The attack itself was illegal and allows zFire a chance to grab the moral highground. Worst, they did half a job. A bunch of disruption – I don’t know how long for as I went to bed after my last post here, but by this morning it looks like it is all back again, and with the holes plugged.

I guess zFire had a busy day.

12 03 2011
Azure Twine

Yeah well us “greenies” have been accused of everything evil except global warmaing and if the geniuses at sluniverse could figure out how to tie it in, we would be blamed for that too! Someone on the phoenix team actually beat me up over not “discussing” the media patch on the Paisley Beebe. I mentioned it, and as I see it is still not avaioable in phoenix so had I “discussed” it they would either

A) still be being bombarded with, when is it coming
B) lost some credibility for not having delivered yet

Either way, I am shocked and appalled at the way they villify “greenies”.

12 03 2011
Monkies

his computer is bigger than “your/our” computers? What does he have vacuum tubes?

12 03 2011
no2redzone

Nice one :)

12 03 2011
Azure Twine

He has an uber cool cray system,in his basement.

Cue doctor evil music with his computer talking to him with the those tape reels spinning and him stroking a white cat.

12 03 2011
Security Thru Hackscurity

we hacked becuse zfire xue challenge hacker to hack. he so script child that it take second. site down. site back. second to access again. site go down come back. again. again. again access until he close hole which place everyone data in secondlife at risk. oh the thing we see lar. admin page with manual copybot name enter and list of added user. not detect by rz! manual! hundred user manual entered! user vasilisa shilova manual enter many name too! database dump say video true. he log wrong entered password. everyone owner redzone need change SL password! how we send database to linden with anonity? we still work on this. we not use or release database. we attach example admin log screen as access prove. we only hack becuse he ask. if he deny hack we post more criminate screen until doubt gone.

12 03 2011
Anastasia Howlett

If you need any assistans – contact me inworld

12 03 2011
Theia Magic

I have no doubt he was hacked yesterday, as I saw the errors that came up and even an odd redirect at one point. You do realize he’s never going to admit it though, right? I’ve said all along, it’s his brazen arrogance that will be his ultimate demise.

12 03 2011
Prokofy Neva

“how we send database to linden with anonity? we still work on this”

that’s easy

encrypt a rar file and mail it or mail a link to an anonymous file dropbox http://www.filehosthome.com/anonymous-file-hosting.php

next send an IM with the rar password

12 03 2011
Cathiee McMillan

I have a Question, That i think Zfire should answer, but i doubt he would i just don’t want to post it on his forums.
His stance is on catching “copy-bots” He seems to claim this that Lindens is failing to do this. I would love for him to prove to us that he has never once downloaded an mp3, mp4, book, Image, illegally. if he has ever bbtained any of this stuff with out real purchasing then his moral high ground is seriously in question. You can’t claim defending 1 form of media while ripping off another. Copy-boting and all happens, Same as file sharing systems or doing a websearch. How many of his defenders have downloaded as well.
But i think in reality it is just an over priced security system that uses a webhost to share bans between sims. I mean I don’t understand how it works on his website. But in theory a sim owner could share their ban list with other sim owners and make a global ban list. I mean in his idea if your a griefer your a griefer for all. Its a system that can be abused beyond the whole silly ip address tracking. I have been victim of a sim Mercury Roleplay (BSG21) that posted my IP address on their forums and a “google” map location. They knew the town i lived in. But they fail to understand IP address’s just like Zfire. for some one who thinks he is so tech savy or even knows their ISP would know IP address matching is a fail unless you have a court order. Most places for home users have a private IP that their modem gets and goes out to a router in your broad neighborhood. where you all will appear to have the same ip address the companies do this cause its cheaper and that it provides privacy to their customers.
Zfire you read hear i would love to see your answer to this.

12 03 2011
Hastur

Anyone else notice that RedZone is once again listed on the Marketplace?

12 03 2011
Azure Twine

Yeah, not sure for how long. Maybe he is trying to make the last quick sales. In my opinion he should have cut his losses but he is too arrogant for that

12 03 2011
Potosi Abonwood

http://alphavilleherald.com/2011/03/zf-redzone-security-breached-sl-passwords-compromised.html

This is a big holy shit moment. Apparently the hackers tooks some screenshots of what they found and sent them to the herald. Showing proof backing up the youtube video and one even shoes information from the zF animator being logged. Not to mention an easy entry spot for manually adding copybotters to the database.

12 03 2011
Huntress Unya

NOW Linden _must_ act…

I dare to say this heralds the end of Redzone…

@No2Redzone – what now? Redefine as “Yes2Privacy”? ;-)

12 03 2011
Azure Twine

We are seeing the Emerald scandal play out again. This is waaaay worse.
You have people who defend it saying, meh it isn;t as bad as you think….drama queens.

Then as more information is revealed, and information is a river running out of control and cannot be stopped, some people start saying “hey wait”. The more info, the less people can deny until it finally comes to a head and someone is getting thrown under the bus.

In the case of Redzone, there is only one person, Emerald had their sacrificial lambs already prepared. Luckily for emerald the lambs went peacefull. I don’t picture zfire going peacefully.

12 03 2011
Anastasia Howlett

Can’t wait to see his forum up again to see his explanations of this …..

12 03 2011
Zaza

Meh, he will say that he took it down himself to update security or some other bullshit like that as he usually do… if he doesnt, he might just post that database is destroyed/leaked in wild and that its not his fault…Either way his retarded bandwagon will clap him for taking it all on his back…

13 03 2011
Privacy War in SL *updated 3/13* « Acoustic Alchemy in Second Life

[...] – Hack or Cover-Up, zFire Xue admits to hacking SL accounts, followup [...]




Follow

Get every new post delivered to your Inbox.

%d bloggers like this: