1 |
130 |
JOINED: |
Nov 2023 |
STATUS: |
OFFLINE
|
POINTS: |
582
|
REPUTATION: |
10
|
This reminds me of the approach to 21 DEC 2012. There were serious rituals held around the world, the most memorable (to me) those that were held at Chichen Itza and Tecal. Those were the days, when we could cackle among ourselves that OF COURSE the world was going to continue............. but............ almost everyone I knew tucked in a little bit, stocked up a little bit, bought a bit more ammo. Hell, no point in being caught short.
This isn't, of course, nearly as dire, but it feels much the same to me. Possible end of an era. Remember Nibiru? I I didn't believe in it, but loved tracking it.
Well, tip a glass when the time comes, whether ATS melts down or not. I think the fork has already been stuck in it, regardless of whether the site stays up. We know who the 'forker' is and how we became the 'forkees'. Very glad to have a comfortable place here to stretch out and feel warm. Sun shining every day at DI. Little rain now and then, just like [insert deity of choice] intended. Selah.
0 |
12 |
JOINED: |
Mar 2024 |
STATUS: |
OFFLINE
|
POINTS: |
74
|
REPUTATION: |
1
|
(04-28-2024, 06:48 PM)TSK Wrote: I'm inclined to agree. Last year it was renewed a week before expiration. I also agree that ATS is a sitting dick for any hacker or script kiddie to come through and wreck the place. The software ATS is based off of was abandoned and there hasn't been a security update for over 15 years. Maybe longer. That's a lot of time to search for exploits. In a thread during last October's disaster, there was a bit of revelation of the software running ATS. It was disclosed that the code running the site was written in-house as opposed to buying commercial software or use an open source package. The benefit of that is a hacker or script kiddie can't simply use known exploits (i.e., something like WordPress or bbs apps) to try and break in. Sure, there are many ways to attack a website without knowing how it's built but as long as ATS has been around, it hasn't been compromised too badly. In fact, do we know what happened in October? Was it a code bug that corrupted the database, a malicious actor on the inside or an attack from the outside?
By the way, I'm not arguing that ATS isn't a sitting duck. Just offering another viewpoint.
3 |
110 |
JOINED: |
Nov 2023 |
STATUS: |
OFFLINE
|
POINTS: |
330
|
REPUTATION: |
7
|
(04-29-2024, 09:36 AM)LogicalGraffiti Wrote: In a thread during last October's disaster, there was a bit of revelation of the software running ATS. It was disclosed that the code running the site was written in-house as opposed to buying commercial software or use an open source package. The benefit of that is a hacker or script kiddie can't simply use known exploits (i.e., something like WordPress or bbs apps) to try and break in.
ATS's code is based on a known forum software, and although it was highly customised by SO, some parts are still largely based on that old code. It was on those parts that I found a few exploitable bugs. Those are not enough to allow someone to get direct access to the database (at least as far as I looked into them) but they are good enough to create some chaos.
Also, being mostly new code is only as good as the code is, bad code is easily exploited.
Quote:In fact, do we know what happened in October? Was it a code bug that corrupted the database, a malicious actor on the inside or an attack from the outside?
My initial opinion, reinforced by what I read about what happened, is that someone tried to use a code flaw to get access to the database. One way of trying things like that can, if not carefully done, change all records on a specific database table.
In this case, what I think happened, was that someone tried to use that flaw to change the administrator's password and recovery email address, but while doing so they really changed all passwords and recovery emails to the same new password and recovery email, so everyone's password was changed and nobody could log in unless they knew the new password, that was the same for everyone. Trying a recovery email would not work because the email would be sent to the new recovery email address.
As nobody is updating the code the flaw is still there (along with all the others we don't know about) for someone to exploit, so it's possible that this will happen again.
12 |
181 |
JOINED: |
Feb 2024 |
STATUS: |
OFFLINE
|
POINTS: |
514
|
REPUTATION: |
37
|
04-30-2024, 07:14 PM
This post was last modified 04-30-2024, 07:15 PM by Nerb. 
(04-30-2024, 03:31 PM)DontTreadOnMe Wrote: It's almost a manic frenzy at this point.
You never signed up for this crazy stuff did you?
Wouldn' it be nice to put your feet up for a while and be just a spectator and a poster.
Have a breath of fresh air.....here's to you on holiday in la la land...
Wisdom knocks quietly, always listen carefully.
|