- General Mackevili
- The General
- Posts: 17369
- Joined: Tue May 06, 2014 5:24 pm
- Reputation: 2269
- Location: The Kingdom
Personally, I'd consider it hacking. I feel admin have no right to read any members PM's at all, period.StroppyChops wrote:
Edit: it's not even deemed to be hacking, it's just admin business as usual.
If it's serious enough to warrant snooping, I'm sure The NSA will be all over it anyways.
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
Despite what the "other admin" loves to claim, it's VERY easy to do. They're not encrypted and it just takes a look at the phpbb_private_msg table in the database to read them. That said, we don't. The only time I ever even open the database is to make mods and most of those have their own scripts for updating the DB build in so I don't even need to do it then. It has been claimed that "some admins" don't have the knowhow to do so... frequently just after they have clearly done so. I can attest that GMack is completely inept at using the database however, and I really just don't give a shit what you have to say in your PMs.vladimir wrote:I have one question:
Do admins on either board read Private Messages?
I know it can be done, you have to know what you're doing, and you need a reasonable idea of what the content is to do it.
OD, can you verify that?
And, of more significance, if you can hack PM's is it not just a short step to hack their emails?
As for hacking email, no... MUCH harder and the most we get is that we know your email address. In 'theory' if you used the same password for here and there we could attempt to crack the encrypted 'hash' of your password here to get the real thing, then use that to log into your email. But that's a LOT of work and really not that effective since there's no guarantee that it can be dehashed (google rainbow tables) or that once it is that you used the same password for both (which you never should).
When you enter your password to this system it encrypts it... so that the word "password" ends up as "5f4dcc3b5aa765d61d8327deb882cf99". Then all it saves in the DB is 5f4dcc3b5aa765d61d8327deb882cf99. Later, when you log in, it takes what you typed and does the same encryption to it, then if the result comes out at 5f4dcc3b5aa765d61d8327deb882cf99 it matches and knows you entered the right one. The original text is never saved in the DB and the only way to get it is to search a list of encrypted words to find one that matches, then see what that word had been. It's called 1 way encryption for a reason.
The method to "crack" it is to take a huge dictionary of words and encrypt THEM the same way... then you look at the list of those results and see if any match the hash you want to crack. If so you see what word correlated to it and you have the password. A really involved process, especially if they add numbers/etc to their password. That list is called a Rainbow Table, and you can download premade ones pretty much all over the internet.
Like this one:
http://www.md5rainbow.com/" onclick="window.open(this.href);return false;
Google works well too... just do a search for the hash and see if any site has it in their public rainbow tables. A good way to test the security of your password.
Mine, for this site actually, returns:
Your search - XXXXXXXXXXXXXXXXXXXXXXXX - did not match any documents.
Make sure all words are spelled correctly.
Try different keywords.
Try more general keywords.
NP. I do suggest everyone always check their PW against google's known hash tables... a password that's a google search away from decrypting really isn't much of a password.Jaap N. wrote:Cool, OD, thanks!
[Shameless Plug: I'm available for network security and penetration testing for reasonable rates to anyone seeking such services. http://www.webivation.net" onclick="window.open(this.href);return false; ]
And related: DARPA Hacking, fun for the whole family! http://www.pcworld.com/article/2070580/ ... s-fun.html" onclick="window.open(this.href);return false;
- Similar Topics
- Last post
Users browsing this forum: No registered users and 129 guests