We have them here too. I've got a tranny bot army that follows me around downvoting me. It takes up to an hour, but I'll consistently get -15 to -20 and it all happened after I called out one of their tranny botters.
That's the point. You cant possibly keep up with the rules therefore it proves that everyone is a racist bigot since they can't follow the non racist bigot rules.... get it now?
Updoot for each of you, fuck you tranny fags. Best leave this site and resume your daily routine of licking dirt stars.
It’s funny because I really don’t mind people like Blair White but the radical left tranny douche fuckers should go live in outer space, like another galaxy or some shit
Take it as measurement that they see you as a threat, which means you're effective. Keep going full speed ahead my fellow patriot. The only things points mean to us on here is making it to the Hot list, but most of us should be mixing in the New and Rising lists anyway.
Luckily password hashes aren't much valuable to crack them. Well, they allow one to iterate through a whole lot of potential passwords without having a server to respond to it if they know the algorithms. So they are convenient, but possibly insufficient.
Problem with passwords is the human behind it. Most humans will use the same password everywhere.
So they run that hash dump on a decently configured hashtopolis cluster and it'll only be a matter of time before they have the passwords used by humans in gab who have possibly used that password elsewhere.
It doesn't take much to crack passwords anymore. There are about 300k words in the English dictionary. It's trivial to establish a hashtopolis cluster which will hash 15 trillion password candidates per second. Per second.. you read that correctly and I typed that correctly. Couple that horsepower with easily available dictionaries, lists of every first, middle, and last name ever used on Facebook, previous password dumps which have been mostly cracked, complete lists of all cities in the country, some complex as hell rule lists which change capitalizations, add numbers, special characters, etc... and the prince attack method.. and they'll crack upwards of 75% of the password hashes in short time.
Passwords are like underwear: You shouldn't share them and you need to change them often.
Good point. Then there is way less time than I anticipated.
The question is merely if they already have all the technology to do so. They might be semi-casuals doing it, and they might need time to set everything up as well.
The mere password hashes only help to check against inputted strings (passwords). And assuming Gab used salts, they'll need to build a table from scratch explicitly with that salt. That will take time. Just for 10 character passwords with letters (52) + digits (10) + other common chars (~10) it will take 72^10 = 3.7e+18 variations to be generated. For 15 char passwords it takes 7.2e+27 variations.
My PC requires half an hour to create ~500.000.000 (5.0e+8) data pieces resulting in a 5gb database from my algorithms, just for comparison.
Hard drive limitations may apply as well as time necessary to iterate through their table for every single password they try to crack. So they'll need to employ a lot of computational power. And I don't see the big benefit in doing so - they just hack some social media accounts which can be recovered. So information shouldn't be too valuable anyway.
The very least GAP has time to take action before they can do meaningful harm, like asking all users to reset passwords.
Or use of third parties components. Some of those are incredibly vulnerable, and let’s be honest no one actually reads the code of open source software before using it.
Last time I saw an active SQL injection vulnerability at work it came from a very out of date NuGet package that team was using.
It's the people coding their own websites and not sanitizing their inputs or whatever. So hackers do shenanigans with the form submissions or whatever and get the server-side code to do a malicious sql query for them.
Just a semantic point- it's more correctly called code injection or script injection. It doesn't necessarily mean SQL... it could be injected Python, JavaScript, anything the web server can execute.
Since the pointy-haired managers and media sensationalized the term fifteen years ago, they want to continue with it and most of us geeks have more important things to do than argue about it.
wow, Torba's own account was hacked? damn trannies.
We have them here too. I've got a tranny bot army that follows me around downvoting me. It takes up to an hour, but I'll consistently get -15 to -20 and it all happened after I called out one of their tranny botters.
I'm too lazy to look it up but I'm pretty sure it's the same people that stole Parler's user data.
I remember going to Xim's twitter. It was some tranny boy. I'm sure Shim has friends.
I am so fucking confused
Admittedly I'm guessing but some tranny boy was the main "guy" behind Parler getting hacked or scraped or whatever you want to call it.
My guess based on the context of Torba's comment is that it was the same person/people/Xeople.
https://cybernews.com/news/70tb-of-parler-users-messages-videos-and-posts-leaked-by-security-researchers/
That's the point. You cant possibly keep up with the rules therefore it proves that everyone is a racist bigot since they can't follow the non racist bigot rules.... get it now?
It's understandable...so are the tranny hackers
lol
I've got one that downvotes all of my comments. It's hilarious.
Me too, his name is "Anaconda"
Updoot for each of you, fuck you tranny fags. Best leave this site and resume your daily routine of licking dirt stars.
It’s funny because I really don’t mind people like Blair White but the radical left tranny douche fuckers should go live in outer space, like another galaxy or some shit
Anaconda is a major faggot and a half. Fuck that low energy doom posting cocksucker!
Is Anaconda still around? Been a while since I have seen that name post anything.
That's your bitch assed liberal ex. 🤣
Wow! You weren't kidding!
Uhhh, admins? Aren't you able to see who up/down voted and ban these faggots?
Take it as measurement that they see you as a threat, which means you're effective. Keep going full speed ahead my fellow patriot. The only things points mean to us on here is making it to the Hot list, but most of us should be mixing in the New and Rising lists anyway.
You really do have them follow big you around 😂
Keep it up, it’s working
Sounds like there was an SQL injection vulnerability in gab that allowed them to get access to a bunch of data including password hashes.
Luckily password hashes aren't much valuable to crack them. Well, they allow one to iterate through a whole lot of potential passwords without having a server to respond to it if they know the algorithms. So they are convenient, but possibly insufficient.
Problem with passwords is the human behind it. Most humans will use the same password everywhere.
So they run that hash dump on a decently configured hashtopolis cluster and it'll only be a matter of time before they have the passwords used by humans in gab who have possibly used that password elsewhere.
It doesn't take much to crack passwords anymore. There are about 300k words in the English dictionary. It's trivial to establish a hashtopolis cluster which will hash 15 trillion password candidates per second. Per second.. you read that correctly and I typed that correctly. Couple that horsepower with easily available dictionaries, lists of every first, middle, and last name ever used on Facebook, previous password dumps which have been mostly cracked, complete lists of all cities in the country, some complex as hell rule lists which change capitalizations, add numbers, special characters, etc... and the prince attack method.. and they'll crack upwards of 75% of the password hashes in short time.
Passwords are like underwear: You shouldn't share them and you need to change them often.
Love the underwear analogy, stealing it!
But if there are exceeded attempt limits on login failures how would a brute force dictionary attack succeed?
Good point. Then there is way less time than I anticipated.
The question is merely if they already have all the technology to do so. They might be semi-casuals doing it, and they might need time to set everything up as well.
BS. I've never changed my passwords except when I have to and no one has ever compromised my data. My password RN is "change."
O wait. That was the DNC server pw that Seth Rich knew.
Care to explain more? Are you talking about common password databases a.k.a rainbow tables? It looks like they did just that.
The mere password hashes only help to check against inputted strings (passwords). And assuming Gab used salts, they'll need to build a table from scratch explicitly with that salt. That will take time. Just for 10 character passwords with letters (52) + digits (10) + other common chars (~10) it will take 72^10 = 3.7e+18 variations to be generated. For 15 char passwords it takes 7.2e+27 variations.
My PC requires half an hour to create ~500.000.000 (5.0e+8) data pieces resulting in a 5gb database from my algorithms, just for comparison.
Hard drive limitations may apply as well as time necessary to iterate through their table for every single password they try to crack. So they'll need to employ a lot of computational power. And I don't see the big benefit in doing so - they just hack some social media accounts which can be recovered. So information shouldn't be too valuable anyway.
The very least GAP has time to take action before they can do meaningful harm, like asking all users to reset passwords.
If the hashes are properly salted rainbow tables are not a problem.
This just allows them to attempt brute forcing individual passwords without being rate limited.
SQL injection in 2021? Or even on the code back in 2016 when Gab was launched? I'm no expert but I think someone was sloppy.
Yeah it's not a good look for gab.
It happens. All it takes is one lazy app developer to not santize input or one that somehow still thinks their app won't get hacked.
Or use of third parties components. Some of those are incredibly vulnerable, and let’s be honest no one actually reads the code of open source software before using it.
Last time I saw an active SQL injection vulnerability at work it came from a very out of date NuGet package that team was using.
Well Gab has always been a bit glitchy, so I think your supposition is correct.
I was under the impression SQL injection wasnt really doable in most modern versions of SQL.
SQL injection is very much alive. It has nothing to do with how modern an SQL server is. People still query it in insecure ways.
It's the people coding their own websites and not sanitizing their inputs or whatever. So hackers do shenanigans with the form submissions or whatever and get the server-side code to do a malicious sql query for them.
It's not typically the SQL that's the problem but the way its used. I'd bet it's not the issue here but it's not out of the question.
Well, I guess I was wrong. SQL injection it is.
Just a semantic point- it's more correctly called code injection or script injection. It doesn't necessarily mean SQL... it could be injected Python, JavaScript, anything the web server can execute. Since the pointy-haired managers and media sensationalized the term fifteen years ago, they want to continue with it and most of us geeks have more important things to do than argue about it.
SQL injection? What is this, 2008? Someone has some explaining to do at Gab.
Are you kidding? SQL injection hasn't gone anywhere. People still query backends with user input that isn't properly sanitized.
I think they mean that the problem is so well known and the solutions well established, that it's inexcusable for modern code to contain the flaw.
Yup, they posted some porn gif with incest related captions on it.
Degenerates gonna degenerate
What a waste of a hack.
There's no cohabitating with the Left. Read the book of Joshua to see how God feels about idolaters.
Thank goodness the FBI is on the case.