User Controls

On Monday I'm going to report five security holes

  1. #1
    MrHigh Yung Blood
    I know of security holes on several sites that deal with large amounts of PI and/or large amounts of transactions(ACH). I'm going to report five of these on Monday to the administrators and to random people like the FBI. It's over 7 million SSN and DL#. I'm only reporting the sites that I've already worked. The rest stay open for business.

    Get ready...
  2. #2
    aldra JIDF Controlled Opposition
    not the other two though?
  3. #3
    Lanny Bird of Courage
    A good exploit against an entity with ACH access is worth a fucking ton if you have the balls to do it, but it would really stir up the hornet's nest.
  4. #4
    Why are you reporting anything to the FBI? Aren't they like, the enemy?
  5. #5
    Have you considered the possibility that someone is designing these flaws on purpose and wants you to report them.
  6. #6
    Sophie Pedophile Tech Support
    Why are you reporting anything to the FBI? Aren't they like, the enemy?

    It's pretty smart to give the info to random people including law enforcement. Everyone will be scrambling for a piece of the action, if they believe they're the only one that knows. In the ensuing chaos OP will have more chance to remain unnoticed, what's more if you tell the site administrator's they might have a problem after you have successfully have exploited the problem they'll patch it up which is a way of protecting your investment. If you're the only person in possession of database X, Y or Z you can charge a premium without competition.
  7. #7
    bling bling Dark Matter
    print them all off on littel pieces of paper and threw them on the whitehouse lawn chilling area
  8. #8
    MrHigh Yung Blood
    not the other two though?

    As Lanny said. Itd be best pulled off using mules.

    Why are you reporting anything to the FBI? Aren't they like, the enemy?

    I need it fixed so that the information stays private. It raises it's value.

    Have you considered the possibility that someone is designing these flaws on purpose and wants you to report them.

    I did. But I check info at random and it all checked out.

    Right now I'm sticking to betaBay, but I'm up for suggestions.
  9. #9
    bling bling Dark Matter
    send me some and i will get my man to fax them to the russian federation syria embassy
  10. #10
    MrHigh Yung Blood
    Reported Four today.
  11. #11
    I only came here for this.

    Can you give us more information?
  12. #12
    MrHigh Yung Blood
    I only came here for this.

    Can you give us more information?

    Yes.

    These are the totals that I got from each website/state and what type of information I got.

    2,435,452 - Washington
    Name, DOB, Address, DL#, Last Four Digits of SSN, Height, Weight, and Eye Color. Some have email and/or phone.

    2,126,449 - Kentucky
    Name, DOB, Address, and Last Four Digits of SSN. Some have email and/or phone.

    1,195,204 - Oregon
    Name, DOB, Address, and DL#. Some have email and/or phone.

    788,064 - Idaho
    Name, DOB, Address, DL#, Full SSN, Height, Weight, Hair Color, and Eye Color. Some have email and/or phone.

    Also, the admin from the site in Kentucky replied quickly and is one of the only two that patched the security hole. From the name, it was a female and she was thankful. I also contacted a couple of 'hacking news' sites and gave them the info.

    From my understanding, they have a legal responsibility to let the people know that this has happened. And with that many people, it should make the news.

    I'm also posting on the betabay for the kids.
  13. #13
    Sophie Pedophile Tech Support
    Yes.

    These are the totals that I got from each website/state and what type of information I got.

    2,435,452 - Washington
    Name, DOB, Address, DL#, Last Four Digits of SSN, Height, Weight, and Eye Color. Some have email and/or phone.

    2,126,449 - Kentucky
    Name, DOB, Address, and Last Four Digits of SSN. Some have email and/or phone.

    1,195,204 - Oregon
    Name, DOB, Address, and DL#. Some have email and/or phone.

    788,064 - Idaho
    Name, DOB, Address, DL#, Full SSN, Height, Weight, Hair Color, and Eye Color. Some have email and/or phone.

    Also, the admin from the site in Kentucky replied quickly and is one of the only two that patched the security hole. From the name, it was a female and she was thankful. I also contacted a couple of 'hacking news' sites and gave them the info.

    From my understanding, they have a legal responsibility to let the people know that this has happened. And with that many people, it should make the news.

    I'm also posting on the betabay for the kids.

    I will lol if it makes the news. Keep us posted, i will be keeping up with tech related media in any event. By the way, do you know if anyone has the uKnowKids DB?
  14. #14
    You hacked Idaho? Hahaha.. that's hilarious. The whole state or what?
  15. #15
    MrHigh Yung Blood
    Here are the exact websites, hope you went fishing this summer...

    2,435,452 - https://fishhunt.dfw.wa.gov

    2,126,449 - https://app.fw.ky.gov

    1,195,204 - https://or.outdoorcentral.us

    788,064 - https://id.outdoorcentral.us

    They are either down or have been fixed. I have others that have open security holes and some XXS and whatnot.

    Keep watching that news Sophie and where is spectraL?
  16. #16
    I sent all those websites this thread.
  17. #17
    Sophie Pedophile Tech Support
    Here are the exact websites, hope you went fishing this summer…

    2,435,452 - https://fishhunt.dfw.wa.gov

    2,126,449 - https://app.fw.ky.gov

    1,195,204 - https://or.outdoorcentral.us

    788,064 - https://id.outdoorcentral.us

    They are either down or have been fixed. I have others that have open security holes and some XXS and whatnot.

    Keep watching that news Sophie and where is spectraL?

    I will in any event. Also, don't bother with spectral he wouldn't know an epic hack if it hit him in the face.
  18. #18
    Sophie Pedophile Tech Support
    I sent all those websites this thread.

    If the servers get seized i'll hold you responsible.
  19. #19
    MrHigh Yung Blood
    http://nwpr.org/post/cyber-hack-shuts-down-hunting-fishing-license-sales-3-northwest-states

    http://whas.iheart.com/articles/newsradio-840-whas-local-news-283307/kentucky-dpt-of-fish-and-wildlife-15047469/

    http://www.seattletimes.com/sports/state-fish-and-wildlife-suspends-license-sales-due-to-possible-breach-in-computer-system/

    http://www.spokesman.com/stories/2016/aug/25/fishing-free-in-washington-this-weekend/

    http://www.opb.org/news/article/oregon-hunting-fishing-license-hack-sales-suspended/
  20. #20
    MrHigh Yung Blood
    Four at once.
Jump to Top