1. If any of you have an account over at 2+2 fourms you should read this.

    Direct quote from 2+2 fourms:

    "
    On April 26th at approximately 11:20 AM pacific time, the Two Plus Two Forums were closed as a result of a hacker who has displayed the ability to access e-mail addresses and encrypted passwords. He also indicated the ability to decrypt passwords.

    While it is unclear the extent of data to which he gained access, e-mail addresses and passwords on the Two Plus Two forums should be considered compromised. If you have used your 2+2 password on any other site, you are advised to change it.

    For your security we are closing the forums until the breach is patched.

    We hope to be back up as soon as possible.
    "

    Sketch
    Add FGHTYRDMNS to Rail
  2. wow
    tx for sharing
     2
    Add flashdisastr to Rail
  3. Sigh, hopefully they shut it down before the hacking got too serious.
    Add wackyJaxon to Rail
  4. I do know that several dormant accounts there had been hacked over the past couple of weeks. These hacked accounts were used to scam people out of money/poker funds in the P2P transfer and gift card threads.

    I usually change my passwords every so often. I think today is a good day for that.
    Add Hotlanta Bob to Rail
  5.  
    Originally Posted by FGHTYRDMNS View Post

    If any of you have an account over at 2+2 fourms you should read this.

    Direct quote from 2+2 fourms:

    "
    On April 26th at approximately 11:20 AM pacific time, the Two Plus Two Forums were closed as a result of a hacker who has displayed the ability to access e-mail addresses and encrypted passwords. He also indicated the ability to decrypt passwords.

    While it is unclear the extent of data to which he gained access, e-mail addresses and passwords on the Two Plus Two forums should be considered compromised. If you have used your 2+2 password on any other site, you are advised to change it.

    For your security we are closing the forums until the breach is patched.

    We hope to be back up as soon as possible.
    "

    Sketch


    I have little knowledge into encryption technology, but how much of this (the bolded part) could be due to bad software/security on 2+2's part?
    Add cogniscenti to Rail
  6. decryption is easy. That site runs the same software as this site but they prob. didnt make a timely update to the core when a vulnerability came up.
    Add xxbossmanxx to Rail
  7.  
    Originally Posted by cogniscenti View Post

    I have little knowledge into encryption technology, but how much of this (the bolded part) could be due to bad software/security on 2+2's part?

    The problem with running popular software such as vbulletin, phpbb, wordpress, joomla, drupal, etc, is that whenever an exploit is found, tons of websites are susceptible unless they upgrade their software. So let's say someone found an exploit for the version of vbulletin that 2p2 uses. The hacker could possibly (depending on the type of exploit) get a dump of their entire database, log into their ftp, etc. If the passwords saved in the DB are encrypted using a simple algorithm with no salt, it's easy to use a lookup table to "decrypt" the hashes. There are plenty of free services out there that will do this for you.

    By the sounds of it, 2p2 passwords were probably saved using this encryption method (simple encryption/no salt). Either that or the hacker got access to not only the encrypted DB passwords, but also FTP and/or SSH access so he could view the source code and see the encryption methods used for the passwords and reverse engineer from there.

     
    Originally Posted by xxbossmanxx View Post

    decryption is easy. That site runs the same software as this site but they prob. didnt make a timely update to the core when a vulnerability came up.

    Nitpicking, but there's no such thing as "decrypting" a hashed value such as md5 or sha. You can look up what a hashed string might map to using rainbow tables, but there's no way to actually "decrypt" a hashed string.
     1
    Add mapunk to Rail
  8. Mapunk you are correct. I totally didnt explain what I meant and my statement makes no sense. What I meant is cracking pass is super easy since once you get inside the script you can do stuff like change the users email and then request a password reset etc. Also, it gets easy to make hidden super admins and stuff.
    Add xxbossmanxx to Rail
  9. "A username and password are being requested by http://forumserver.twoplustwo.com. The site says: "DirectoryName"" Is popping up

    with a User Name and Password Field to fill in when i try to switch pages on 2+2

    obv just clicking cancel when i see this. Just thought it was weird
    Edited By: icufish Apr 27th, 2012 at 02:35 AM
     
    Add icufish to Rail
  10. Call me a dumb shit but what is to be gained by hacking forum accounts?
    Add marlow77 to Rail
  11. NoahSD just retweeted the supposed hacker. we can't be sure it's actually him, but he said that from what he's read of our emails we're all a buncha gaylords, so it sounds like he's for real.
     
    Add p0k3rj03 to Rail
  12.  
    Originally Posted by marlow77 View Post

    Call me a dumb shit but what is to be gained by hacking forum accounts?


    dumb shit
     
    Add MattElsarelli to Rail
  13.  
    Originally Posted by marlow77 View Post

    Call me a dumb shit but what is to be gained by hacking forum accounts?

    user emails/passwords. and if you use the same username/password/email on your poker accounts, access to your poker account.
     
    Add tyson219 to Rail
  14.  
    Originally Posted by p0k3rj03 View Post

    NoahSD just retweeted the supposed hacker. we can't be sure it's actually him, but he said that from what he's read of our emails we're all a buncha gaylords, so it sounds like he's for real.

    LOL... Any idea when you will be up and running again there Noah?
    Add CANUKEH44 to Rail
  15. I can't even log into 2p2... Really hope my acct isn't shut down or some sht.
    Add TrueMetalMan to Rail
  16. The e-mail I got had slightly more info than the OP's.


     
    Originally Posted by 2+2 fourms

    "For your security, we are closing the forums until the breach is patched. Upon reopening the forums you will be forced to change your password – it is counterproductive to do so now."

    Edited By: teratical Apr 27th, 2012 at 06:27 AM
    Add teratical to Rail
  17.  
    Originally Posted by tyson219 View Post

    user emails/passwords. and if you use the same username/password/email on your poker accounts, access to your poker account.

    This was my intial thought but because RSA tokens eliminate any possibility of that being a problem then I wondered if some other benefit could be had...
    Add marlow77 to Rail
  18. RSA tokens are not on alot of sites though. And unfortunately many people don't take advantage of using a token on PokerStars or PartyPoker thus leaving them vulnerable.
    Add wackyJaxon to Rail
  19. any time frame as to when it will be back up?
     
    Add McBain74 to Rail
  20. Now I have to relearn P5s. Use to come here all the time. Nothing against it, just switched to 2+2. I think I like this P5s better than when i was here like a year or two ago :-)

    Edit: I've already learned some awesome stuff being here lol. Went back to an old thread, found out about this book, started reading it, want it now (4 hour body).
    Edited By: jackaaron Apr 27th, 2012 at 02:24 PM
    Reason: Rediscovering P5s
    Add jackaaron to Rail
  21. I was also here long before 2+2 but tbh wish I'd found 2+2 earlier. The hand analysis and strat layout in here is lame.
    Add marlow77 to Rail
  22.  
    Originally Posted by jackaaron View Post

    Now I have to relearn P5s. Use to come here all the time. Nothing against it, just switched to 2+2. I think I like this P5s better than when i was here like a year or two ago :-)

    Edit: I've already learned some awesome stuff being here lol. Went back to an old thread, found out about this book, started reading it, want it now (4 hour body).

    Welcome back!

     
    Originally Posted by marlow77 View Post

    I was also here long before 2+2 but tbh wish I'd found 2+2 earlier. The hand analysis and strat layout in here is lame.

    Some people prefer the simpler layout of P5s over 2+2, others prefer things on 2+2. Many people are on both forums. Different strokes for different folks, glad there is enough variety out there to suit many different personalities.
    Add wackyJaxon to Rail
  23. I like P5's much better; but at my new job, I can access 2p2 from my work computer but P5's is a restrictricted website. So I've been reading over there. Anyone know a way around this for someone without Administrative access?
     
    Add MikeBucks to Rail
  24.  
    Originally Posted by MikeBucks View Post

    I like P5's much better; but at my new job, I can access 2p2 from my work computer but P5's is a restrictricted website. So I've been reading over there. Anyone know a way around this for someone without Administrative access?

    Proxy
     
    Add Iplaythabored to Rail
  25. I'VE ALWAYS LIKED P5S MORE THAN 2P2
    2
    Add random.chu to Rail
  26.  
    Originally Posted by random.chu View Post

    I'VE ALWAYS LIKED P5S MORE THAN 2P2


    Same here just wish p5 had a phone app like 2+2
    Add vicvegas007 to Rail
  27.  
    Originally Posted by MikeBucks View Post

    I like P5's much better; but at my new job, I can access 2p2 from my work computer but P5's is a restrictricted website. So I've been reading over there. Anyone know a way around this for someone without Administrative access?

    Get a phone with internet access and you won't have this problem.
     
    Add hoodskier to Rail
  28. Here's PocketFives' feature article on the TwoPlusTwo outage:
    http://www.pocketfives.com/articles/...occurs-587339/
    Add Dan to Rail
  29. It goes without saying, but DO NOT do trades with anyone without being able to confirm in other ways. Don't just believe your friends when they hop on skype and ask to do an xfer. I'm sure all your skype friends are on FB somehow as well, or have their phone number, so double confirm. Worst thing besides getting your own accts hacked is giving free money to a moron. Needless to say, if I am asking any of you for money, it isn't me.
    Add bef99hwk to Rail
  30. Scary stuff hopefully everything gets sorted out and 2+2 is back up and running today.
     
    Add kevmode to Rail