It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Wild, but possibly very important, theory about recent hack! !!!!!!!
page: 10
share:
I have a wild theory about how this hack may have been done.
Some have noted that they had slowdowns opening the site in the days previous, and particularly with the Firefox browser on Windows.
The Firefox browser has a few debug logging modes, and possibly also some mechanisms to send those logs back to the devs for them to examine so they may resolve bugs (the default is Bugzilla).
My 'wild guess' (not entirely researched as yet) is that this debug mode could be triggered by some CSS or other invisible tag embedded in a post or in someone's profile, and that as Mozilla is an open source company, with numerous independent developers, that the upload target for those logs could probably be reset in the same code that enables the debug logging.
The other option is that the hacker could simply look up specific logs submitted under their login authorization on Bugzilla, and your data would not be noticeably much different to any of all the other stuff logged there.
I do know that setting a couple of environment settings in Windows will automatically enable debug logging when Firefox is started. Namely:
set MOZ_LOG=nsHttp:5
set MOZ_LOG_FILE=http.log
I don't imagine that setting the upload target for the logs would be openly documented as it is probably very proprietary information, and only for registered devs who have signed NDA's. However, as the code is open source, it wouldn't take a genius to find the 'keys to the kingdom' if they knew what they were looking for, even if they are somewhat obfuscated in the source code.
I propose that the debug logs contain both the user names and passwords typed, or stored in the browser, and therefore someone may use them to access ATS, logged on as their victim.
I don't use Firefox and so I can't just verify any of this easily, but if I am right, all those people whose ATS were compromised (and probably others who the hackers never got around to doing), and who use Firefox may have usernames and passwords to other sites (including Banking) compromised as well.
I would suggest that it may be advisable to use another browser and to go through resetting important passwords.
Of course, I could be wrong in this, but it is worth just checking your system for the environment settings (go to a command prompt and type "SET" and press the 'enter' key and it should list them all out). Also, just until someone can clear the reputation of Firefox, it would probably be a good idea to avoid a browser built on Firefox/Mozilla base code.
Using 'about:logging' in the URL bar within the browser will tell you the status.
If logging is on, and you have not explicitly set it on, then you are compromised. Please respond into this thread if such is the case, especially if your avatar got hacked.
Some have noted that they had slowdowns opening the site in the days previous, and particularly with the Firefox browser on Windows.
The Firefox browser has a few debug logging modes, and possibly also some mechanisms to send those logs back to the devs for them to examine so they may resolve bugs (the default is Bugzilla).
My 'wild guess' (not entirely researched as yet) is that this debug mode could be triggered by some CSS or other invisible tag embedded in a post or in someone's profile, and that as Mozilla is an open source company, with numerous independent developers, that the upload target for those logs could probably be reset in the same code that enables the debug logging.
The other option is that the hacker could simply look up specific logs submitted under their login authorization on Bugzilla, and your data would not be noticeably much different to any of all the other stuff logged there.
I do know that setting a couple of environment settings in Windows will automatically enable debug logging when Firefox is started. Namely:
set MOZ_LOG=nsHttp:5
set MOZ_LOG_FILE=http.log
I don't imagine that setting the upload target for the logs would be openly documented as it is probably very proprietary information, and only for registered devs who have signed NDA's. However, as the code is open source, it wouldn't take a genius to find the 'keys to the kingdom' if they knew what they were looking for, even if they are somewhat obfuscated in the source code.
I propose that the debug logs contain both the user names and passwords typed, or stored in the browser, and therefore someone may use them to access ATS, logged on as their victim.
I don't use Firefox and so I can't just verify any of this easily, but if I am right, all those people whose ATS were compromised (and probably others who the hackers never got around to doing), and who use Firefox may have usernames and passwords to other sites (including Banking) compromised as well.
I would suggest that it may be advisable to use another browser and to go through resetting important passwords.
Of course, I could be wrong in this, but it is worth just checking your system for the environment settings (go to a command prompt and type "SET" and press the 'enter' key and it should list them all out). Also, just until someone can clear the reputation of Firefox, it would probably be a good idea to avoid a browser built on Firefox/Mozilla base code.
Using 'about:logging' in the URL bar within the browser will tell you the status.
If logging is on, and you have not explicitly set it on, then you are compromised. Please respond into this thread if such is the case, especially if your avatar got hacked.
edit on 2024-10-01T17:33:05-05:0005Tue, 01 Oct 2024 17:33:05 -0500010pm00000031 by chr0naut because: (no reason given)
originally posted by: xuenchen
a reply to: chr0naut
What about people not using Firefox?
Let's say Chrome, or Edge ?
Chrome and Edge aren't using the Mozilla base code.
Perhaps if people got hacked but haven't been using Firefox, they could update on this thread.
We really need to gather some more data around the hack to know for sure.
One thing that I would assume, is that if you were hacked, the compromise could have bigger consequences and we should act accordingly!
originally posted by: BeyondKnowledge3
a reply to: chr0naut
I use Firefox for Android. I haven't used a Windows machine in years.
Does Firefox for Android log the same way?
Anyone get hacked on an Apple device?
Use the about:logging to check and please report back.
I see from your changed logo that you got hacked.
Thank you I will have a look.
My Firefox keeps crashing every 2 mins.
Im using microsoft edge for the mo.
works great
My Firefox keeps crashing every 2 mins.
Im using microsoft edge for the mo.
works great
a reply to: chr0naut
I got this on both tablet and phone. Both are signed into ats with Firefox for Android.
Logging manager
Log module selection
Currently enabled log modules:
None
New log modules:
Logging preset:
Logging output
Logging to the Firefox Profiler
Enable stack traces for log messages
Logging to a file
Current log file: None
New log file:
See HTTP Logging for instructions on how to use this tool
I got this on both tablet and phone. Both are signed into ats with Firefox for Android.
Logging manager
Log module selection
Currently enabled log modules:
None
New log modules:
Logging preset:
Logging output
Logging to the Firefox Profiler
Enable stack traces for log messages
Logging to a file
Current log file: None
New log file:
See HTTP Logging for instructions on how to use this tool
edit on 1-10-2024 by BeyondKnowledge3 because: (no reason given)
This asshole hacker is at it again.
Everything was just changed on mine again, but I changed it back.
Everything was just changed on mine again, but I changed it back.
edit on 1-10-2024 by RazorV66 because: (no reason given)
originally posted by: DontTreadOnMe
a reply to: chr0naut
Since when is Firefox suspect?
Certainly better than Edge.
Not as good as Brave, 95% of the time.
It was mentioned in a couple of posts by those who got hacked.
Until we can get more specific information, we can't fully know the attack surface. I'm just trying to figure things out. I could be totally wrong.
a reply to: chr0naut
What would that prove? How many of us were on FF last night and nothing happened.
And why do we need another thread when
www.abovetopsecret.com...
www.abovetopsecret.com...
We should consolidate back to the first thread...and soon.
What would that prove? How many of us were on FF last night and nothing happened.
edit on Tue Oct 1 2024 by DontTreadOnMe because: (no reason given)
And why do we need another thread when
www.abovetopsecret.com...
edit on Tue Oct 1 2024 by DontTreadOnMe because: (no reason
given)
www.abovetopsecret.com...
We should consolidate back to the first thread...and soon.
edit on Tue Oct 1 2024 by DontTreadOnMe because: (no reason given)
originally posted by: DontTreadOnMe
a reply to: chr0naut
What would that prove? How many of us were on FF last night and nothing happened.
And why do we need another thread when
www.abovetopsecret.com...
If we can establish that people who got hacked were not using FF in the week or so up to the hack, then my whole theory goes in the trash. But until we have eliminated the possibility, it is worth considering.
I'm just trying to figure things out, and there may be other consequences beyond changing someone's profile on ATS, so a bit of caution is prudent.
edit on 2024-10-01T17:59:47-05:0005Tue, 01 Oct 2024 17:59:47 -0500010pm00000031 by chr0naut because: (no reason given)
originally posted by: DontTreadOnMe
a reply to: chr0naut
What would that prove? How many of us were on FF last night and nothing happened.
And why do we need another thread when
www.abovetopsecret.com...
www.abovetopsecret.com...
We should consolidate back to the first thread...and soon.
OK, I just got hacked and I'm not using Firefox. Consider my theory now debunked.
Mod, please close this thread.
new topics
-
Will Waste From Nuclear Power Stations Be Used By Zelensky To Trigger A Nuclear Exchange
World War Three: 3 hours ago -
Woman tears down Greek flag, thinking it's Israeli flag
Social Issues and Civil Unrest: 3 hours ago -
Nathan Wade conspiring with Biden admin
US Political Madness: 4 hours ago -
The Wrathchild is Dead - RiP Paul Di'Anno
Music: 4 hours ago -
American elections: a view from Russia
2024 Elections: 8 hours ago
top topics
-
American elections: a view from Russia
2024 Elections: 8 hours ago, 17 flags -
Candace Interview With Judge Joe Brown: Revealing And Informative To Say The Least
Above Politics: 16 hours ago, 16 flags -
Nathan Wade conspiring with Biden admin
US Political Madness: 4 hours ago, 10 flags -
Woman tears down Greek flag, thinking it's Israeli flag
Social Issues and Civil Unrest: 3 hours ago, 10 flags -
Their Ritual
Short Stories: 16 hours ago, 7 flags -
The Wrathchild is Dead - RiP Paul Di'Anno
Music: 4 hours ago, 4 flags -
Will Waste From Nuclear Power Stations Be Used By Zelensky To Trigger A Nuclear Exchange
World War Three: 3 hours ago, 2 flags
active topics
-
The October Surprise has arrived
General Conspiracies • 30 • : fringeofthefringe -
My aunt kidnapped my father.
Rant • 13 • : covent -
American elections: a view from Russia
2024 Elections • 36 • : Justoneman -
Nathan Wade conspiring with Biden admin
US Political Madness • 10 • : network dude -
Internet archive supposedly hacked. Totally offline.
General Chit Chat • 18 • : BeyondKnowledge3 -
Will Waste From Nuclear Power Stations Be Used By Zelensky To Trigger A Nuclear Exchange
World War Three • 8 • : covent -
Mood Music Part VI
Music • 3658 • : underpass61 -
The Wrathchild is Dead - RiP Paul Di'Anno
Music • 2 • : BasicResearchMethods -
Iran Sympathizers in Biden Admin Leak Intelligence on Israel Attack Plans
Mainstream News • 58 • : marg6043 -
FINALLY! ET Signal from Proxima Centauri confirmed by ESA Astronomers, NASA filmmaker!
Aliens and UFOs • 34 • : ARM19688
0