It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Wild, but possibly very important, theory about recent hack! !!!!!!!
page: 10
share:
I have a wild theory about how this hack may have been done.
Some have noted that they had slowdowns opening the site in the days previous, and particularly with the Firefox browser on Windows.
The Firefox browser has a few debug logging modes, and possibly also some mechanisms to send those logs back to the devs for them to examine so they may resolve bugs (the default is Bugzilla).
My 'wild guess' (not entirely researched as yet) is that this debug mode could be triggered by some CSS or other invisible tag embedded in a post or in someone's profile, and that as Mozilla is an open source company, with numerous independent developers, that the upload target for those logs could probably be reset in the same code that enables the debug logging.
The other option is that the hacker could simply look up specific logs submitted under their login authorization on Bugzilla, and your data would not be noticeably much different to any of all the other stuff logged there.
I do know that setting a couple of environment settings in Windows will automatically enable debug logging when Firefox is started. Namely:
set MOZ_LOG=nsHttp:5
set MOZ_LOG_FILE=http.log
I don't imagine that setting the upload target for the logs would be openly documented as it is probably very proprietary information, and only for registered devs who have signed NDA's. However, as the code is open source, it wouldn't take a genius to find the 'keys to the kingdom' if they knew what they were looking for, even if they are somewhat obfuscated in the source code.
I propose that the debug logs contain both the user names and passwords typed, or stored in the browser, and therefore someone may use them to access ATS, logged on as their victim.
I don't use Firefox and so I can't just verify any of this easily, but if I am right, all those people whose ATS were compromised (and probably others who the hackers never got around to doing), and who use Firefox may have usernames and passwords to other sites (including Banking) compromised as well.
I would suggest that it may be advisable to use another browser and to go through resetting important passwords.
Of course, I could be wrong in this, but it is worth just checking your system for the environment settings (go to a command prompt and type "SET" and press the 'enter' key and it should list them all out). Also, just until someone can clear the reputation of Firefox, it would probably be a good idea to avoid a browser built on Firefox/Mozilla base code.
Using 'about:logging' in the URL bar within the browser will tell you the status.
If logging is on, and you have not explicitly set it on, then you are compromised. Please respond into this thread if such is the case, especially if your avatar got hacked.
Some have noted that they had slowdowns opening the site in the days previous, and particularly with the Firefox browser on Windows.
The Firefox browser has a few debug logging modes, and possibly also some mechanisms to send those logs back to the devs for them to examine so they may resolve bugs (the default is Bugzilla).
My 'wild guess' (not entirely researched as yet) is that this debug mode could be triggered by some CSS or other invisible tag embedded in a post or in someone's profile, and that as Mozilla is an open source company, with numerous independent developers, that the upload target for those logs could probably be reset in the same code that enables the debug logging.
The other option is that the hacker could simply look up specific logs submitted under their login authorization on Bugzilla, and your data would not be noticeably much different to any of all the other stuff logged there.
I do know that setting a couple of environment settings in Windows will automatically enable debug logging when Firefox is started. Namely:
set MOZ_LOG=nsHttp:5
set MOZ_LOG_FILE=http.log
I don't imagine that setting the upload target for the logs would be openly documented as it is probably very proprietary information, and only for registered devs who have signed NDA's. However, as the code is open source, it wouldn't take a genius to find the 'keys to the kingdom' if they knew what they were looking for, even if they are somewhat obfuscated in the source code.
I propose that the debug logs contain both the user names and passwords typed, or stored in the browser, and therefore someone may use them to access ATS, logged on as their victim.
I don't use Firefox and so I can't just verify any of this easily, but if I am right, all those people whose ATS were compromised (and probably others who the hackers never got around to doing), and who use Firefox may have usernames and passwords to other sites (including Banking) compromised as well.
I would suggest that it may be advisable to use another browser and to go through resetting important passwords.
Of course, I could be wrong in this, but it is worth just checking your system for the environment settings (go to a command prompt and type "SET" and press the 'enter' key and it should list them all out). Also, just until someone can clear the reputation of Firefox, it would probably be a good idea to avoid a browser built on Firefox/Mozilla base code.
Using 'about:logging' in the URL bar within the browser will tell you the status.
If logging is on, and you have not explicitly set it on, then you are compromised. Please respond into this thread if such is the case, especially if your avatar got hacked.
edit on 2024-10-01T17:33:05-05:0005Tue, 01 Oct 2024 17:33:05 -0500010pm00000031 by chr0naut because: (no reason given)
originally posted by: xuenchen
a reply to: chr0naut
What about people not using Firefox?
Let's say Chrome, or Edge ?
Chrome and Edge aren't using the Mozilla base code.
Perhaps if people got hacked but haven't been using Firefox, they could update on this thread.
We really need to gather some more data around the hack to know for sure.
One thing that I would assume, is that if you were hacked, the compromise could have bigger consequences and we should act accordingly!
originally posted by: BeyondKnowledge3
a reply to: chr0naut
I use Firefox for Android. I haven't used a Windows machine in years.
Does Firefox for Android log the same way?
Anyone get hacked on an Apple device?
Use the about:logging to check and please report back.
I see from your changed logo that you got hacked.
Thank you I will have a look.
My Firefox keeps crashing every 2 mins.
Im using microsoft edge for the mo.
works great
My Firefox keeps crashing every 2 mins.
Im using microsoft edge for the mo.
works great
a reply to: chr0naut
I got this on both tablet and phone. Both are signed into ats with Firefox for Android.
Logging manager
Log module selection
Currently enabled log modules:
None
New log modules:
Logging preset:
Logging output
Logging to the Firefox Profiler
Enable stack traces for log messages
Logging to a file
Current log file: None
New log file:
See HTTP Logging for instructions on how to use this tool
I got this on both tablet and phone. Both are signed into ats with Firefox for Android.
Logging manager
Log module selection
Currently enabled log modules:
None
New log modules:
Logging preset:
Logging output
Logging to the Firefox Profiler
Enable stack traces for log messages
Logging to a file
Current log file: None
New log file:
See HTTP Logging for instructions on how to use this tool
edit on 1-10-2024 by BeyondKnowledge3 because: (no reason given)
This asshole hacker is at it again.
Everything was just changed on mine again, but I changed it back.
Everything was just changed on mine again, but I changed it back.
edit on 1-10-2024 by RazorV66 because: (no reason given)
originally posted by: DontTreadOnMe
a reply to: chr0naut
Since when is Firefox suspect?
Certainly better than Edge.
Not as good as Brave, 95% of the time.
It was mentioned in a couple of posts by those who got hacked.
Until we can get more specific information, we can't fully know the attack surface. I'm just trying to figure things out. I could be totally wrong.
a reply to: chr0naut
What would that prove? How many of us were on FF last night and nothing happened.
And why do we need another thread when
www.abovetopsecret.com...
www.abovetopsecret.com...
We should consolidate back to the first thread...and soon.
What would that prove? How many of us were on FF last night and nothing happened.
edit on Tue Oct 1 2024 by DontTreadOnMe because: (no reason given)
And why do we need another thread when
www.abovetopsecret.com...
edit on Tue Oct 1 2024 by DontTreadOnMe because: (no reason
given)
www.abovetopsecret.com...
We should consolidate back to the first thread...and soon.
edit on Tue Oct 1 2024 by DontTreadOnMe because: (no reason given)
originally posted by: DontTreadOnMe
a reply to: chr0naut
What would that prove? How many of us were on FF last night and nothing happened.
And why do we need another thread when
www.abovetopsecret.com...
If we can establish that people who got hacked were not using FF in the week or so up to the hack, then my whole theory goes in the trash. But until we have eliminated the possibility, it is worth considering.
I'm just trying to figure things out, and there may be other consequences beyond changing someone's profile on ATS, so a bit of caution is prudent.
edit on 2024-10-01T17:59:47-05:0005Tue, 01 Oct 2024 17:59:47 -0500010pm00000031 by chr0naut because: (no reason given)
originally posted by: DontTreadOnMe
a reply to: chr0naut
What would that prove? How many of us were on FF last night and nothing happened.
And why do we need another thread when
www.abovetopsecret.com...
www.abovetopsecret.com...
We should consolidate back to the first thread...and soon.
OK, I just got hacked and I'm not using Firefox. Consider my theory now debunked.
Mod, please close this thread.
new topics
-
More NY Justice System Corruption
Social Issues and Civil Unrest: 1 hours ago -
Would Democrats Be in Better Shape if They Had Replaced Joe Biden with Kamala Harris in July 2024.
US Political Madness: 8 hours ago
top topics
-
It's time to dissect the LAWFARE
Dissecting Disinformation: 16 hours ago, 12 flags -
Liven things up with some COMMUNITY!
General Chit Chat: 13 hours ago, 9 flags -
US spent $151 BILLION on illegal immigration in 2023 alone: DOGE
US Political Madness: 13 hours ago, 8 flags -
CIA Whistleblower Kevin Shipp claims CIA was involved in MH370's disappearance
General Conspiracies: 12 hours ago, 5 flags -
President Biden is Touring Africa. Why?
Politicians & People: 12 hours ago, 5 flags -
More NY Justice System Corruption
Social Issues and Civil Unrest: 1 hours ago, 5 flags -
Would Democrats Be in Better Shape if They Had Replaced Joe Biden with Kamala Harris in July 2024.
US Political Madness: 8 hours ago, 4 flags -
Russian Disinformation Campaign Claims Stalker 2 Is Used To Locate Ukraine War Conscripts
Mainstream News: 15 hours ago, 2 flags
active topics
-
Great Barrier Reef Attacks and Sinks New Zealand Frigate HMNZS Manawanui
Weaponry • 65 • : grey580 -
More NY Justice System Corruption
Social Issues and Civil Unrest • 8 • : PorkChop96 -
Salvatore Pais confirms science in MH370 videos are real during live stream
General Conspiracies • 72 • : b0kal0ka -
Alien warfare predicted for December 3 2024
Aliens and UFOs • 79 • : BernnieJGato -
Post A Funny (T&C Friendly) Pic Part IV: The LOL awakens!
General Chit Chat • 7868 • : baddmove -
Would Democrats Be in Better Shape if They Had Replaced Joe Biden with Kamala Harris in July 2024.
US Political Madness • 15 • : Xtrozero -
President Biden is Touring Africa. Why?
Politicians & People • 11 • : mysterioustranger -
Chinese national busted in LA sending weapons to NK
World War Three • 20 • : Xtrozero -
Never say Never?
Science & Technology • 62 • : andy06shake -
CIA Whistleblower Kevin Shipp claims CIA was involved in MH370's disappearance
General Conspiracies • 2 • : b0kal0ka
0