OH2 Should be Seen as a Threat

[JustforFun2012]

Ghostrider-I have NO idea what's going on nor do you. I was asked about a method for using a bad cert, I provided a theoretical one that's pretty practical. I was challenging your response about LE breaking laws and using evidence because the feds will GLADLY break US and intl. law to achieve a goal, there's a LONG history of it and I think you and I are in agreement there.

Is LE-fed or local, involved with OH2 or not? I have no idea, and resent the tinfoil hat comment b/c this is the first time I've brought up a security/intel concern while I've seen others post their ph., email address, other stupid shit that's just bad opsec and easy to find people in real life. That's not an alarm but this, which can threaten probably 1/2 of the readers on THIS board, is worth it.

I'm bringing this forward as a concern for the board to be careful and back to the original point you pretty much have to agree with me on-

It's odd and strange AF that they haven't updated a SSL cert in weeks. Now that is a fact, all the rest is conjecture. But that fact alone makes the site untrustworthy whether the feds are wiretapping it or not.

P.S. IDC if you get hacked or caught up in a dragnet or not. If you think you're warm and safe and that LE is always on your side, well wake TF up sheeple.

[JustforFun2012]

Quote:

Originally Posted by GhostRiderYYZ

No, I am implying that if LE did something illegal to obtain evidence of a crime and it was proven they did, any and all evidence they obtained would be tossed out and not be allowed.

Ask a lawyer about this

But *WOULD* they do something illegal ? jury is still out on this one.

I get your point but this one question should make you concerned:
How many times has LE done entrapment and gotten away with it?

THAT's illegal. THAT's thrown out by good defense lawyers all the time but..how many times has LE gotten away with it? How many bad lawyers are there?

I'd guess 100's of thousands of times and can almost guarantee it's occurred somewhere in the USA today! THAT's illegal, that gets cases thrown out and YET, LE still does it!

[winn dixie]

Quote:

Originally Posted by Austin Ellen

You just spread lies and lies. You're the one who outs ladies and stalks ladies on OH2. You are the one who is the threat.
That's why you get banned over there but you keep wanting to come back begging CK to let you back on his site. Pathatic.

Beg? I have several accts on oh2. No secret 3 of us share a fake providers handle on oh2 as well!
Yes ya'll out mongers for no less than simple name calling. Ya'll label mongers stalkers or mean people cause we post the truth and wont bow down to ya'lls simpck.
Who's the one coming off the ban? Please get a hold of yourself and bring receipts like I can! Watch that name calling ae

[Grace Preston]

Here's what I can say....


I haven't tried to get back on the site in a couple days-- the day after all this began, I went to the site. I generally stay logged into that site from my home PC as I keep that PC under lock and key.


When I went to the site-- I was auto logged in.. but when I navigated to Dallas-- the login changed to another members name.



This is more than a DDOS-- someone that should not be in that server is in that server.

[Stromprophet]

Quote:

Originally Posted by GhostRiderYYZ

hmm so let me get this straight:

the FEDERAL GOVERNMENT is hacking an escort review board *AND* possibly a website that advertises body rubs for what purpose? International Security? What are they looking for?

Stuxnet if you recall sabotaged the centrifuges of Iran to prevent them from creating nuclear material, as for the NSA and your theory of them hacking Oh2 etc.. you need to add another layer of tinfoil to your hat.

Is LE “hacking” limited to the Federal government? States are funny on lots of things. Also, the Federal government made laws about websites. Does no one recall how this all changed like overnight.

OH2 has always been difficult. Verified status. Posting a review with any kind of phone. Outages all the time.

[winn dixie]

Quote:

Originally Posted by Grace Preston

Here's what I can say....


I haven't tried to get back on the site in a couple days-- the day after all this began, I went to the site. I generally stay logged into that site from my home PC as I keep that PC under lock and key.


When I went to the site-- I was auto logged in.. but when I navigated to Dallas-- the login changed to another members name.



This is more than a DDOS-- someone that should not be in that server is in that server.

Was in there this evening. Damage has been done. Im no techie. But its evident whatever has changed things .

[atanion]

Quote:

Originally Posted by JustforFun2012

First up a DDOS and what's going on with RR is markedly different than a cert, what effects OH2. Really read up on Wikipedia at a minimum about the tech, DDOS is too much traffic for the server while a cert issue is a certificate located ON the server. Different tech, applications, etc. I'm not debating that further when I know I'm right.

Now, here's a simple scenario of how LE can benefit from a similar situation. I'm not saying this is what happened to OH2 but it well could:

LE works with the ISP hosting RR or OH2 or whatever site they're targeting. ISPs will readily work with LE as it's a mutually beneficial relationship in stopping hackers. In this instance the LE probably won't need a warrant or extensive support due to their relationship that's existing. If you're an ISP and your network is being DDOS'ed you're freaking calling the FBI to help.

It
happens
a lot.

Site's certificate times out or gets intentionally corrupted by the owner of the site b/c he's working with LE. Certs need annual refreshes but can be purchase for up to 10 yrs. in advance. Let's say that have a 1 yr. and they know it expires 2/1/22. With a broken cert everything goes clear-text between that site with the bad cert and the public Internet. LE starts listening to the network traffic between the server and the Internet. If the cert works, it makes their job VERY difficult b/c they have to decrypt/unscramble everything. If the cert is broken now they see your login, your DMs, searches, etc.

It's not necessarily what you'd say directly but if I'm LE I can now combine what you sent in PMs for buddies asking questions, your searches, as well as a review. Now that's getting harder to prove in a court vs. saying it wasn't you. 2nd up, and more impact, if I'm LE now I see all the DMs to/from providers so I know who their client is IRL, who they are, and what clients are coming up. I can find info on all the providers and get the initial info to continue with future warrants / research. Instead of hunting providers 1x at a time, I get them all in an area and can nab 100's at a time.

It's not too outlandish or crazy. Like I said before, fixing a SSL cert is relatively trivial so it's just weird AF that it's broken this long. That alone is troubling and that plus scenarios that can happen like the above make OH2 frankly untrustworthy.

If they're legit, fix the cert quickly to prove me wrong (really please do, I'd rather have more sites vs. 1 trustworthy one!).

This is great information. This is precisely why I don't meet up with mongers in person despite several requests to do so. One of them could be undercover and try to socially influence me to admit to illegal activities.


Even if all of my PMs, reviews, etc., were collected by LE, none of it is linked to my real identity. However, I feel pity for anyone who uses these boards and shared their real names.

[Pitroom]

Quote:

Originally Posted by atanion

This is great information. This is precisely why I don't meet up with mongers in person despite several requests to do so. One of them could be undercover and try to socially influence me to admit to illegal activities.


Even if all of my PMs, reviews, etc., were collected by LE, none of it is linked to my real identity. However, I feel pity for anyone who uses these boards and shared their real names.

This is not directed to you but the Op. I never understand this sky is falling theory. Like there is a risk involved doing this. You can minimize that risk to a low percentile if you use just 1 percent of your brain. Don't give any personal information to screen. Don't pay with a credit card, zelle people money etc. And don't talk about any of your personal business. These females will tell your personal business. I get unsolicited portions of you'll business from these chick's sometimes during sessions. Doctors out here writing fake scripts with their real information putting their license in jeopardy, lawyers doing free legal work or housing chick's in their houses, the list goes on. And it's unsolicited. Women just talk especially if they build a rapport with someone. So keep your business to yourself if you are overly concerned!

The only way to go to jail from our perspective doing this is walking into an unfamiliar Amp that just pops up overnight and picking up a woman off the street in my opinion which has to be the dumbest shit ever. This is my opinion. You'll think LE is combing through ourhome to arrest us all. I seriously fucking doubt it. Now something is going on there. They won't tell us the real truth but I doubt it's anything to concern someone with a small amount of common sense. It's like when there's a raid at a club. Vice will see you getting your Johnson sucked in Vip alongside him, but he's only there to entrap the women and take a manager along for the ride. I've sat quietly during many a raid at a strip club and even ordered a drink during one.

Last, I see why people are asking you sir to hang out. Don't be surprised to soon be invited to a social. From a casual perspective you are a treasure trove of info in a short period of time. Whatever you are doing to make the money you are good at it. I've never understood how it benefits anyone to go to a social. I hang with pussy not other dudes and have no interest in being that visible doing this. My only thought is being able to hang out with women in this business without the meter running. I do that anyway with several because I ask after I've seen someone a couple of times. Hey let's go grab a bite or whatever. If you aren't a dick you will be surprised of the answers. They are human too. If you are somewhat a cool person to be around....if their answer is no then I make the decision if I want to continue this but I have a rolodex of chick's that will hang with me with some of that being off the clock. And for the ladies and white knight that will flame me for being honest I love you and so does God.....

[Lustnotlove]

Interesting discussion , theory and POV. I would add though, if as possibly suggested the ISP is working with LE there would be no additional reason/need to hack. They would already have server access to oh2 and other sites, so its better surveillance being stealth.
I agree not DDOS.
Young/new hackers have to begin somewhere.
And finally, it is possible a members computer or isp has been compromised and from there a hacker is just Fukien with the system.

[New2here2009]

I'm just glad to be back here. I forgot how nice this site was after spending most of my time on OH2. This layout and all is just more user friendly.

[Cancercrab69]

So the big question…where are all the whores advertising now!?

[JustforFun2012]

Pitroom, was AFK for a while. I'm not saying the sky is falling, nor am I guaranteeing (or even betting) that LE is involved. I didn't try to have that tone, personally I hate that tone. I do suspect OH2 strongly and wouldn't get involved. I've not logged in since I noted the initial post. If it smells like shit to me so it's probably shit. I also KNOW from a technical level that something is seriously WRONG over at OH.

I agree, good operational security is important for providers and mongers. I personally keep this regularly and don't share much but you would be surprised at the number of slip-ups you see here. Maybe you haven't but I can say myself I've messed up at times and done dumb shit. I think we all have at least 1x. So if you did the same at OH2 today, you put yourself at risk. My point-DON'T go on OH and proceed as you were. I wouldn't login, PM, pull provider info, or certainly not write a review. You'll likely be caught up with the hackers, LE, or ignorant sysadmins running OH2.

For providers-If I'm in their shoes I'd argue they not only need A-game opsec they need an A++ to stay safe. And if I were a provider I would stay the eff away from OH2 at this point. While it's not guaranteed, there's something that stinks at OH2 so to be ++ I'd stay away. I hope that the logical reasons outlined help people and hopefully save somebody's butt from being behind bars.

Lust not love-The cert encrypts all the traffic between you and the site. If you don't have a working cert, and you work with the ISP, it's like picking up the other landline phone and listening into the conversation (which makes me feel ancient). Encryption can be broken by a supercomputer or a dedicated enough adversary, like spy vs. spy stuff; however, for something like OH2 you'd never get those resources. Even the FBI asked Apple to remove encryption or provide a back door for iPhones to stop big-time criminals and was denied. Encryption hurts LE activities but if it's big enough it won't stop them (not saying OH2 is a nation-state threat guys, let's not go down that rabbit hole again!). So the simplest answer-just remove encryption and walk through the front door.

[MarcellusWalluz]

Quote:

Originally Posted by Cancercrab69

So the big question…where are all the whores advertising now!?

They stroll the track

[BigTex6]

I can’t even freaking log in. Am I the only one!

[Jonnydoe101]

I couldn’t log in too. I was able to log in a couple of day ago with multiple tries. I guess that strategy is not working anymore.