Welcome to ECCIE, become a part of the fastest growing adult community. Take a minute & sign up!

Welcome to ECCIE - Sign up today!

Become a part of one of the fastest growing adult communities online. We have something for you, whether you’re a male member seeking out new friends or a new lady on the scene looking to take advantage of our many opportunities to network, make new friends, or connect with people. Join today & take part in lively discussions, take advantage of all the great features that attract hundreds of new daily members!

Go Premium

Go Back   ECCIE Worldwide > Texas > Houston > The Sandbox - Houston
test
The Sandbox - Houston The Sandbox is a collection of off-topic discussions. Humorous threads, Sports talk, and a wide variety of other topics can be found here. If it's NOT an adult-themed topic, then it belongs here

Most Favorited Images
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
Most Liked Images
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
Top Reviewers
cockalatte 646
MoneyManMatt 490
Still Looking 399
samcruz 399
Jon Bon 396
Harley Diablo 377
honest_abe 362
DFW_Ladies_Man 313
Chung Tran 288
lupegarland 287
nicemusic 285
You&Me 281
Starscream66 278
George Spelvin 265
sharkman29 255
Top Posters
DallasRain70793
biomed163220
Yssup Rider60919
gman4453294
LexusLover51038
offshoredrilling48646
WTF48267
pyramider46370
bambino42564
CryptKicker37215
The_Waco_Kid36980
Mokoa36496
Chung Tran36100
Still Looking35944
Mojojo33117

Reply
 
Thread Tools
Old 02-22-2022, 01:15 PM   #1
JustforFun2012
Premium Access
 
JustforFun2012's Avatar
 
Join Date: Jun 9, 2010
Location: Houston
Posts: 319
Encounters: 24
Default OH2 Should be Seen as a Threat

The other site, OH2, has had SSL certificate issues all this week. This is typically something sysadmins can briefly struggle with, so maybe it's the cause, but it's typically an 'oops I forgot that certificate' and quickly gets fixed. I'd estimate one business day even for a newbie to get this fixed, at most if there are skills and $ to fix it.

But this duration is strange....So it got me thinking of other potential causes-

1) The site has been hacked-More in a moment
2) OH2 has an inept or no sysadmin
3) No $ to buy the replacement certificate ($50+).

So #2 is unlikely, it took somebody to create the site after all and even if things went sideways with the old guy, a hire can be addressed online. #3-it's just too low of a bar to cross, they surely earn plenty of $ from ads, waaaaayyyyy way more than $50.

So #1 got me thinking-why. What do you have to gain as a hacker from a site like OH2/Eccie? Not much direct revenue, not like putting ransomware out there. You can't embed viruses/worms and effect everybody, even Google would mark Eccie as a threat. So it leads to my last conclusion, and I'm typically not this conspiracy minded: State sponsored hacking.

A brief tech background: If you visit a site with an SSL certificate (cert) the data between you and the site is encrypted, or scrambled, so an eavesdropper can't hear your conversation. If you spoke an extinct language only you and your buddy knew, it doesn't matter if an eavesdropper is there, they won't understand your dead language. This is a decent enough analogy to encryption of the site to your PC or phone.

So as it stands today, if I'm LE, I don't need a warrant to get everybody's passwords and info. I just have to break their SSL certificate, prevent it from being corrected, and then work with the Internet provider to get everybody's username, pw, and any other critical info. Most Internet providers will have a low bar and most already work with LE. Since this has been down all week, and other sites as noted in another thread, I think something else is going on that's bigger and why I wrote this novella.

If I were you I wouldn't do any interactions on OH2 or login again unless you understand that somebody can see your actions and words. Hope you have a separate username there vs. here and a unique password. I'd stay OFF of OH2 until this is fixed and even then I'm suspicious.

Be careful out there. I hope to hell I'm wrong as can be but this is pretty damn fishy by this point.
JustforFun2012 is offline   Quote
Old 02-22-2022, 03:21 PM   #2
ThoreXile
Premium Access
 
Join Date: Sep 10, 2016
Location: Alvin
Posts: 1,037
Encounters: 39
Default

I think CK is 1.stupid, 2.inept and 3. easy to do a DDOS on his SSL cert. He is being dosed as we speak and he pissed al ot of people. I will just leave it at that. Ain't LE 10000%
ThoreXile is offline   Quote
Old 02-22-2022, 03:29 PM   #3
winn dixie
Valued Poster
 
winn dixie's Avatar
 
Join Date: Jun 5, 2017
Location: austin
Posts: 22,632
Encounters: 22
Default

That owner has worked with LE in the past. And has proven to throw others under the bus to save his hide.
winn dixie is offline   Quote
Old 02-22-2022, 03:40 PM   #4
JustforFun2012
Premium Access
 
JustforFun2012's Avatar
 
Join Date: Jun 9, 2010
Location: Houston
Posts: 319
Encounters: 24
Default

Quote:
Originally Posted by ThoreXile View Post
I think CK is 1.stupid, 2.inept and 3. easy to do a DDOS on his SSL cert. He is being dosed as we speak and he pissed al ot of people. I will just leave it at that. Ain't LE 10000%
Thor, I can go down the rabbit hole technically again but DDOS and SSL certs are NOT the same. DDOS just prevents you getting there. You get a page cannot be displayed or hourglass just sits with nothing.

This issue seen today is different, like a misconfigured server intentionally.

Another analogy-DDOS is like running out of gas, it can work again once the denial of service (DOS in DDOS) is done. A bad cert is like putting diesel into a gas car-it's not going to work, ever.

If the follow-up response is accurate, everybody active on OH2 especially providers SHOULD be scared at this point. I cited this as a concern b/c it's different than a DDOS attack and more concerning. IDK CK or his history so I'm not going to guess at that but...at a technical level this server is frankly dangerous AF and smells so fishy it's like Portland's fish market on a 100F day.
JustforFun2012 is offline   Quote
Old 02-22-2022, 05:03 PM   #5
atanion
Premium Access
 
atanion's Avatar
 
Join Date: Sep 22, 2020
Location: Houston
Posts: 778
Encounters: 72
Default

JustsforFun2012, I'm curious, if I tried to login to OH2, and my username and password were transmitted in an unencrypted fashion, what's the danger? I use a different password on this site, and I've never shared personal information with anyone on OH2. What should I be worried about?
atanion is offline   Quote
Old 02-22-2022, 05:43 PM   #6
GhostRiderYYZ
Valued Poster
 
Join Date: Jan 17, 2022
Location: houston
Posts: 462
Encounters: 15
Default

to break an SSL you would have to hack either the site that issued it or the site that uses it. HACKING is a FELONY & LE is not about to do that because if it was proven (and most likely it could be as net traffic, routes, IP address's can be logged by 3rd party monitoring) then LE would be in serious trouble as the felony would be a federal one.

the moral outcry would be "so what, its a hooker board" but the legal argument against that would be "If the cops can't get what they want they will HACK your system until they get what they want because they are immune from prosecution" ergo your privacy would be at stake and guess what.. the 4th amendment is one we ALL love!

And if it was LE doing this and it was proven, any evidence would not be allowed because they "did not have a search warrant / court order" so that would set them back.

I think this is just some hacking group poking around.. some net research might yield a more focused form of answer, like if this a shared server what else is on that server as it might be the target and Oh2 is collateral damage. Same as RR
GhostRiderYYZ is offline   Quote
Old 02-22-2022, 06:07 PM   #7
TryWeakly
Valued Poster
 
TryWeakly's Avatar
 
Join Date: Sep 18, 2014
Location: .
Posts: 11,345
Default

So you are implying that LE doesnt do anything illegal?
TryWeakly is offline   Quote
Old 02-22-2022, 07:08 PM   #8
Tiger811
Lifetime Premium Access
 
Join Date: Jan 8, 2010
Location: Houston
Posts: 108
Default

I am no expert but it seems as though RR is having some of the same issues.

Over the last year, our site has been under constant cyber attack. Attackers have phished users' data, rerouted DNS traffic, spoofed transactions, DDOS attacked our IP address, stolen ads from users, and more. The attacks have been relentless and sophisticated. The latest attack occurred 2/19/22, and the hackers wiped out our users' ads and images from our ad database.

To continue, we will need to perform an infrastructure overhaul and repair the damage. We do not have a timeline for completion, so we are recommending advertisers use a different website for now. We sincerely apologize for this turn of events.
Tiger811 is online now   Quote
Old 02-22-2022, 08:05 PM   #9
ThoreXile
Premium Access
 
Join Date: Sep 10, 2016
Location: Alvin
Posts: 1,037
Encounters: 39
Default

Quote:
Originally Posted by JustforFun2012 View Post
Thor, I can go down the rabbit hole technically again but DDOS and SSL certs are NOT the same. DDOS just prevents you getting there. You get a page cannot be displayed or hourglass just sits with nothing.

This issue seen today is different, like a misconfigured server intentionally.

Another analogy-DDOS is like running out of gas, it can work again once the denial of service (DOS in DDOS) is done. A bad cert is like putting diesel into a gas car-it's not going to work, ever.

If the follow-up response is accurate, everybody active on OH2 especially providers SHOULD be scared at this point. I cited this as a concern b/c it's different than a DDOS attack and more concerning. IDK CK or his history so I'm not going to guess at that but...at a technical level this server is frankly dangerous AF and smells so fishy it's like Portland's fish market on a 100F day.
I do this for a a living since my ruski days LOL. I started as a blackhat and moved to grey and then white hat. Is a DDOS



ThoreXile is offline   Quote
Old 02-22-2022, 08:46 PM   #10
Austin Ellen
Account Disabled
 
User ID: 248809
Join Date: Jun 25, 2014
Posts: 5,654
My ECCIE Reviews
Default

You just spread lies and lies. You're the one who outs ladies and stalks ladies on OH2. You are the one who is the threat.
That's why you get banned over there but you keep wanting to come back begging CK to let you back on his site. Pathatic.






Quote:
Originally Posted by winn dixie View Post
That owner has worked with LE in the past. And has proven to throw others under the bus to save his hide.
Austin Ellen is offline   Quote
Old 02-22-2022, 10:00 PM   #11
MarcellusWalluz
(Xzn/Xzan)
 
MarcellusWalluz's Avatar
 
Join Date: Aug 11, 2016
Location: Harmaston
Posts: 4,804
Encounters: 91
Default

@ Austin Ellen: If you ever cum out of retirement let me know.
MarcellusWalluz is offline   Quote
Old 02-23-2022, 10:36 AM   #12
JustforFun2012
Premium Access
 
JustforFun2012's Avatar
 
Join Date: Jun 9, 2010
Location: Houston
Posts: 319
Encounters: 24
Default

Quote:
Originally Posted by atanion View Post
JustsforFun2012, I'm curious, if I tried to login to OH2, and my username and password were transmitted in an unencrypted fashion, what's the danger? I use a different password on this site, and I've never shared personal information with anyone on OH2. What should I be worried about?
First up a DDOS and what's going on with RR is markedly different than a cert, what effects OH2. Really read up on Wikipedia at a minimum about the tech, DDOS is too much traffic for the server while a cert issue is a certificate located ON the server. Different tech, applications, etc. I'm not debating that further when I know I'm right.

Now, here's a simple scenario of how LE can benefit from a similar situation. I'm not saying this is what happened to OH2 but it well could:

LE works with the ISP hosting RR or OH2 or whatever site they're targeting. ISPs will readily work with LE as it's a mutually beneficial relationship in stopping hackers. In this instance the LE probably won't need a warrant or extensive support due to their relationship that's existing. If you're an ISP and your network is being DDOS'ed you're freaking calling the FBI to help.

It
happens
a lot.

Site's certificate times out or gets intentionally corrupted by the owner of the site b/c he's working with LE. Certs need annual refreshes but can be purchase for up to 10 yrs. in advance. Let's say that have a 1 yr. and they know it expires 2/1/22. With a broken cert everything goes clear-text between that site with the bad cert and the public Internet. LE starts listening to the network traffic between the server and the Internet. If the cert works, it makes their job VERY difficult b/c they have to decrypt/unscramble everything. If the cert is broken now they see your login, your DMs, searches, etc.

It's not necessarily what you'd say directly but if I'm LE I can now combine what you sent in PMs for buddies asking questions, your searches, as well as a review. Now that's getting harder to prove in a court vs. saying it wasn't you. 2nd up, and more impact, if I'm LE now I see all the DMs to/from providers so I know who their client is IRL, who they are, and what clients are coming up. I can find info on all the providers and get the initial info to continue with future warrants / research. Instead of hunting providers 1x at a time, I get them all in an area and can nab 100's at a time.

It's not too outlandish or crazy. Like I said before, fixing a SSL cert is relatively trivial so it's just weird AF that it's broken this long. That alone is troubling and that plus scenarios that can happen like the above make OH2 frankly untrustworthy.

If they're legit, fix the cert quickly to prove me wrong (really please do, I'd rather have more sites vs. 1 trustworthy one!).
JustforFun2012 is offline   Quote
Old 02-23-2022, 10:53 AM   #13
JustforFun2012
Premium Access
 
JustforFun2012's Avatar
 
Join Date: Jun 9, 2010
Location: Houston
Posts: 319
Encounters: 24
Default

Quote:
Originally Posted by GhostRiderYYZ View Post
to break an SSL you would have to hack either the site that issued it or the site that uses it. HACKING is a FELONY & LE is not about to do that because if it was proven (and most likely it could be as net traffic, routes, IP address's can be logged by 3rd party monitoring) then LE would be in serious trouble as the felony would be a federal one.

the moral outcry would be "so what, its a hooker board" but the legal argument against that would be "If the cops can't get what they want they will HACK your system until they get what they want because they are immune from prosecution" ergo your privacy would be at stake and guess what.. the 4th amendment is one we ALL love!

And if it was LE doing this and it was proven, any evidence would not be allowed because they "did not have a search warrant / court order" so that would set them back.

I think this is just some hacking group poking around.. some net research might yield a more focused form of answer, like if this a shared server what else is on that server as it might be the target and Oh2 is collateral damage. Same as RR
Ghostrider-If you think that Fed or LE won't hack a target despite the legality of hacking or not hacking you need to research:

1) The Shadow Brokers-This is the NSA's hacking arm that ahem, hacks us, you, everybody

2) Stuxnet-Developed with a Windows 0 day vulnerability Microsoft knew nothing about for YEARS. Used by the US and Israli intel to attack Iranian nuke centrifuges

3) NSA has dedicated fiber taps into ALL Internet traffic coming/going. Just google 'Att nsa room'

That's just the tip of the iceberg. I hate to shatter your ideas but yeah-LE will do WTF they want whenever they want laws or not involved. They have fed support. This list above is just the BIG stuff that came out via Wikileaks and other leaks. The small, local LE stuff probably never hits the radar or news...ever. IF this is what's going on I'm sure the Fed will participate to have 100's-1000's of providers busted nationally. They'll blame Russia, N Korea, China etc. on this 'hack' but the truth of their method will NOT come out.

This is why I'm raising an alarm bell. It's not only capable, to me it's more probable than you think. If this is news to you please wake up yourself and other sheeple and research the above.
JustforFun2012 is offline   Quote
Old 02-23-2022, 10:56 AM   #14
GhostRiderYYZ
Valued Poster
 
Join Date: Jan 17, 2022
Location: houston
Posts: 462
Encounters: 15
Default

Quote:
Originally Posted by TryWeakly View Post
So you are implying that LE doesnt do anything illegal?
No, I am implying that if LE did something illegal to obtain evidence of a crime and it was proven they did, any and all evidence they obtained would be tossed out and not be allowed.

Ask a lawyer about this

But *WOULD* they do something illegal ? jury is still out on this one.
GhostRiderYYZ is offline   Quote
Old 02-23-2022, 11:03 AM   #15
GhostRiderYYZ
Valued Poster
 
Join Date: Jan 17, 2022
Location: houston
Posts: 462
Encounters: 15
Default

Quote:
Originally Posted by JustforFun2012 View Post
Ghostrider-If you think that Fed or LE won't hack a target despite the legality of hacking or not hacking you need to research:

1) The Shadow Brokers-This is the NSA's hacking arm that ahem, hacks us, you, everybody

2) Stuxnet-Developed with a Windows 0 day vulnerability Microsoft knew nothing about for YEARS. Used by the US and Israli intel to attack Iranian nuke centrifuges

3) NSA has dedicated fiber taps into ALL Internet traffic coming/going. Just google 'Att nsa room'


That's just the tip of the iceberg. I hate to shatter your ideas but yeah-LE will do WTF they want whenever they want laws or not involved. They have fed support. This list above is just the BIG stuff that came out via Wikileaks and other leaks. The small, local LE stuff probably never hits the radar or news...ever. IF this is what's going on I'm sure the Fed will participate to have 100's-1000's of providers busted nationally. They'll blame Russia, N Korea, China etc. on this 'hack' but the truth of their method will NOT come out.

This is why I'm raising an alarm bell. It's not only capable, to me it's more probable than you think. If this is news to you please wake up yourself and other sheeple and research the above.

hmm so let me get this straight:

the FEDERAL GOVERNMENT is hacking an escort review board *AND* possibly a website that advertises body rubs for what purpose? International Security? What are they looking for?

Stuxnet if you recall sabotaged the centrifuges of Iran to prevent them from creating nuclear material, as for the NSA and your theory of them hacking Oh2 etc.. you need to add another layer of tinfoil to your hat.
GhostRiderYYZ is offline   Quote
Reply



AMPReviews.net
Find Ladies
Hot Women

Powered by vBulletin®
Copyright © 2009 - 2016, ECCIE Worldwide, All Rights Reserved