Slashdot Mirror

Well, in my case this particular client application is normally installed as full desktop app, running it an applet is possible and I sometimes do it, but that's not the main selling feature. In reality there is no reason to run this application in a browser. In a store there are normally 2 computers for administrators - one is on the Internet and internal network, and the other is on the internal network only. Both computers have the client installed and one of them has the server installed, both clients connect to that server.

The client app can control the store over the Internet without a browser as well. One issue that I found is that I have to replace the default open sdk that comes with Ubuntu for Sun implementation of the JVM. Also out of 15 computers installed, 3 are sometimes misbehaving in a strange way, the JVM gets killed with a weird problem like this. Yes, not everything is 100% smooth, but having this on 3 computers out of 15 (which really need to be replaced), is telling me that something is more likely to be wrong with the entire setup rather than the language or the JVM.

I don't think you get what the parent was talking about:

http://pastebin.com/BBquTAt3

Funny enough, the "climate change" label was brought about by the Bush administration for political reasons. It was a euphemism requested by the Republicans.

Also your hate for Al Gore is understandable, in the long run he'll be seen as doing far more harm than good. I've written about the damage he's done before.

Can you point me to the relevant changes in CVS?
I did some basic testing using the venerable cygbench and Gergely Szabo's fork benchmark and uploaded the results to pastebin. Looks like the current snapshot really is the fastest. Any idea when Corinna releases 1.7.10?

http://pastebin.com/PLC63ZKi

Here is an option for some of those systems:
* SNES flash cart $145
* NES flash cart $135

The only fanless emulation I've experienced was a fully cracked PSP with:
* PSP2600 1.2.0 (atari 2600)
* SMSPlus 1.2.55 (GG, SMS)
* Masterboy V2.10 (GB, GBC, GG, SMS)
* Nester J 1.12 (NES)
* picodrive 1.35b R (Megadrive/Genesis)
* Snes9x Euphoria R2 (SNES)
* gpSP Kai 3.4 test 3 (GBA)

And with an 8GB SDHC + Memory Stick Pro Duo adapter, you can fit one copy of EVERY GAME ever made for all of those systems (except the GBA collection, which is quite large).

I just wanted better interactivity on a -rt kernel so for all I know this will not work,
furthermore I can't say I know how the nvidia driver works and I prefer not to know
either, this was just observing their glue code.

http://pastebin.com/trj5tzH6

I can't even say for sure if/where os smp barriers are used, so that might be a
noop, or the reason why suspend fails for me. Some ideas were used from this
old thread, but linux issues clflush by default now:

http://www.nvnews.net/vbulletin/showthread.php?t=67430

The Comodo and Diginotar break-ins and theft were traced to Iran. To me, when I read the pastebin post, I felt it was a cover up bit meant to mislead the general public. Any additional hack thereafter, such as GlobalSign, would simply be to cover up their actions.

I'm not talking about hiding the activity, but to make it seem like Iran wasn't a participant.

What on the posted PasteBin messages made you think that it's trying to deflect attention from Iran? It seems like the exact opposite to me, if anything. I mean, the very first message from the "ComodoHacker" guy says:

"Rule#3: Anyone inside Iran with problems, from fake green movement to all MKO members and two faced terrorist, should afraid of me personally. I won't let anyone inside Iran, harm people of Iran, harm my country's Nuclear Scientists, harm my Leader (which nobody can), harm my President, as I live, you won't be able to do so. as I live, you don't have privacy in internet, you don't have security in digital world, just wait and see..."

From http://pastebin.com/85WV10EL

He mentions GlobalSign. I'm assuming DigiNotar is not in one four remaining? StartCom dodged this mess (good for Eddy!).

So there are possibly 3 more CAs that have been compromised. Which ones?

I do find it interesting that the fellow is going after the Dutch government for the Srebrenica event. I wonder what he has in store for the Serbian government?

Hell, if he really hacked it, he'd have signed the message with DigiNotar's key.

The most recent message from the guy gives the following link as a proof:

http://www.multiupload.com/EHI7YZAF4G

with the following explanation:

"I signed windows calculator using Google Cert, you have to have private key of cert to be able to sign calculator. It's enough reason/proof."

A script was found on CA server public 2025. The script was written in a special scripting language only used to develop PKI software. The purpose of the script was to generate signatures by the CA for certificates which have been requested before. The script also contains English language which you can find in Annex 5.3. In the text the hacker left his fingerprint: Janam Fadaye Rahbar. The same text was found in the Comodo hack in March of this year. This breach also resulted in the generation of rogue certificates.

Given the date of the publication on pastebin, the person who is now claiming to be the hacker only has proven that he or she has read the report.

Here are the messages from ComodoHacker on pastebin:

http://pastebin.com/u/ComodoHacker

He published a cert for Mozilla in March.

Disturbingly they seem to have considered not wiping and reinstalling.

System is being verified from backups, signatures, etc. As of right
now things look correct, however we MAY take the system down soon to do
a full reinstall and for more invasive checking.

(emphasis added) John 'Warthog9' Hawley
Chief Kernel.org Administrator http://pastebin.com/BKcmMd47

It appears that the chief kernel.org system administrator is so naive about security that he doesn't even realize the absolute necessity of a full wipe and reinstall after compromise of such an important site. It also appears that there was no routine booting from read only media to check system files and startup scripts for changes. And no daily rootkit scan. If it was me, I would trash the motherboard for fear of BIOS or other firmware contamination. Exploits living on the firmware of network cards and other places have been demonstrated.

http://cryptome.org/z/z.7z (368MB) pwd: ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay# http://pastebin.com/SBq9Xpsr http://cryptome.org/xyz/x.gpg.torrent (Returns xyz_x.gpg, 409MB. No passphrase yet) http://cryptome.org/xyz/y.gpg.torrent (Returns xyz_y.gpg, 88MB. No passphrase yet) http://cryptome.org/xyz/y-docs.gpg.torrent (Returns xyz_y-docs.gpg, 8MB. No passphrase yet) http://cryptome.org/xyz/z.gpg.torrent (Returns xyz_z.gpg, 368MB. Passphrase below) "xyz_z.gpg" and "z.gpg" appear to be identical and both decrypt to "z.7z." The decrypted file is "z.7z," 368MB, which unzips to "cables.csv," about 1.7GB in size, dated 4/12/2010.

Here's a copy of the initial post of the DCemu thread linked in the summary:

I received this cease and desist letter from Atari, are they completely dumb, did you guys get one? Should we be concerned? As far as I know, its still legal to distribute emulators unless some new law passed? and of all the sites, they are referring to my old ass DCEmu archive.

"Atari, Inc.
417 5th Avenue
New York, NY 10016-2204

Tel: 212-726-6500
Fax: 212-726-4214
E-mail: us.legal@atari.com

August 30, 2011

Re: seanbajuice.com

Dear Domain Admin:

I am writing on behalf of Atari, Inc./Atari Interactive, Inc. (“Atari”) to demand that you immediately and permanently cease and desist from the infringing activities described below and comply with the other demands set forth in this letter.

Atari is a global producer, publisher and distributor of interactive entertainment software for all market segments and all interactive game platforms. Atari is the exclusive owner of intellectual property rights, including copyrights and trademarks, in numerous interactive entertainment software products, including those listed below, and vigilantly protects its rights.

Based on available information, Atari has a good faith belief that the url(s):

http://dcemu.seanbajuice.com/dcemu-atari800.htm
http://dcemu.seanbajuice.com/dcemu-DC7800.htm
http://dcemu.seanbajuice.com/dcemu-dcs2600.htm
http://dcemu.seanbajuice.com/dcemu-lynx.htm
http://dcemu.seanbajuice.com/dcemu-stelladc.htm

infringes its copyright and other intellectual property right by copying, reproducing and/or offering for distribution, display and/or download (including through links to other sites) unauthorized console emulation software and/or unauthorized copies of game products (software) protected by Atari’s copyright rights. Atari’s copyrighted works that have been infringed include:

Atari 800; Atari 2600; Atari 7800; Atari Lynx

The infringing material or the material that is the subject of infringing activities (collectively referred to as “Infringing Material”) is listed and/or identified by console and game-related titles or variations thereof, console and game-related descriptions, or images of console and game-related artwork.

The Infringing Material is in violation of Atari’s exclusive rights under the United States Copyright Act. It therefore constitutes copyright infringement in violation of 17 U.S.C. 501.

Pursuant to the provisions of the Digital Millennium Copyright Act (“DMCA”), which is codified at 17 USC 512, Atari demands that you 1) expeditiously remove or disable access to the Infringing Material; and 2) take steps to prevent further infringement of Atari’s intellectual property rights at the above referenced URL(s).

I have a good faith belief that use of the copyrighted materials described herein is not authorized by Atari, its agent, or the law. The information in this notification is accurate. Under penalty of perjury, I affirm I am authorized to act on behalf of Atari whose exclusive copyright rights I believe to be infringed as described herein.

This notice is not intended to be a complete statement of the facts or law in this matter. Nor is it intended to be a complete statement of Atari's positions, rights or remedies, legal or equitable, all of which are specifically reserved.

If you have any questions, please contact me by phone 212-726-6500 or email at us.legal@atari.com.

Thank you.

Regards,

Kristen Keller,
SVP & General Counsel"

http://pastebin.com/kmkN7zCM

I highly recommend a pastebin service for such things. Not only do they not eat your code at random, but they keep things nice and not blobbed up, and even support syntax highlighting!

Code on http://pastebin.com/FhUYuRsb

Just disable JavaScript in the meantime.

Here's the actual link to the original Anon / LulzSec / AntiSec / ... http://pastebin.com/LAykd1es

This corrupted organization gathered all the evidence from the seized property of suspected computer professional entertainers and utilized it over many years to conduct illegal operations with foreign intelligence agencies and oligarchy to facilitate their lust for power and money, they never used obtained evidence to really support ongoing investigations.

Also, it's nice to see that CNAIPIC subscribes to the "big useless video wall" school of command center design. (there are also diagrams of their network architecture in that album)

strange that manifestos and data dumps from pastebin have become normal news http://pastebin.com/r21cExeP

Behold the magical juicer!

Certainly the Rip Rig sounds like it could help (aside from the monstercables snake oil)

Once you get to the absolute copy of the original analog or binary, scientifically demonstrable from the IT and SE departments and tools, theres no need to further compress it. As lots of people have argued above us, there no reason for everybody to not be using FLAC, only that Apple thinks it's not cool enough to shove a simple FLAC codec or hardware support because they have ACC ALAC, (wich is not bad) and everybody know that if it doesn't exist in iPod land is not woth the attention of the general public. rockbox FTW

I have always said, when I can go to the iTunes store and buy the original tracks of a song, free of mixing and crap, I would probably go bankrupt and insane learning to mix my own versions of the songs over and over and over. Musical industry give us the digital carcass of what once was an analog unrestricted manifestation. * pointing fingers* You're not getting a dollar from my pocket until then media industry!

Check out the passwords in the paste bin. Who the hell comes up with these? Two letters, one for the first name, one for the last name and a 4 digit numeric code?

Aww, no Unicode on Slashdot. Oh well, you can see it here:

http://pastebin.com/E6HPwie1

You have still ignored my challenge, so I will ignore all of yours.

Sounds like they've pissed enough people off that they're starting to get ID'ed

A winner is you! captcha: fatally. The lesson is if you're going on a public hacking spree then don't use the same nick you've been using for ten years everywhere on the web.

Proof again you can break into FBI or CIA, or you can talk about it, but you cant do both for very long.

This here explains it in some more words: https://www.infosecisland.com/blogview/14706-LulzSec-How-Not-to-Run-an-Insurgency.html#.TgNxjyifa2A.twitter

Pastebin, HackerNews thread.

"Possibly" since this is not confirmed by their official twitter yet.

I'm hoping that this isn't true, there's enough info in there like DoB and national insurance number to pose a significant identity theft risk, but given our government's track record it's totally believable that it might be ...

http://pastebin.com/uRsvDd82

I still have the html. If anyone has an idea where to host it let me know.

So much as it is a MTGox story.

About a week ago the first rumors of MtGox being compromised by a SQL injection exploit began to circulate.
Here's one of the original claims from someone calling themselves Buttsec from June 14th. Others which I'm too lazy to dig up were more specific and named MtGox explictly:
http://pastebin.com/4NPemHfz

On that very same day, MTGox implemented a $1000 dollar withdrawal limit. Suspicious, right? For the past 3 days, there have been offers to sell MTGox's database of usernames and password hashes. Here's an example:

http://pastebin.com/ui0nusuZ

Today, there is this:
http://pastebin.com/hN7PxRhc
http://pastebin.com/w06pa2mB (there are many of these, the first link gives you the urls if you want to see them all)

This confirms MTGox was indeed hacked. One of the hackers offering to sell this database that came out today had even specifically mentioned that the hole he had used was CLOSED by MTGox a couple of days ago. Today, FINALLY, MTGox admits they were hacked and has sent out emails to all their users. Here is a copy:
http://pastebin.com/9Cx94wzs

In light of all of the evidence (more of which I'm sure you can find on your own), I find it very hard to believe that MtGox was not aware they had been hacked, and yet they've been denying it and operating normally (aside from the newly added withdrawal limit, which they even boast about in the linked press release). In fact, I found one reddit page of many where MtGox users were complaining there accounts had been compromised (There have been many over the past week) and the employee flat out denies that they have ANY reason to suspect they've been compromised:

Here's one such complaint among many: http://www.reddit.com/r/Bitcoin/comments/i17jd/i_just_got_ripped_off_on_mtgox/
And here's one with an employee denial: http://www.reddit.com/r/Bitcoin/comments/i2dkn/mt_gox_has_some_serious_issues/
Here's all that (purported) employees posts: http://www.reddit.com/user/MtGox_Adam

Long story short: For the last week (5 days at least), I've been wondering if MtGox had been truly hacked or if someone was just trying to depress the price of bitcoins by spreading rumors. Today I don't have to wonder anymore. What I do have to wonder about is why has MtGox kept silent for the past week when ALL indications were that they KNEW. They fixed the hole, added the withdrawal limit, and yet kept on denying they had an issue when dozens of users complained of account compromises. Rather than admit the issue and try to have it fixed, they apparently tried to keep it a secret. How can we trust any company that handles security issues in this manner?

So much as it is a MTGox story.

About a week ago the first rumors of MtGox being compromised by a SQL injection exploit began to circulate.
Here's one of the original claims from someone calling themselves Buttsec from June 14th. Others which I'm too lazy to dig up were more specific and named MtGox explictly:
http://pastebin.com/4NPemHfz

On that very same day, MTGox implemented a $1000 dollar withdrawal limit. Suspicious, right? For the past 3 days, there have been offers to sell MTGox's database of usernames and password hashes. Here's an example:

http://pastebin.com/ui0nusuZ

Today, there is this:
http://pastebin.com/hN7PxRhc
http://pastebin.com/w06pa2mB (there are many of these, the first link gives you the urls if you want to see them all)

This confirms MTGox was indeed hacked. One of the hackers offering to sell this database that came out today had even specifically mentioned that the hole he had used was CLOSED by MTGox a couple of days ago. Today, FINALLY, MTGox admits they were hacked and has sent out emails to all their users. Here is a copy:
http://pastebin.com/9Cx94wzs

In light of all of the evidence (more of which I'm sure you can find on your own), I find it very hard to believe that MtGox was not aware they had been hacked, and yet they've been denying it and operating normally (aside from the newly added withdrawal limit, which they even boast about in the linked press release). In fact, I found one reddit page of many where MtGox users were complaining there accounts had been compromised (There have been many over the past week) and the employee flat out denies that they have ANY reason to suspect they've been compromised:

Here's one such complaint among many: http://www.reddit.com/r/Bitcoin/comments/i17jd/i_just_got_ripped_off_on_mtgox/
And here's one with an employee denial: http://www.reddit.com/r/Bitcoin/comments/i2dkn/mt_gox_has_some_serious_issues/
Here's all that (purported) employees posts: http://www.reddit.com/user/MtGox_Adam

Long story short: For the last week (5 days at least), I've been wondering if MtGox had been truly hacked or if someone was just trying to depress the price of bitcoins by spreading rumors. Today I don't have to wonder anymore. What I do have to wonder about is why has MtGox kept silent for the past week when ALL indications were that they KNEW. They fixed the hole, added the withdrawal limit, and yet kept on denying they had an issue when dozens of users complained of account compromises. Rather than admit the issue and try to have it fixed, they apparently tried to keep it a secret. How can we trust any company that handles security issues in this manner?

So much as it is a MTGox story.

About a week ago the first rumors of MtGox being compromised by a SQL injection exploit began to circulate.
Here's one of the original claims from someone calling themselves Buttsec from June 14th. Others which I'm too lazy to dig up were more specific and named MtGox explictly:
http://pastebin.com/4NPemHfz

On that very same day, MTGox implemented a $1000 dollar withdrawal limit. Suspicious, right? For the past 3 days, there have been offers to sell MTGox's database of usernames and password hashes. Here's an example:

http://pastebin.com/ui0nusuZ

Today, there is this:
http://pastebin.com/hN7PxRhc
http://pastebin.com/w06pa2mB (there are many of these, the first link gives you the urls if you want to see them all)

This confirms MTGox was indeed hacked. One of the hackers offering to sell this database that came out today had even specifically mentioned that the hole he had used was CLOSED by MTGox a couple of days ago. Today, FINALLY, MTGox admits they were hacked and has sent out emails to all their users. Here is a copy:
http://pastebin.com/9Cx94wzs

In light of all of the evidence (more of which I'm sure you can find on your own), I find it very hard to believe that MtGox was not aware they had been hacked, and yet they've been denying it and operating normally (aside from the newly added withdrawal limit, which they even boast about in the linked press release). In fact, I found one reddit page of many where MtGox users were complaining there accounts had been compromised (There have been many over the past week) and the employee flat out denies that they have ANY reason to suspect they've been compromised:

Here's one such complaint among many: http://www.reddit.com/r/Bitcoin/comments/i17jd/i_just_got_ripped_off_on_mtgox/
And here's one with an employee denial: http://www.reddit.com/r/Bitcoin/comments/i2dkn/mt_gox_has_some_serious_issues/
Here's all that (purported) employees posts: http://www.reddit.com/user/MtGox_Adam

Long story short: For the last week (5 days at least), I've been wondering if MtGox had been truly hacked or if someone was just trying to depress the price of bitcoins by spreading rumors. Today I don't have to wonder anymore. What I do have to wonder about is why has MtGox kept silent for the past week when ALL indications were that they KNEW. They fixed the hole, added the withdrawal limit, and yet kept on denying they had an issue when dozens of users complained of account compromises. Rather than admit the issue and try to have it fixed, they apparently tried to keep it a secret. How can we trust any company that handles security issues in this manner?

So much as it is a MTGox story.

About a week ago the first rumors of MtGox being compromised by a SQL injection exploit began to circulate.
Here's one of the original claims from someone calling themselves Buttsec from June 14th. Others which I'm too lazy to dig up were more specific and named MtGox explictly:
http://pastebin.com/4NPemHfz

On that very same day, MTGox implemented a $1000 dollar withdrawal limit. Suspicious, right? For the past 3 days, there have been offers to sell MTGox's database of usernames and password hashes. Here's an example:

http://pastebin.com/ui0nusuZ

Today, there is this:
http://pastebin.com/hN7PxRhc
http://pastebin.com/w06pa2mB (there are many of these, the first link gives you the urls if you want to see them all)

This confirms MTGox was indeed hacked. One of the hackers offering to sell this database that came out today had even specifically mentioned that the hole he had used was CLOSED by MTGox a couple of days ago. Today, FINALLY, MTGox admits they were hacked and has sent out emails to all their users. Here is a copy:
http://pastebin.com/9Cx94wzs

In light of all of the evidence (more of which I'm sure you can find on your own), I find it very hard to believe that MtGox was not aware they had been hacked, and yet they've been denying it and operating normally (aside from the newly added withdrawal limit, which they even boast about in the linked press release). In fact, I found one reddit page of many where MtGox users were complaining there accounts had been compromised (There have been many over the past week) and the employee flat out denies that they have ANY reason to suspect they've been compromised:

Here's one such complaint among many: http://www.reddit.com/r/Bitcoin/comments/i17jd/i_just_got_ripped_off_on_mtgox/
And here's one with an employee denial: http://www.reddit.com/r/Bitcoin/comments/i2dkn/mt_gox_has_some_serious_issues/
Here's all that (purported) employees posts: http://www.reddit.com/user/MtGox_Adam

Long story short: For the last week (5 days at least), I've been wondering if MtGox had been truly hacked or if someone was just trying to depress the price of bitcoins by spreading rumors. Today I don't have to wonder anymore. What I do have to wonder about is why has MtGox kept silent for the past week when ALL indications were that they KNEW. They fixed the hole, added the withdrawal limit, and yet kept on denying they had an issue when dozens of users complained of account compromises. Rather than admit the issue and try to have it fixed, they apparently tried to keep it a secret. How can we trust any company that handles security issues in this manner?

So much as it is a MTGox story.

About a week ago the first rumors of MtGox being compromised by a SQL injection exploit began to circulate.
Here's one of the original claims from someone calling themselves Buttsec from June 14th. Others which I'm too lazy to dig up were more specific and named MtGox explictly:
http://pastebin.com/4NPemHfz

On that very same day, MTGox implemented a $1000 dollar withdrawal limit. Suspicious, right? For the past 3 days, there have been offers to sell MTGox's database of usernames and password hashes. Here's an example:

http://pastebin.com/ui0nusuZ

Today, there is this:
http://pastebin.com/hN7PxRhc
http://pastebin.com/w06pa2mB (there are many of these, the first link gives you the urls if you want to see them all)

This confirms MTGox was indeed hacked. One of the hackers offering to sell this database that came out today had even specifically mentioned that the hole he had used was CLOSED by MTGox a couple of days ago. Today, FINALLY, MTGox admits they were hacked and has sent out emails to all their users. Here is a copy:
http://pastebin.com/9Cx94wzs

In light of all of the evidence (more of which I'm sure you can find on your own), I find it very hard to believe that MtGox was not aware they had been hacked, and yet they've been denying it and operating normally (aside from the newly added withdrawal limit, which they even boast about in the linked press release). In fact, I found one reddit page of many where MtGox users were complaining there accounts had been compromised (There have been many over the past week) and the employee flat out denies that they have ANY reason to suspect they've been compromised:

Here's one such complaint among many: http://www.reddit.com/r/Bitcoin/comments/i17jd/i_just_got_ripped_off_on_mtgox/
And here's one with an employee denial: http://www.reddit.com/r/Bitcoin/comments/i2dkn/mt_gox_has_some_serious_issues/
Here's all that (purported) employees posts: http://www.reddit.com/user/MtGox_Adam

Long story short: For the last week (5 days at least), I've been wondering if MtGox had been truly hacked or if someone was just trying to depress the price of bitcoins by spreading rumors. Today I don't have to wonder anymore. What I do have to wonder about is why has MtGox kept silent for the past week when ALL indications were that they KNEW. They fixed the hole, added the withdrawal limit, and yet kept on denying they had an issue when dozens of users complained of account compromises. Rather than admit the issue and try to have it fixed, they apparently tried to keep it a secret. How can we trust any company that handles security issues in this manner?

Found this on the Internet: http://pastebin.com/hN7PxRhc

alternatively, Nakomis == LulzSec[i]; http://pastebin.com/5NJXfbVw

And of course the original upload to pastebin on the 13th: http://pastebin.com/i5M0LB58

I'll assume OP did it for the laughs.

At http://forum.bitcoin.org/index.php?topic=16457.0 the victim allinvain stated that, "a very large chunk of my bitcoin balance gone to the following address:
1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg"

That just happens to be the same address for donations to LulzSec on some of their ASCII banners.... http://pastebin.com/88nGp508

Their actual release from their site has the bitcoin address:
176LRX4WRWD5LWDMbhr94ptb2MW9varCZP

Refer to http://lulzsecurity.com/releases/bethesda_PRETENTIOUS%20PRESS%20STATEMENT.txt

Someone is either trying to frame them, or steal bitcoins from them. I would suspect the former.

Yeah, http://pastebin.com/88nGp508 wasn't posted until yesterday (June 15th). It's a repost of the original, with only the BitCoin ID changed. The transaction took place on Monday (June 13th) - two days before the fake press release.

At http://forum.bitcoin.org/index.php?topic=16457.0 the victim allinvain stated that, "a very large chunk of my bitcoin balance gone to the following address: 1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg" That just happens to be the same address for donations to LulzSec on some of their ASCII banners.... http://pastebin.com/88nGp508

So I downloaded it, and then ran pdftotext on it. http://pastebin.com/gXqKceEZ No story here. Just a rant from Ben Rooney. He'll feel like an idiot when he realizes its just a PDF.

Allegedly not involved: http://pastebin.com/yut4P6qN Not sure if this is legit.

The posted details here: http://pastebin.com/yut4P6qN

If anybody finds themselves wondering what Lulzsec, Anonymous or other are up to at any given moment, you can typically find out by going to pastebin.com and looking at the trending pastes there. You'll find information being passed bewteen people/groups as well as "press releases" like this one. Interesting stuff there.

http://pastebin.com/trends

So, they didn't even salt the md5 hashes. How lazy does this "security" firm want to be?

Also, how simple do some of these passwords want to be? LOL "infragard26j" are you kidding me? Come on IBM, lift your game!

Here's a copy of the exposed file on PasteBin

I've noticed that the "cracking" method of choice was just "see if these are known values in public rainbow tables". Which, many of them were. Huzzah!

Also, I thought that all md5's had been cracked before, however it seems not so. So, I decided to calculate how many gb such a table would AT LEAST have to be. Well, I was quite surprised. Unless there's collisions or my math is fucked, that's quite a lot!

Seems Unveilance, the company which had its CEO's private emails leaked, has responded and sort of, also authenticated the hack too. Unveillance Official Statement

http://pastebin.com/WqLysjiN

If these is actually an excerpt of the actual data, then it looks like test data for me. Look at the passwords. They repeat a lot but grouped with ascending order. For example in the middle of the file there are a lot of "123456" passwords, but nowhere else. As the data seems to be ordered by u_usr this seems to be very unlikely.

Here it is: http://pastebin.com/WqLysjiN

You can thank me later...

http://pastebin.com/WqLysjiN

From the original source:

Yesterday , we have reported that On 5th May, 2011 - Sony BGM's Greek website was also got hacked. One of Them Provided the Full extract database from the site. b4d_vipera was the hacker who Deface the site using SQL injection method. There are 8385 users on this website. Sample of hacked Database was leaked at http://pastebin.com/WqLysjiN. This was 7th Attack on Sony.

I pasted the code into JS beautifier and got this. The function names and variables still look obfuscated, but at least it's readable.

The USA Today article that first broke the story about the secret smear campaign: http://www.usatoday.com/money/media/2011-05-06-google_n.htm

The Daily Beast article that broke the story that the client paying for the campaign was Facebook: http://www.thedailybeast.com/blogs-and-stories/2011-05-12/facebook-busted-in-clumsy-smear-attempt-on-google/?cid=topic:mostrecent1#

The actual email string between the reporter and a Burson employee that started this whole thing: http://pastebin.com/zaeTeJeJ

-David
david44357.com

There has ben some rumours, back and for, discussing about what versions where installed in Sony servers.

Based on this nmap of the network:
http://pastebin.com/bAUHxtNr

Nmap scan report for account.rc.ac.playstation.net (199.108.4.177)
Host is up (0.077s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i)

Nmap scan report for login.rc.ac.playstation.net (199.108.4.162)
Host is up (0.085s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.

Nmap scan report for commerce.rc.ac.playstation.net (199.108.4.135)
Host is up (0.071s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp closed http
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i)

Nmap scan report for auth.rc.ac.playstation.net (199.108.4.136)
Host is up (0.075s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i)

Nmap scan report for store.rc.ac.playstation.net (199.108.4.140)
Host is up (0.070s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i)

Nmap scan report for rc.store.playstation.net (199.108.4.141)
Host is up (0.080s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i)
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i)

Nmap scan report for native.rc.ac.playstation.net (199.108.4.144)
Host is up (0.073s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd 2.2.11 (mod_ssl/2.2.11 OpenSSL/0.9.8i)

* login server 2.2.11 (version from 2008)
* account server 2.2.11 (version from 2008)
* commerce server 2.2.11 (version from 2008)
* auth server 2.2.11 (version from 2008)
* store server 2.2.11 (version from 2008)
* rc store server 2.2.11 (version from 2008)
* native server 2.2.11 (version from 2008)

There are some talking about the server auth.np.ac.playstation.net. That one was updated.

Nmap scan report for auth.np.ac.playstation.net (199.108.4.73)
Host is up (0.070s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd 2.2.17

TL:DR
YES, Sony was using outdated servers. Unpatched? no idea.

On a very, very, very big slide rule, I could...

Really, I would do that one by hand, given only enough time. A problem of "find X to N precision" can be thought of as "guess a N-digit answer that's closer to X than any other N-digit guess". Extensive guesswork works just fine, though it takes about 20 tries...

Yes, I was using bisection to find solutions back in high school, when I felt particularly disinclined towards thought, and showing my work wasn't necessary. Yes, I often will solve such problems by hand. It's especially useful when you want to compute something that you know has only one optimum value, but it's painful (if even possible) to calculate directly. Of course, it's certainly not the answer Harvard's expecting, but perhaps it'd amuse some reviewer enough for credit.

Bisection also makes a fun hobby: Try to come up with problems that can only be solved quickly by bisection.