Conversation
Notices
-
Embed this notice
Zero :zt_think: :artix: (zero@strelizia.net)'s status on Friday, 26-May-2023 04:02:57 JST 
Zero :zt_think: :artix:
starting to think ralphie boy commissioned this data breach for very specific reasons -
Embed this notice
Ethical Pedophile (blinkrape@posting.lolicon.rocks)'s status on Friday, 26-May-2023 04:02:57 JST 
Ethical Pedophile
@zero gay retard drama grumbulon likes this. -
Embed this notice
Ethical Pedophile (blinkrape@posting.lolicon.rocks)'s status on Friday, 26-May-2023 04:02:59 JST
Ethical Pedophile
@zero yup... gay retard drama. he better hope nobody investigates how he obtained that information. graf will help them for free and it will land him with a whole new stack of federal charges grumbulon likes this. -
Embed this notice
Zero :zt_think: :artix: (zero@strelizia.net)'s status on Friday, 26-May-2023 04:03:00 JST
Zero :zt_think: :artix:
@BlinkRape he's actually gonna use it as legal defense, so he probably paid for it -
Embed this notice
?? Humpleupagus ?? (humpleupagus@eveningzoo.club)'s status on Friday, 26-May-2023 04:24:54 JST 
?? Humpleupagus ??
Do we know it's a hack? What if he acquired it from someone legally entitled to obtain it? -
Embed this notice
:afire: palingenetic man :afire: (anonaccount@poa.st)'s status on Friday, 26-May-2023 04:24:55 JST 
:afire: palingenetic man :afire:
@Twoinchdestroya @BigDuck @Shadowman311 @zero @Humpleupagus One could check if the doxx folders have residual files (e.g DESKTOP.INI, .DS_Store, etc.) and then extract the username(s), unfortunately I cannot at the moment. -
Embed this notice
Shadowman311 (shadowman311@poa.st)'s status on Friday, 26-May-2023 04:24:56 JST 
Shadowman311
@BigDuck @zero That's asking quite a lot of Ralph there duck ngl -
Embed this notice
:epstein: Mr. Quackers :duckie: :hoggers: (bigduck@poa.st)'s status on Friday, 26-May-2023 04:24:56 JST 
:epstein: Mr. Quackers :duckie: :hoggers:
@Shadowman311 @zero Its amazing how big of a nothing burger this hack even was.
All this for what? You cant use this in court.
Lol if I was Graf I’d be archiving these Tweets and sending them to authoritities. -
Embed this notice
Twoinchdestroya (twoinchdestroya@poa.st)'s status on Friday, 26-May-2023 04:24:56 JST 
Twoinchdestroya
@BigDuck @Shadowman311 @zero Own the Alog and mock users I suppose.
Difficulty probably is, identifying the actual hacker, possessing it might not be an issue, thoughts @Humpleupagus ?
-
Embed this notice
:epstein: Mr. Quackers :duckie: :hoggers: (bigduck@poa.st)'s status on Friday, 26-May-2023 04:24:57 JST
:epstein: Mr. Quackers :duckie: :hoggers:
@zero You think they know you cant use illegally obtained evidence in court lol -
Embed this notice
?? Humpleupagus ?? (humpleupagus@eveningzoo.club)'s status on Friday, 26-May-2023 04:29:21 JST
?? Humpleupagus ??
I'm out of the loop on this story generally. It sounds like there's litigation pending. This could have been in the discovery, especially if they got or took a data dump. -
Embed this notice
DutchShizoBoomer69 (dutchshizoboomer69@coolsite.win)'s status on Friday, 26-May-2023 04:29:23 JST
DutchShizoBoomer69
from Ego shaggies tweets id say its save to say so -
Embed this notice
?? Humpleupagus ?? (humpleupagus@eveningzoo.club)'s status on Friday, 26-May-2023 04:30:56 JST
?? Humpleupagus ??
I will add that telling someone what you're going to question them about in 24 hours is a retarded strategy. -
Embed this notice
?? Humpleupagus ?? (humpleupagus@eveningzoo.club)'s status on Friday, 26-May-2023 04:33:40 JST
?? Humpleupagus ??
Hold up. Who got hacked? Sorry. I just woke up. This is an new to me. Treat me like I'm the retard. -
Embed this notice
DutchShizoBoomer69 (dutchshizoboomer69@coolsite.win)'s status on Friday, 26-May-2023 04:33:42 JST
DutchShizoBoomer69
8.7GB of data is the claim with all DMs leaked 30K users -
Embed this notice
DutchShizoBoomer69 (dutchshizoboomer69@coolsite.win)'s status on Friday, 26-May-2023 04:34:01 JST
DutchShizoBoomer69
people think Fedi is like fort Nox ?? Humpleupagus ?? likes this. -
Embed this notice
?? Humpleupagus ?? (humpleupagus@eveningzoo.club)'s status on Friday, 26-May-2023 04:37:54 JST
?? Humpleupagus ??
I'd look at everyone who had access first, including whether any were subject to a social engineering hack, e.g. fishing. -
Embed this notice
:spinnenrad: Eiregoat :spinnenrad: (eiregoat@nicecrew.digital)'s status on Friday, 26-May-2023 04:37:55 JST 
:spinnenrad: Eiregoat :spinnenrad:
Someone grabbed poast's database. Including DMs and attached images. LovecraftEnthusiast :shyduck: repeated this. -
Embed this notice
:spinnenrad: Eiregoat :spinnenrad: (eiregoat@nicecrew.digital)'s status on Friday, 26-May-2023 04:38:37 JST
:spinnenrad: Eiregoat :spinnenrad:
So yes, they have every butthole pic you ever sent to graf. -
Embed this notice
?? Humpleupagus ?? (humpleupagus@eveningzoo.club)'s status on Friday, 26-May-2023 04:38:37 JST
?? Humpleupagus ??
You know about those? He was my butt buddy! 😀 -
Embed this notice
Matty (matty@nicecrew.digital)'s status on Friday, 26-May-2023 04:45:15 JST 
Matty
The database, as far as I can see, was not breached. If this is an Oauth attack, I believe they would have used someone's Oauth token to make requests via the Admin API (you can do a lot with it) and then from there you could basically just get whatever you wanted. I'm wondering if there is someone who's a Moderator/Admin on Poast and on Baest, who perhaps used the same password between accounts. If this password was breached, a bad actor could log in, pull the bearer token (from each account), then use that bearer token to authenticate and send those requests to the Admin API endpoint, then file them in individual folders for the relevant data.
Images that you send in DMs don't go anywhere special - they go to the exact same endpoint as the rest of the images you upload on the timeline, it's just that the view scope is between you and the other person, rather than the public timeline. In theory, if you knew the hash of the image, you could just plug it in to the browser and find an image that someone posted in DMs. Don't use fediverse DMs. If you do, stop it. -
Embed this notice
?? Humpleupagus ?? (humpleupagus@eveningzoo.club)'s status on Friday, 26-May-2023 04:51:11 JST
?? Humpleupagus ??
So I looked at this. Apparently, short of a state law to the contrary, illegally obtained evidence can be entered in a civil proceeding, assuming it can be authenticated of course. He's going to need a witness to establish that it's authentic. -
Embed this notice
?? Humpleupagus ?? (humpleupagus@eveningzoo.club)'s status on Friday, 26-May-2023 04:54:06 JST
?? Humpleupagus ??
I've created 100 accounts that have done nothing but dm'd nigger porn to each other. Now that's security! -
Embed this notice
BrokenScope (churnhinge@poa.st)'s status on Friday, 26-May-2023 04:54:07 JST 
BrokenScope
@matty @Humpleupagus @Eiregoat @BigDuck @Shadowman311 @Twoinchdestroya @anonaccount @zero Matty was this for poast only or other instances too?
I do not use the same password anywhere, but would be good to know
I just came home ❤️ -
Embed this notice
Matty (matty@nicecrew.digital)'s status on Friday, 26-May-2023 04:54:07 JST
Matty
In theory this same attack could be used on any Pleroma based instance. It's not your password that was breached, it would be your DMs and the references to the images within those DMs and the email addresses, primarily. It does not appear that there was any database breach. It's good to change your password just in case though. -
Embed this notice
:spinnenrad: Eiregoat :spinnenrad: (eiregoat@nicecrew.digital)'s status on Friday, 26-May-2023 04:54:08 JST
:spinnenrad: Eiregoat :spinnenrad:
I'm not either, but if it were that easy to brute force sexurity tokens everyone would be doing it and every site would constantly be raided. -
Embed this notice
Matty (matty@nicecrew.digital)'s status on Friday, 26-May-2023 04:54:08 JST
Matty
This is true. That's why I'm wondering if that's what happened. I've applied a small patch to help mitigate this until we know exactly what happened. It makes my job quite a bit more difficult but I'd rather have to jump through an extra hoop than be sorry. -
Embed this notice
Matty (matty@nicecrew.digital)'s status on Friday, 26-May-2023 04:54:09 JST
Matty
I would imagine that brute forcing an Oauth token probably isn't easy. I'm no security expert, that's for sure, so I could be completely wrong. It's an outside of the box thought, but I think it's reasonable. -
Embed this notice
:spinnenrad: Eiregoat :spinnenrad: (eiregoat@nicecrew.digital)'s status on Friday, 26-May-2023 04:54:10 JST
:spinnenrad: Eiregoat :spinnenrad:
If it's just a reused password then that's a relief: Not some critical vulnerability they can repeat on other instances. -
Embed this notice
Twoinchdestroya (twoinchdestroya@poa.st)'s status on Friday, 26-May-2023 05:07:22 JST
Twoinchdestroya
@ChurnHinge @matty @Humpleupagus @Eiregoat @BigDuck @Dan_Hulson @Shadowman311 @anonaccount @zero Do with carrier moles
In fact, every female who wants to send nudes, go through your secure Twoinch for safe delivery
-
Embed this notice
?? Humpleupagus ?? (humpleupagus@eveningzoo.club)'s status on Friday, 26-May-2023 05:07:22 JST
?? Humpleupagus ??
I send all of my dick pics via smoke signal.
On a side note. I once caught a mole. It bit me. -
Embed this notice
Twoinchdestroya (twoinchdestroya@poa.st)'s status on Friday, 26-May-2023 05:07:23 JST
Twoinchdestroya
@ChurnHinge @matty @Humpleupagus @Eiregoat @BigDuck @Dan_Hulson @Shadowman311 @anonaccount @zero Do it with carrier pigeons like normal people
-
Embed this notice
BrokenScope (churnhinge@poa.st)'s status on Friday, 26-May-2023 05:07:23 JST
BrokenScope
@Twoinchdestroya @matty @Humpleupagus @Eiregoat @BigDuck @Dan_Hulson @Shadowman311 @anonaccount @zero I hate birbs! :02_angery: -
Embed this notice
BrokenScope (churnhinge@poa.st)'s status on Friday, 26-May-2023 05:07:24 JST
BrokenScope
@matty @Humpleupagus @Eiregoat @BigDuck @Dan_Hulson @Shadowman311 @Twoinchdestroya @anonaccount @zero I have not :Salute: -
Embed this notice
BrokenScope (churnhinge@poa.st)'s status on Friday, 26-May-2023 05:07:25 JST
BrokenScope
@Eiregoat @Humpleupagus @matty @BigDuck @Shadowman311 @Twoinchdestroya @anonaccount @zero oh
is okay though, I have not posted any personal
I would like to give a shout out to @Dan_Hulson for looking out for so many users, even when I wanted to post selfies he was very strict about never doing it, even if it was just for him ❤️ -
Embed this notice
Matty (matty@nicecrew.digital)'s status on Friday, 26-May-2023 05:07:25 JST
Matty
If you want to do stuff like that, don't do it on the fediverse -
Embed this notice
:spinnenrad: Eiregoat :spinnenrad: (eiregoat@nicecrew.digital)'s status on Friday, 26-May-2023 05:07:26 JST
:spinnenrad: Eiregoat :spinnenrad:
The images themselves were leaked too. -
Embed this notice
Matty (matty@nicecrew.digital)'s status on Friday, 26-May-2023 05:22:25 JST
Matty
Yeah the feds found all my benis pictures and they said they were gonna release them if I didn't make them admin on my honeypot -
Embed this notice
?? Humpleupagus ?? (humpleupagus@eveningzoo.club)'s status on Friday, 26-May-2023 05:22:25 JST
?? Humpleupagus ??
Matty's_Penis_Pics.zip 12kb
Care to explain why it's so small? 🤔 -
Embed this notice
n3f_X :neon_devilblob: :debian: (n3f_x@nicecrew.digital)'s status on Friday, 26-May-2023 05:22:26 JST 
n3f_X :neon_devilblob: :debian:
were u compromised -
Embed this notice
LovecraftEnthusiast :shyduck: (lovecraftenthusiast@nicecrew.digital)'s status on Friday, 26-May-2023 05:22:57 JST 
LovecraftEnthusiast :shyduck:
Feds: we have seen your penis
Me who sees my penis every day:
-
Embed this notice
All GNU social JP content and data are available under the