Author Topic: Announcement - Vandaler, hacking, banning, etc. (Read 592 times)

Matthew · « **on:** February 18, 2008, 07:32:57 PM »

Vandaler did NOT hack the website.

However, he led me to believe he did. He said he used "some loophole" -- which I naturally figured was a SQL injection or some such security vulnerability in my message board software.

Oddly enough, the author DID find a vulnerability as a result of my e-mail to him! So perhaps this is for the best.

Anyhow, Vandaler never corrected me with something like "Just go into the Control Panel -- anyone can do it!" downplaying what he did. On the contrary, he insisted on deceiving me into thinking he was hacking my site via some clever loophole or vulnerability.

I have disabled the ability to "format your name" which I think is a stupid and useless ability. However you typed in your name the day you registered is now set in stone -- that includes spaces, capitals, etc.

Since I was going on bad information before, I'm going to correct it now by un-banning Vandaler and Erin is Nice.

Matthew

Matthew · « **Reply #1 on:** February 18, 2008, 07:47:58 PM »

Here is how I came to the conclusion that Vandaler hacked his account:

(From a PM exchange between ChantCD and Vandaler)

ChantCd:

Quote

I want to know how you were able to change your name to
"v andaler".

Do you have a hacker in your back pocket, or are you a hacker yourself?

That isn't an ability this message board gives it users.

Matthew

Vandaler:

Quote

I am looking for a compromise that both satisfy your desire to preserve history and my desire to disengage my self from a potentially damaging association with this site. Altering my name satisfies both.

You seem not interested to compromise. I'm not an happy camper.

There is little need to be a hacker to do what I did, but my profession is indeed corporate IT security, protecting high profile assets.

And many times after this, he never denied the charge that he hacked my site. I was giving him too much credit, but he was clearly enjoying it.

Matthew

Vandaler · « **Reply #2 on:** February 18, 2008, 09:22:56 PM »

Sorry if I did leave the door open to the possibility.

Your rather impolite manner in asking me how I did it did indeed prompted a little bit of deviousness on my part. I should not have. I apologize for that.

On the whole, changing my name was much less important then removing my signature as "Vandaler" is my digital artist name and I wanted to disassociate from it and here.

The name thing really did not matter much but it unfortunately escalated.

My profession is no secret, I alluded clearly to it in a post while proposing my rebuttal to a Voice of the White House article proposing the existence of some kind of mother of threats to the Internet. (Unfortunately, I can't find it right now)

Vandaler · « **Reply #3 on:** February 19, 2008, 08:46:17 AM »

Quote from: Vandaler

My profession is no secret, I alluded clearly to it in a post while proposing my rebuttal to a Voice of the White House article proposing the existence of some kind of mother of threats to the Internet. (Unfortunately, I can't find it right now)

Support for the above...

I wrote in this forum, February 3rd 2007.

Quote

Computer security for large enterprises is what I do for a living. If this was your trade, you'd recognize the B.S. just as well.

http://www.cathinfo.com/bb/index.php?a=topic&t=1474