- Forum Clout
- 91,470
Nice Nokes, stupidI'm betting 2/3rds of what I said is wrong but that's better than whatever notes or Jacko pretend to understand.
DMCA, complaints, and other inquiries:
Nice Nokes, stupidI'm betting 2/3rds of what I said is wrong but that's better than whatever notes or Jacko pretend to understand.
It's still okay to say we're going to kill @Jenna though, right?
i'd be concerned if you didn't
When you're an expat your last US district is still your representative. He could call that person the same as a resident could.No one here is mentioning Josh doesn’t live in Moldova or another shitty Eastern European country. It’s a fucking larp. He’s literally living in his mothers basement. He let it slip on KF a while back that he’d try “contacting his representative”, so unless the Khazaks started giving their people rights and Josh applied for citizenship he’s in Florida.
You mean I only had to ask?! Keep your head on a fawkin swivel.This is prison. You now owe me. Shouldn't have asked for a favor bitch.
[MEDIA=youtube]esg3IImfQp4[/MEDIA]This is prison. You now owe me. Shouldn't have asked for a favor bitch.
I appreciate the explanation. I do. Genuinely. I'd tell you if i didn'tthis isn't my area but based on the post-mortem from null , in layman's terms what happened was
- kiwifarms has/had a custom chat box that allows certain files to be uploaded. since it was an "opus" file (tsss mr hollands DOPEus) which is an audio file, the chat probably allowed audio files
- a malicious file was uploaded that looked like an audio file but was a concealed payload.
- This audio file sent requests to people in the chat or clicked on it. IN the background those requests were sent to a website somewhere else that impersonated the kiwifarms site so the users had no idea something was wrong. Your browser does a ton of shit in the background.
- Because it was a live session, the attacker didn't need your username or password. Two factor doesn't do anything either. this is the reason the "session is hijacked"
- When you log in there's a cookie saved that says you have passed all the login shit. If someone gets that cookie they can essentially "log in" as you until the cookie expires. This is why certain browser plugins like 1password for example require you to relogin every time you try to open it. it locks every time. So if someone stole your cookie for the 1password login they couldn't do shit because they still need your password. forums don't do that because you'd basically have to enter your password every time you loaded a new page.
- The second clever part is that there was a policy that says , hey if there's anything outside of the xenforo.com domain hat executes code throw an error to the users browser. This would have basically stopped that audio file from forwarding a background request to the attacker ake site. What i think they did is upload it to some random part of a xenforo.com forum or PM thereor something. So since the code was executing on a *.xenforo.com domain it didn't error and tip off the users in the chat something was wrong.
- Could be a CORS (tss cors light) policy, but that part i'm not sure either.
- I believe the cloudflare security polices would have blocked it. If true that directly contributed to the hack.
View attachment 136354
this is pieced together from shit i read so 16 dick internet applies.
View attachment 136353
This forum is dedicated exclusively to parody, comedy, and satirical content. None of the statements, opinions, or depictions shared on this platform should be considered or treated as factual information under any circumstances. All content is intended for entertainment purposes only and should be regarded as fictional, exaggerated, or purely the result of personal opinions and creative expression.
Please be aware that this forum may feature discussions and content related to taboo, controversial, or potentially offensive subjects. The purpose of this content is not to incite harm but to engage in satire and explore the boundaries of humor. If you are sensitive to such subjects or are easily offended, we kindly advise that you leave the forum.
Any similarities to real people, events, or situations are either coincidental or based on real-life inspirations but used within the context of fair use satire. By accepting this disclaimer, you acknowledge and understand that the content found within this forum is strictly meant for parody, satire, and entertainment. You agree not to hold the forum, its administrators, moderators, or users responsible for any content that may be perceived as offensive or inappropriate. You enter and participate in this forum at your own risk, with full awareness that everything on this platform is purely comedic, satirical, or opinion-based, and should never be taken as factual information.
If any information or discussion on this platform triggers distressing emotions or thoughts, please leave immediately and consider seeking assistance.
National Suicide Prevention Lifeline (USA): Phone: 1-800-273-TALK (1-800-273-8255) Website: https://suicidepreventionlifeline.org/