hey null - from one autist to another

[Harry Powell]

I'm betting 2/3rds of what I said is wrong but that's better than whatever notes or Jacko pretend to understand.

Nice Nokes, stupid

 

[Jenna]

It's still okay to say we're going to kill @Jenna though, right?

i'd be concerned if you didn't

Their publicly stated goal is to get me killed, your honor.

 

[guest]

These threads always have 100+ replies when I wake up. Anyways of course Null Tomlinson refuses to address the egregious irony of blaming an entire group of people for the actions of a single person who was immediately condemned and expelled by said community

 

[guest]

No one here is mentioning Josh doesn’t live in Moldova or another shitty Eastern European country. It’s a fucking larp. He’s literally living in his mothers basement. He let it slip on KF a while back that he’d try “contacting his representative”, so unless the Khazaks started giving their people rights and Josh applied for citizenship he’s in Florida.

When you're an expat your last US district is still your representative. He could call that person the same as a resident could.

 

[guest]

admin can I have ribs please?

 

[Meownaw]

This is prison. You now owe me. Shouldn't have asked for a favor bitch.

You mean I only had to ask?! Keep your head on a fawkin swivel.

 

[guest]

This is prison. You now owe me. Shouldn't have asked for a favor bitch.

[MEDIA=youtube]esg3IImfQp4[/MEDIA]
"But you are an Indian"

 

[Lamont & Tonelli]

What's the conversion rate on ribs to chon-chon?

 

[Stent]

"Null". I get it. Tech word play yumor.

 

[guest]

@admin can I have a car crash?

 

[DMbA]

Jewshua Moonstein

 

[JumboYumYums]

I dunno Mr. Admin this guys real tough, I heard he killed a tranny once

 

[MonsterSteve]

Oh he's actually dumber than Pat. Wow.

 

[MonsterSteve]

God I want to fuck that dark haired girls face. Excuse my language.

 

[bantadant]

this isn't my area but based on the post-mortem from null , in layman's terms what happened was

• kiwifarms has/had a custom chat box that allows certain files to be uploaded. since it was an "opus" file (tsss mr hollands DOPEus) which is an audio file, the chat probably allowed audio files
• a malicious file was uploaded that looked like an audio file but was a concealed payload.
• This audio file sent requests to people in the chat or clicked on it. IN the background those requests were sent to a website somewhere else that impersonated the kiwifarms site so the users had no idea something was wrong. Your browser does a ton of shit in the background.
• Because it was a live session, the attacker didn't need your username or password. Two factor doesn't do anything either. this is the reason the "session is hijacked"
• When you log in there's a cookie saved that says you have passed all the login shit. If someone gets that cookie they can essentially "log in" as you until the cookie expires. This is why certain browser plugins like 1password for example require you to relogin every time you try to open it. it locks every time. So if someone stole your cookie for the 1password login they couldn't do shit because they still need your password. forums don't do that because you'd basically have to enter your password every time you loaded a new page.
• The second clever part is that there was a policy that says , hey if there's anything outside of the xenforo.com domain hat executes code throw an error to the users browser. This would have basically stopped that audio file from forwarding a background request to the attacker ake site. What i think they did is upload it to some random part of a xenforo.com forum or PM thereor something. So since the code was executing on a *.xenforo.com domain it didn't error and tip off the users in the chat something was wrong.
  • Could be a CORS (tss cors light) policy, but that part i'm not sure either.
• I believe the cloudflare security polices would have blocked it. If true that directly contributed to the hack.

View attachment 136354

this is pieced together from shit i read so 16 dick internet applies.

View attachment 136353

I appreciate the explanation. I do. Genuinely. I'd tell you if i didn't

(I actually really did)