Posted: | Comments: 0 | Categories: Privacy, Security

"Probably" the biggest hack of 2016, AdultFriendFinder sites (AdultFriendFinder.com, Cams.com, Penthouse.com, Stripshow.com and iCams.com) were hacked again (were hacked in 2015 and 3.9 million users data was released) and the databases for their users were leaked online. With about 400 million users (probably lots of them fake accounts, but still) data and password hashes leaked, this is going to be a serious issue.

Always keep in mind that everything you put on the internet, it's there to stay. Interesting to notice is that they don't actually delete the users when they request it, instead they update the email of the account to match something like email@address.com@deleted.com (adding @deleted.com). Now that's a VERY serious privacy violation. Account removal should be account removal, plain and simple, unlike a random developer forum from a random country that does not remove the accounts when requested.

read more

Posted: | Comments: 4 | Categories: Personal

There are moments when you notice that some people should not be allowed to leave the house unattended. Or play with matches.

Sometimes you learn that most of the Romanian bloggers are utter shit, spewing their usual venom on their 2014 Wordpress blogs with their Profitshare scripts, Google Analytics ads and ancient teachings about the future of this country. Fact check: There is no future for this country. Not with those people.

Sometimes you teach someone that stealing is bad, regardless if done by a random person on the Internet, a member of the Parliament or the President. And regardless if it's about a car, your wallet or a Wordpress theme. Still a thief.

And sometimes you behave like a man and when someone calls you're a thieving liar, you don't reply by calling his mother a bitch. Or his dog. Or his wife. Because you're supposed to be a man and act like one. But then again, you're not. A man. A bitch yes, you are. You know who you are and what you are.

Today was one of those moments.

The sad part is that those people vote. Have a nice day and remember: if everyone around you acts like an idiot, maybe you need to change the air.

Oh, and Andrei, we can't be even now. Getting even means that I will grow a hipster beard, wear a stupid hat, work at Flanco and get rid of my testicles. Drinking latte and raising the pinky finger when drinking beer. Pretending to be reading books on the subway. Oh, and get a shitload of retarded friends. Unfortunately for you, we can't get even. But don't worry, you're odd. Not even. Got it? Probably not.

Andrei Cismaru e un hot iar Ovidiu Eftimie .. Ovidiu Eftimie e prietenul unui hotread more

Posted: | Comments: 4 | Categories: Security, Development

Interesting stuff on newest Romanian IT project GitHub account:

This commit has the database connection authentication data (user/password) in clear. It doesn't matter if it is a development or a production database, credentials should never be exposed this way.

spring.datasource.url = jdbc:mysql://193.230.8.27:31306/stop_cozi?useSSL=false
# Username and password
spring.datasource.username = stopcozi
spring.datasource.password = StopCozi1234!@
read more

Posted: | Comments: 0 | Categories: Security

GovITHub is the government program that proposes to create the community of those that believe in a digital future for Romania, by changing public services with the help of technology.

Few days ago I decided to do a security audit for ithub.gov.ro since they are dealing with personal data and you know my stance on privacy; by checking the output from the server, reading the site code and using various tools I have identified the following issues with the site:

read more

Posted: | Comments: 0 | Categories: Security

If you don't give a crap about your Wordpress blog updates, your hosting account (or vps, droplet, instance) is probably infected with malware and one of them is the Shell File Manager. The script comes as an encoded PHP single file and can do serious damage to your server, it basically gives the attacker full access to the machine.

NOTE: do not, under any circumstances, run a PHP file that has eval-ed code inside. Always replace eval with echo so you can see what the actual code looks like, if you are eval-ing malicious code ... well ... you're screwed. Use a sandbox, chroot or virtual machine for your (computer) safety.

read more

Posted: | Comments: 2 | Categories: Development, Whoopsie

By now, you already read my last article about the whole letsvote.ro story with their stolen theme. Well, since I've seen many of the people involved in the project (and its owner, Andrei Cismaru) denying anything strange happened with the theme or even implying I've had some dark and shady reasons for exposing them as the fraud they are, I decided to check today if anything changed. And guess what.

Archived version of the site is here (archived on July 29, 2016, as can be seen from the URL) so, obviously, the archived version of the main CSS file for the theme is here. Nothing fishy here, right?

read more