What is Digg?Sponsored by HowLifeWorks
How Much Are You Over-Paying For Your Auto Insurance view!
howlifeworks.com - Car insurance rates have dropped leaving many people paying far more than they need to...
342 Comments
- random12345, on 11/16/2008, -10/+352Dugg to support David in getting his domain back.
- Kronos6948, on 12/25/2007, -13/+253Remember folks, people who do this aren't hackers. They're crackers. Script kiddies. Try not to sully the names of the people who really know how to hack and make our tech lives better.
- WarriorDan, on 12/25/2007, -4/+154Come on... some real hackers must visit Digg.com - hack this guys domain and give it back to him as a Xmas present :D
- echolyean, on 12/25/2007, -3/+114Those taunting e-mails from the evil hacker (after all, "hacking" in and of itself is not a bad thing) should be more than enough proof for him to win his case, as long as they can track the person down.
- inactive, on 12/25/2007, -16/+113lets all digg this and support david ...and let us all make that damn hacker surrender!!!!!
- djay, on 12/25/2007, -4/+100Digging for help !!!
A note for myself: when leaving to vacation, notify domain/host holder NOT TO change anything unless BY SPEAKING TO ME on the phone, by them calling me :-)
+1 to all previous posts - gametavern, on 12/25/2007, -13/+107well... its a beta
- fkr3, on 12/25/2007, -0/+82... how are we making him surrender?
- thailand1972, on 12/25/2007, -15/+89Flippin' hell - if this was Hotmail, every post would be about how "M$ can't do anything right!". It's GMail, and it's nothing but sympathy for the victim. Can't GMail do any wrong? This was* a vulnerability, no? GMail is very popular. How many are using the same filters now (unpatched)?
*vulnerability patched according to David's website. - strax, on 12/25/2007, -7/+68The hacker is now selling the domain on sedo.com
http://www.sedo.com/search/details.php4?domain=dav ...
That means that Sedo has the hacker's name, address, email, and payment information. - ivankraszl, on 12/25/2007, -3/+63Dugg for a story well told!
- inactive, on 12/25/2007, -1/+49i manage a pizza place for a living. don't do that. all the person does is say "I didn't order that" and its over for him. Mean while the store loses $300 in pizza. Doing that is as bad if not worse than costing someone their domain. Grow up.
- Raian, on 12/25/2007, -4/+50Rather than pay $1500 for a court case-- just pay $500 to an Indian hit man.
- computergod, on 12/25/2007, -1/+40Maybe that IP address is a zombie computer.
- mannymix03, on 12/25/2007, -12/+50too bad digg isnt like a certain other website, where someone would have the real name and address of the script kiddie on the net in 10 minutes and we would all order him 40 meat lovers pizza (seems all too fitting) and get them delivered to his house. I hope this script kiddie gets whats coming to him, payback IS a bitch
- runxctry, on 12/25/2007, -1/+38here's an idea: some credit card companies offer 1-time-use credit card numbers with a spending limit that you choose. So, get a one-time-use number with a spending limit of say, $1. Email this number to yourself (allowing the hacker to get the number) with the subject "My new credit card number." See if the hacker takes the bait, and when he does, you can start an identity theft/fraud case at your local police department. At this point you can get your case in the courts, then you can get GoDaddy to lock down the domain name.
This is the equivalent of the cops getting you on a technicality. Whether this applies to internet law, someone else needs to help out on this idea. - cheesejaguar, on 12/25/2007, -4/+41Did David do this?
http://www.google.com/support/accounts/bin/answer. ...
It is stated in the ToS that if you believe your GMail has been hacked, you must fill out this form. - inactive, on 12/26/2007, -1/+33If there's an onscreen keyboard, then there's prolly screen recorders. A word of caution to everyone. Don't use cybercafes, period.
- Davers, on 12/25/2007, -1/+33Uh... guys...
http://img.photobucket.com/albums/v72/dave_linger/ ... - foxingworth, on 12/25/2007, -0/+28Seems like the only ones who get punished there are the pizza companies. The person just denies ordering the pizza (hell, even just put a note on the door) and the pizza companies have to take the loss (they can't resell the pizza).
That sure shows the script kiddie. - inactive, on 12/25/2007, -1/+29I'm shocked that the huge amount of public support David is getting has not spurred the relevant service providers into action. It's bloody obvious he is being scammed and they won't bend the "rules" to nail the perpetrator.
Personally, I hope the guy is found and that someone manages to righteously break every digit on his thieving little hands. - Gudlyf, on 12/25/2007, -0/+27Making him move to France?
- mfalk, on 12/25/2007, -1/+28subpoena the isp in Florida for the address then pay him a visit! worth every penny
- Skod, on 12/25/2007, -5/+31Care to explain what a real job is?
- echolyean, on 12/25/2007, -1/+27That's a decent idea. Low tech security.
- inactive, on 12/25/2007, -0/+25I admire that he won't pay anything to a criminal for it back. Most people would simply buckle down to it, but he is obviously a part of the select group who want to destroy crime like this by not feeding those people what they ask for so they have a reason to do it again.
- computergod, on 12/25/2007, -4/+28Yeah, firewalls have no way of detecting and stopping ping attacks. Ping floods are so new and advanced.
- BurakkuChi, on 12/25/2007, -5/+29It looks like the IP address that's linked to these "hacks" has port 80 open and is running XAMPP for Windows with the default install... Maybe he's got some personal info that may help David out...
- dgh1973, on 12/25/2007, -2/+25Dugg, never quite understood how clicking the digg button accomplished anything in real life but whatever...
Hope all goes well David, and stay away from questionable web sites that do stupid ***** like this from now on. - ZPWeeks, on 12/26/2007, -1/+23No. Godaddy is following the same rules that all registrars follow. Conclusive evidence is needed to change this- this trick let the attacker access all security credentials required to transfer the domain- the administrative contact address (which, if he were smart, would have been a separate account from his normal one), password to the original host, and a transfer code.
These rules are not "terrible", they keep sites like mine from getting transferred to others. This is one exception where the client and the client's mail program compromised his own resources.
Gmail isn't responsible either- you sign a user agreement which idemnifies google from being held responsible for this exact kind of thing. If you need rock-solid, reliable, secure e-mail, don't use a free account, a "beta" app, or anything like that. You're best off paying for or running your own server. - inactive, on 12/25/2007, -1/+23digg ***** up the link here for those too lazy to type it in
http://www.sedo.com/broker/index.php4?domain=david ... - acrodev, on 12/25/2007, -15/+37This is the best thing that could've happened to David. There's no such thing as bad publicity.
- computergod, on 12/25/2007, -2/+24I think they call themselves "web entrepreneurs" now.
- random12345, on 11/16/2008, -1/+22Welcome from your cryogenic sleep capsule- its almost 2008!! While you were frozen, many new things came about in the past 10 years including a profession known as blogging. You can read 100s of 1000s of interesting articles from them from a site known as digg.com.
- fkr3, on 12/25/2007, -2/+22Maybe if you close your eyes really tight and pray.....
- BoomShake007, on 12/25/2007, -1/+21It says it was fixed, but it doesn't automatically remove any filters created by it. RTFA
- purelithium, on 12/25/2007, -5/+24Let's all ping flood his server, have it running in the background on your machine while you surf, hopefully we can slam his server down to the ground, if we have enough people flooding him
In Linux/Unix/Mac OS X you just type "ping -f davidairey.com" into your terminal. Make sure you're running as root, or as a sudo.
Let's hammer this MOFO! - inactive, on 08/11/2008, -5/+23Anybody who is "1337 enough" to "get revenge" would also probably be *mature enough* to NOT get revenge
- chedabob, on 12/25/2007, -0/+17Nope, because they might get some advertising revenue by doing so. Gigaloader would be better: Attack the images so the ads aren't displayed.
- mundus, on 05/15/2008, -4/+20Man, I don't know you. But I feel your pain.
All I can say is I hope you get your domain back, and as much as I hate to suggest this, you should take legal action against Google as well for putting your privacy and livelihood in jeopardy! This could even open a class-action case.
That way you could possible make up a little bit for the lost you've had. And I think it's totally fair.
Thanks for bringing this to our attention! - Malakin, on 12/25/2007, -5/+21The easy way to avoid similar future hacks is to use the Firefox extension noscript. Noscript disables javascript on all web pages unless you allow it to run.
Another defense against crackers getting your password is to go through an encrypted proxy anytime you connect to an unsecure network such as an open wireless network. This won't help against the javascript attack, but will prevent people from sniffing your password over the network. - GreyICE, on 12/25/2007, -1/+17Actually, moral of the story - don't listen to panic. Google fixed this. According to the site linked to in the article:
Update 28 September 2007 at 07:46 GMT (UTC+0)
I promised to release the POC as soon as Google fix the vulnerability, well they did. So, here is how it works:
Grats, its a 4 month old security flaw. That was fixed in september. - alexidigg, on 12/25/2007, -3/+18come on, in all of digg dont you think there are some 1337 enough hackers to have the skills to get some proper revenge? im hoping so. good, old-fashioned revenge.
- fkr3, on 12/25/2007, -0/+14That congests his server / the network he's on it doesn't change ownership of the domain.
- jftitan, on 12/25/2007, -1/+15unless you use the script kiddies credit card.... that is, if the script kiddie is actually old enough to have one.
- parkamark, on 12/25/2007, -4/+18I have to say that this is one f*cked up hack. It seems that people need to start using the same principles on virtual property as well as physical. For example, when you go on holiday for a month, don't advertise to the world when you are leaving otherwise you risk your house being burgled. Similar situation here, in the virtual sense. Thankfully I don't blog, so don't have to worry about this.
On the Google front, I wonder if Google could be liable for any damages from their insecure code which allowed this to happen? Probably not, as it's a free email service. Shame really, as if anyone can cover the cost of damages to David's site, they could. - miniboie, on 12/25/2007, -0/+13He logged into an internet café AFTER all this crap had happened. The support ticket to redirect the URL was filed on the exact day he left for India so it most likely couldn't have happened when he was in India.
- Motodog, on 12/25/2007, -2/+15Why am I finding out about this Gmail hack after it's fixed? Yikes. Good luck to him...
- ronk, on 12/25/2007, -1/+14Would would be great is a firefox plugin that allows you to selectively disable cross site queries. This way one can disable cross site requests to gmail, hotmail etc. Thoughts anyone?
- abstractual, on 12/26/2007, -4/+17A word of caution to everyone.
Anytime you visit India or any other country, PLEASE use the "On-Screen Keyboard", and that too, on "hover mode".
Never EVER trust those machines. Those cybercafes are filled with key-loggers most of the times, and I speak with experience. -
Show 51 - 100 of 345 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is 