I had a single account on Boxcar, but I treated it as a throwaway, and gave it a password that doesn't match anything else I use online. In fact, I just tried to log in to it, and it's probably been disabled, or the password's been changed.


Oh well.

So you bring forward more accusations and everyone buys into it. This fluffing IP isnt even on the list! So a IP that should be brought forward for shady activities I LCN and its not on the list.... come on now any idiot can string together numbers and make claims presidents and senate do it all the time.

So you bring forward more accusations and everyone buys into it. This fluffing IP isnt even on the list! So a IP that should be brought forward for shady activities I LCN and its not on the list.... come on now any idiot can string together numbers and make claims presidents and senate do it all the time.

Any proof they post is going to be a string of numbers and text since that's all it is in the DB. What exactly do you want?

Look, I feel bad this happened, I am righteously pissed off at the few in this alliance who had gone out of their way to go ahead and do something this fluffed up. I wasn't involved in any of the actions taken by the few who did perpetrate this, as I rarely even visited the site. But at the same time the Admins know of at least TWO of the people who did this, and instead of taking administrative action against those that they KNOW did this, they've punished the entire alliance. I am not trying to discredit anyone, justify anything or deflect a fluffing thing. I will fully say it: YES THESE fluffERS CHEATED. Reading the original post of this thread was the only way I was made aware of it... and I am still furious.

I will also say that in the years since I have played in Alliance Server, this is the first time I have EVER been deleted, and it wasn't even my fluffing fault. The ONLY reason I am pissed off about being deleted, is the fact that because of this entire "guilty by association" mindset, my country being "deleted for rules violations" because of the actions taken by a few... STILL paints me in a negative light, regardless of having played legitimately since the second set of Alliance Server (for those who would try and twist this, I didn't play the first set).

I can say that there are those in RD who are also righteously pissed off at the actions taken by the few who did perpetrate this, I can say that there are those in RD that are pissed at those responsible, and have demanded that they step down from leadership and/or are removed from the alliance altogether. We still do not know of the third person responsible for this, as of yet no one has come forward. Some have already restarted and have gone on to join other tags, others have began talking about forming an entirely new alliance and just leaving the Reservoir Dogs name behind, as some believe the alliance name has been irrevocably tarnished with these events. So, in saying that you believe we haven't failed to recognize how the rest of everyone feels, is just bullfluff. We're trying to do damage control here, and we have to sift through a mountain of bullfluff in order to root out the guilty parties here so we can move on. Whether or not Reservoir Dogs survives in name after this set is irrelevant, being punished by the admins for the actions of a few is a bit harsh, but also irrelevant in the long run. Having our individual reputations damaged as a result of being unknowingly implicated in something most of us had zero knowledge of... that's what the bulk of us are pissed about. Having everyone, including the trolls and self-righteous, sanctimonious assholes saying we deserved this because those of us legitimate players played in a tag with our friends... that's ten times worse.

Your country was destroyed because it was deleted for rules violations.

it's funny cause ur name is sky3litez

Warning: mysql_query() (function.mysql-query): Access denied for user 'www-data'@'localhost' (using password: NO) in /home/pangaea/boxcar/portal/lib/db_fns.php on line 11

You also forgot about this incriminating string of posts to add to proof:

Mr. Copper
1. http://forums.earthempires.com/...z=um-boxcar-just-exploded

2. http://forums.earthempires.com/...7,%2019:50&z=wow-pang

Member
Posts: 78 Apr 14th 2013, 22:58:14
wow Pang. Your coding is just epic...

www-data with blank password for your DB calls huh? That's really smart.

Can you point me in the direction of your phpmyadmin login so I can view all of boxcar and possibly more?

Qzjul, get pang to fix this crap before your whole server gets compromised.







Mr. Copper
Member
Posts: 78 Apr 14th 2013, 22:59:02
PS it appears pang learned nothing about security from the TC/hanlong stuff...










Mr. Copper
Member
Posts: 78 Apr 14th 2013, 23:14:40
that can also happen if the DB is down LI. But yes I spoke to QZ and apparently pang's code makes random calls to this user but there is no www-data in the database.








Mr. Copper
Member
Posts: 78 Apr 16th 2013, 2:22:01
lol yep crying wolf. Mysql generates errors about www-data getting access denied when it gets in the mood right?

Pang if you'll sign a hold-harmless I'll show you EVERYTHING wrong with boxcar.

Put up or shutup.

---------------

As I said, mysql is known for making up fake authentication attempts. That's what I hear at atleast...

I can't believe you do this for a living, no wonder my job security is through the roof ha


PS pang, in case you were wondering the call to www-data@localhost is in the db_fns.php file on line 11...

No, you shutup ;)


PPS Hey Pang since you locked this so you wouldn't look bad I'll write here. I never stated that this was your user, I stated there was a call to this user in your code on line 11. McDonald's actually has quite a good information security department but I don't work there, sorry but good try ;). Your code is likely full of plenty of fun easter eggs like the one found above. That's probably why you don't want it tested...

http://forums.earthempires.com/...7,%2019:50&z=wow-pang

Mr. Copper
Member
Posts: 78 Apr 17th 2013, 1:07:51
Ok so lets clear the air.

1) I have brought issues up NUMEROUS times to pang and volunteered my time on numerous occasions to help make boxcar more secure and have been met with nothing but arrogance from Pang.

2) I have spoken with Qz on number of times and have worked with him to help test and remediate some other findings. These I have no reason to bring to light because Qz was very receptive and appreciate my help and feedback. I have also explained some of the issues with Boxcar to Qz and he shared with me his plans to try and move the application to a VM to mitigate the risks it brings to Earth Empires.

3) ninomachi, since you work in the field I'd be glad to share with you what I found and the areas of risk with in boxcar. Requiem, sorry it appears that I was trying to be a fluff but you don't know the while story. If you are interested in knowing more and want me to prove I'm not "full of fluff" find me on IRC or send me a PM.

Lastly, I did not start that thread, I merely posted in it and maybe I was a bit abrasive. I apologize for that but it is very frustrating that a site that this game relies on is so poorly coded and has an admin that is so arrogant and blindly confident in his application security that he won't even look at evidence that is put right in front of him.

iScode - Thanks man, I was going to let it go but I I completely agree with your statements on how he abused his power by closing a thread that he didn't want to have to answer.


Mr. Copper
Member
Posts: 78 Apr 17th 2013, 1:30:35
I don't know what you're referring to pang. I approached you numerous times as a volunteer.

What do you think I'm "streching"? You really still don't believe there are ANY issues with boxcar whatsoever?

This community in general? That's a pretty unsubstantiated statement.

archaic - shh, no one is talking to you. Go back to trolling requiem :)

I was one of the people who's account was logged into compromised.

I had to report it as a potential security threat at work yesterday (used same password).

fluff you guys (those of you who did it, also known as people who claim to be my friends).

I know what you mean.... I have to report this as a security breach at work too for the same reason. Sorry about your situation. How dare you invade my personal information to those involved.

You also forgot about this incriminating string of posts to add to proof:

Mr. Copper
1. http://forums.earthempires.com/...z=um-boxcar-just-exploded

2. http://forums.earthempires.com/...7,%2019:50&z=wow-pang

Member
Posts: 78 Apr 14th 2013, 22:58:14
wow Pang. Your coding is just epic...

www-data with blank password for your DB calls huh? That's really smart.

Can you point me in the direction of your phpmyadmin login so I can view all of boxcar and possibly more?

Qzjul, get pang to fix this crap before your whole server gets compromised.

being a former jr and knowing the no outing policy, but I feel those that were confirmed to being the shady ones who did the hacking, should have all their identities outed.. so they aren't allowed or sneak into other alliances

Pang should have took the advice, copper shouldn't have actually done it just because he could.

interesting. that should be two people who are no longer allowed to play because the game interfered with their job security.

Yet here you are Pang talking pedantically about yourself, well enjoy yourself and this nearly dead game. CIA could use a good sabotage agent like yourself. Copper sent you stuff to improve the game, you being stubborn decided nah why let those evil RDers show me up as some scrub coder? Funny how you and your friend's greatly benefited from this...oh well...

Yet here you are Pang talking pedantically about yourself, well enjoy yourself and this nearly dead game. CIA could use a good sabotage agent like yourself. Copper sent you stuff to improve the game, you being stubborn decided nah why let those evil RDers show me up as some scrub coder? Funny how you and your friend's greatly benefited from this...oh well...

Yes, clearly Pang is the liar. It's not like Gainsboro didn't say RD hit LCN first because the facts were all along LCN was going to hit RD, which of course he would never know from oh, say, hacking LCN. Oh, wait....

"Mr Gainsboro
Member
Posts: 272
Oct 20th 2013, 3:44:15
Servant, try play the AT game all you want. The fact is you were going to FS so all we did was defuse the missiles before you got the chance to use them.

We offered LCN a LDP and tried to make it work for both sides but you refused to sign it. "

I don't even know why the RD crowd is still defending the nonsense. Own it and change it. I mean, geeze, wouldn't any of those folks be worried that their own accounts may also have been hacked by what they're claiming are off-the-reservation members? Apparently not.

That is as retarded as saying it is a rape victims fault for getting raped because he/she was in the same time and place as the raper.

anything copper ever sent to me was the same sort of stuff as his posts re:www-data user -- not even an issue. or it was broad "let me help you... give me access to boxcar and I will help fix security" sortd of requests -- both by him and the spy account he had in PDM. never a laundry list of items to fix, urls, queries, examples or anything of substance that I could action.

tbh, any interaction I've had with him, he's been more concerned about ego stroking than actually doing anything positive to help people.

i closed that old thread because there was one guy (copper) going "the sky is falling!" while I just needed to increase the counter in an ini file. which either qz or I did like an hour after that, if memory serves....
I think we also shut down the market ticker too to cut back on connections.

anyway, the people who have brought me legit bugs do it in private, tell me what the bug is, and I fix it privately. they are mainly from LaF and within that group, mainly from Xin.

Also, keep in mind that my first reaction to any Boxcar bug is "ok, i'll just shut it down and everyone can use GHQ" :p

I agree that Pang should have been more active in addressing security threats, like the recent boxcar incident, or at least informed the user base. Could this have been handled better by game admins and staff? Yes.

However, knowing about weaknesses in a system's security does not make it okay to exploit them. The idea that "something wrong has occurred before and will occur again, so it's alright" is complete horse fluff.

Anyone (Heretide) who believes that those responsible for this breach in security aren't members of RD is in denial. Those people also probably believe that OJ Simpson is innocent.

I agree that Pang should have been more active in addressing security threats, like the recent boxcar incident, or at least informed the user base. Could this have been handled better by game admins and staff? Yes.

However, knowing about weaknesses in a system's security does not make it okay to exploit them. The idea that "something wrong has occurred before and will occur again, so it's alright" is complete horse fluff.

Anyone (Heretide) who believes that those responsible for this breach in security aren't members of RD is in denial. Those people also probably believe that OJ Simpson is innocent.

just stop heretodie.

A number of users have questioned the morality of deleting the entire tag. Others have stated that they feel sorry for those who were wrongfully deleted. The users who were victims of this security breach empathize with those in RD who did nothing wrong.

With the exception of Locket who mentioned it in passing, no RD member has expressed any kind of regret toward the other victims. First came the demands of proof, then came the outrage over LaF's inconsistent punishment, then the belief that the availability of the information invalidates the means by which it was gathered. RD seems to have failed to recognize how the rest of the server feels.

LaF expressed regret over it's activities in May 2012 and committed itself to change. All we've seen here is attempts to discredit, attempts at justification, and deflection. Does anyone in RD even believe that members of their alliance have done wrong?