New leak of Epik data exposes company’s entire server(dailydot.com)
dailydot.com
New leak of Epik data exposes company’s entire server
https://www.dailydot.com/debug/anonymous-new-epik-leak/
74 comments
Sounds like an alt-history where the Medieval church discovers electricity and computation.
The problem is that it is not "alt". It exists in our current shared history, and we can encounter it if we are either willing or unlucky enough.
How do they combine curses with their Christian belief? Doesn't the Bible condone magic? Not that I'm expecting any rational or coherent answer to that question, but it does surprise me.
Anyway, when some Amazon cloud center catches fire, we'll have some evidence of providence.
Anyway, when some Amazon cloud center catches fire, we'll have some evidence of providence.
Strictly speaking, what the Bible prohibits by "magic" is recourse to powers other than God. Curses are fine: the third- and fourth-last verses of the Bible itself are a warning of plagues and misfortune to anyone who messes with the text of the book of Revelation. But that is an invocation of God's power, so it's fine. Making a deal with some demon is not.
> How do they combine curses with their Christian belief? Doesn't the Bible condone magic?
I don't believe they are actually Christian or faithful, they are just using these 'rituals' as a sort of "look how silly i am, i am clearly insane, please dont sue or prosecute me" ruse which will turn into a "it was your fault you trusted a crazy person" argument when it gets to court
I don't believe they are actually Christian or faithful, they are just using these 'rituals' as a sort of "look how silly i am, i am clearly insane, please dont sue or prosecute me" ruse which will turn into a "it was your fault you trusted a crazy person" argument when it gets to court
I'm digging the ASCII art, although I think the kerning could be tweaked a bit:
________ _______ _____ ___ ____ ________ _ _____ _____
|_ __ | |_ __ \ |_ _| |_ ||_ _| |_ __ | / \ |_ _| |_ _|
| |_ \_| | |__) | | | | |_/ / | |_ \_| / _ \ | | | |
| _| _ | ___/ | | | __'. | _| / ___ \ | | | | _
_| |__/ | _| |_ _| |_ _| | \ \_ _| |_ _/ / \ \_ _| |_ _| |__/ |
|________| |_____| |_____| |____||____| |_____| |____| |____| |_____| |________|
________ _______ _____ ___ ____ ________ _ _____ _____
|_ __ | |_ __ \ |_ _| |_ ||_ _| |_ __ | / \ |_ _| |_ _|
| |_ \_| | |__) | | | | |_/ / | |_ \_| / _ \ | | | |
| _| _ | ___/ | | | __'. | _| / ___ \ | | | | _
_| |__/ | _| |_ _| |_ _| | \ \_ _| |_ _/ / \ \_ _| |_ _| |__/ |
|________| |_____| |_____| |____||____| |_____| |____| |____| |_____| |________|relevant xkcd: https://xkcd.com/1015/
Honestly surprised about the downvotes.
It’s because it’s really irritating to have a giant block of ASCII art take up the screen in a comments section.
Okay, that's understandable. Sorry about that.
Still, I would have expected that on Hacker-News, a comment about ASCII art and font kerning would have been more welcome. I mean, it's not like I was trolling or anything, in my opinion it was a serious post. But okay, I get it now.
And admittedly, my post wasn't exactly a revelation.
Still, I would have expected that on Hacker-News, a comment about ASCII art and font kerning would have been more welcome. I mean, it's not like I was trolling or anything, in my opinion it was a serious post. But okay, I get it now.
And admittedly, my post wasn't exactly a revelation.
If you had linked to it in a gist or pastebin, instead of putting nearly identical ASCII art stacked on top of each other in the comments section… I don’t think anyone would have down voted you.
So making people click an extra link to go somewhere off site is better? I'm not sure I agree.
You are complaining about the voting on comments, as already mentioned in the guidelines. [0]
> Please don't comment about the voting on comments. It never does any good, and it makes boring reading.
As for your post, just use a pastebin link for this as even another user mentioned, it is taking up the space in the discussion and it looks more like spam.
Plenty of time to edit the comment?
[0] https://news.ycombinator.com/newsguidelines.html
> Please don't comment about the voting on comments. It never does any good, and it makes boring reading.
As for your post, just use a pastebin link for this as even another user mentioned, it is taking up the space in the discussion and it looks more like spam.
Plenty of time to edit the comment?
[0] https://news.ycombinator.com/newsguidelines.html
There's also an interesting effect I observe on HN: sometimes a post of mine gets downvoted, often without explanation. If you then dare to post again underneath your original post, you almost always get downvoted again.
That would be understandable if you presented an unpopular opinion at first, and your subsequent posting was trying to defend it. But even when the second posting is not in the same line as the original one, it often gets hammered down just as much.
I'm sure others might have observed the same effect?
That would be understandable if you presented an unpopular opinion at first, and your subsequent posting was trying to defend it. But even when the second posting is not in the same line as the original one, it often gets hammered down just as much.
I'm sure others might have observed the same effect?
Your posts here are a perfect example of why the "don't complain about downvotes" rule exist: your top comment is the second-highest on the page, not-downvoted, but most of the the comments below it are ... you discussing how you got downvoted. That's purely noise.
Sometimes users (including myself) have no idea why we're being downvoted. A downvote signifies something is not welcome, but what is that something? A downvote doesn't teach why.
I have been using HN since 2012, and have over 4000 karma spread over three accounts, but sometimes downvotes still flummox me. I think as long as a user seems respectful, a little meta discussion is okay in order to learn how to be a better user going forward.
Yes, some people are obnoxious and obviously toxic, and when they complain about being downvoted, they should definitely be downvoted more, but when a user seems genuinely curious, I think we should do our part to help make HN a better place by taking a moment to give a quick reason.
I've politely asked in the past in order to not make the same mistake again. I think we should give users the benefit of doubt.
> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
However
> Please don't comment about the voting on comments. It never does any good, and it makes boring reading.
I think that last guideline should be changed to "Please don't complain about the voting on comments."
I have been using HN since 2012, and have over 4000 karma spread over three accounts, but sometimes downvotes still flummox me. I think as long as a user seems respectful, a little meta discussion is okay in order to learn how to be a better user going forward.
Yes, some people are obnoxious and obviously toxic, and when they complain about being downvoted, they should definitely be downvoted more, but when a user seems genuinely curious, I think we should do our part to help make HN a better place by taking a moment to give a quick reason.
I've politely asked in the past in order to not make the same mistake again. I think we should give users the benefit of doubt.
> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
However
> Please don't comment about the voting on comments. It never does any good, and it makes boring reading.
I think that last guideline should be changed to "Please don't complain about the voting on comments."
[deleted]
I disagree. Understanding what you may have done that wasn't appropriate is in my opinion the only way to avoid similar situations in the future.
Why not allow meta-discussions? If HN is striving to be a place where interesting topics can be discussed, then I suppose commenting etiquette should fall under that heading for sure.
Why not allow meta-discussions? If HN is striving to be a place where interesting topics can be discussed, then I suppose commenting etiquette should fall under that heading for sure.
bah. its easy enough. discussion of downvotes can be tagged and the subtree minimized by default.
Can't say "alt tech" is doing much to persuade me to move away from "Big Tech", despite how awful some of those companies are. This is an unmitigated disaster.
Is there some reason you expected more of a company run by a white supremacist fundamentalist weirdo who offers hosting for neo-nazis?
https://www.youtube.com/watch?v=aZ9MFts28XI&lc=UgzhE63LoInoN...
4 hour video of Epik CEO on livestream.
4 hour video of Epik CEO on livestream.
"Nah I'm not in a state of denial come on bro"
Geez this is the response of the CEO to the hack. That they "only" gained access to the backup of the data and not live data. That we should be praying and that hard drives "infected" with the data will explode and burst into flames and that the "hijackers" are "cursing themselves"
I don't think it can get any more irresponsible
Geez this is the response of the CEO to the hack. That they "only" gained access to the backup of the data and not live data. That we should be praying and that hard drives "infected" with the data will explode and burst into flames and that the "hijackers" are "cursing themselves"
I don't think it can get any more irresponsible
Yeah, the bit about curses was particularly inspired: https://twitter.com/svpndotcom/status/1439071684766707716
think of all the burning hard drives, how irresponsible!
If (for some reason) you're not expecting it, I'll caution that a guy whose handle I won't promote gets into gross rhetoric on this regarding Jews, women's rights, and so on.
Edit: also this transcription linked in the video's description is excellent (and redacts the gross asides I mentioned): https://blog.mollywhite.net/monster-qa
Edit: also this transcription linked in the video's description is excellent (and redacts the gross asides I mentioned): https://blog.mollywhite.net/monster-qa
The handle the above comment won’t mention is “Weev”. He’s not Voldemort.
I think the point is not to give him any attention/notoriety, which is what fuels him. It's not about fear
Correct – which I'm realizing I Streisand'd and attracted more attention :)
"Andrew “weev” Auernheimer is a neo-Nazi white supremacist infamous for his internet trolling and extremely violent rhetoric advocating genocide of non-whites. Auernheimer regularly pens vicious diatribes for the neo-Nazi website the Daily Stormer, and manages its technical side, as well as assisting other racist websites with systems issues."
Taken from a well researched and fully cited account here https://www.splcenter.org/fighting-hate/extremist-files/indi...
Taken from a well researched and fully cited account here https://www.splcenter.org/fighting-hate/extremist-files/indi...
Is this one of the most brutal hacks in recent history?
Can’t say it’s not deserved considering the scope of data exposed.
Can’t say it’s not deserved considering the scope of data exposed.
>Is this one of the most brutal hacks in recent history?
No, not really. Epik can probably continue with their business relatively unscathed.
This isn't going to straight up eviscerate the company like some ransomware attacks we've seen recently.
In this case the hackers were either lazy or incompetent, they could've defaced every single Epik customer domain and made it very difficult for Epik to restore the DNS configurations. For some reason they didn't do that ¯\_(ツ)_/¯
No, not really. Epik can probably continue with their business relatively unscathed.
This isn't going to straight up eviscerate the company like some ransomware attacks we've seen recently.
In this case the hackers were either lazy or incompetent, they could've defaced every single Epik customer domain and made it very difficult for Epik to restore the DNS configurations. For some reason they didn't do that ¯\_(ツ)_/¯
> For some reason they didn't do that ¯\_(ツ)_/¯
Probably because that would have escalated the situation, and given the baddies[0] leverage to go after Anonymous with a lot more than a 4-hour blubberfest.
[0] https://www.youtube.com/watch?v=8JOpPNra4bw
Probably because that would have escalated the situation, and given the baddies[0] leverage to go after Anonymous with a lot more than a 4-hour blubberfest.
[0] https://www.youtube.com/watch?v=8JOpPNra4bw
> escalated the situation
This was definitely the goal.
> leverage to go after Anonymous
This doesn't make any sense.
This was definitely the goal.
> leverage to go after Anonymous
This doesn't make any sense.
> This doesn't make any sense.
Sigh...why is it that we can't seem to interact with each other in this medium, without lobbing implied insults at each other?
Try "This doesn't make sense to me." or even "I'm afraid I don't understand your point."
I won't bother explaining it. It's not that important. Be assured that it will make sense to some folks.
Have a nice day.
Sigh...why is it that we can't seem to interact with each other in this medium, without lobbing implied insults at each other?
Try "This doesn't make sense to me." or even "I'm afraid I don't understand your point."
I won't bother explaining it. It's not that important. Be assured that it will make sense to some folks.
Have a nice day.
There's no insult, implied or otherwise. You just don't seem to understand the dynamics of this situation.
> You just don't seem to understand the dynamics of this situation.
There we go again...
This online world. I'll tell you...
There we go again...
This online world. I'll tell you...
Well, yes, people don't come to this company for their competence or security, they come there because nobody else will put up with their vileness.
Right now that might be the case, but epik has a long history which predates that reputation. Most of their customers are probably from before they were associated with the "vile" stuff.
Moreover, we live in a time where simple guilt by association and even asking simple counter narrative, science-driven questions is enough to get one blocked from all other mainstream registrars and hosts.
There aren’t many other options that I’m aware of.
So, it’s entirely possible even new customers have joined for lack of other options.
I’ve resisted using them, and this incident vindicates why I’ve been hesitant to, but that still leaves me with no options for safely hosting thought that’s against authoritarian-approved narratives.
Once again, nuance seems dead, with no place for free thinkers in the middle between the extremes.
There aren’t many other options that I’m aware of.
So, it’s entirely possible even new customers have joined for lack of other options.
I’ve resisted using them, and this incident vindicates why I’ve been hesitant to, but that still leaves me with no options for safely hosting thought that’s against authoritarian-approved narratives.
Once again, nuance seems dead, with no place for free thinkers in the middle between the extremes.
> we live in a time where simple guilt by association and even asking simple counter narrative, science-driven questions is enough to get one blocked from all other mainstream registrars and hosts.
No, we don't. You get blocked from mainstream registrars by spreading hate and making the excuse that this is somehow "counter narrative, science-driven questions", but you know very well that that is not being honest.
No, we don't. You get blocked from mainstream registrars by spreading hate and making the excuse that this is somehow "counter narrative, science-driven questions", but you know very well that that is not being honest.
> You get blocked from mainstream registrars by spreading hate
Not really. The internet appears to have a two-caste system:
1. Facebook, Twitter, etc. Twitter hosts plenty of hate, but because they have a "policy" (regardless of its actual effectiveness), they're good. Facebook allows mass murderers to livestream their killing sprees, and their subsidiary, Instagram, literally hosts open-air sex slave markets. But because they have a(n ineffective) policy against these things, they're fine.
2. Gab, Parler, Bitchute, etc. These platforms also host hate. But because they have a policy that embraces free speech, they have significant deplatforming issues.
It's important to note that in our current caste system, it doesn't matter what you ACTUALLY DO. It only matters what your policy is, regardless of whether you enforce that policy or not.
Not really. The internet appears to have a two-caste system:
1. Facebook, Twitter, etc. Twitter hosts plenty of hate, but because they have a "policy" (regardless of its actual effectiveness), they're good. Facebook allows mass murderers to livestream their killing sprees, and their subsidiary, Instagram, literally hosts open-air sex slave markets. But because they have a(n ineffective) policy against these things, they're fine.
2. Gab, Parler, Bitchute, etc. These platforms also host hate. But because they have a policy that embraces free speech, they have significant deplatforming issues.
It's important to note that in our current caste system, it doesn't matter what you ACTUALLY DO. It only matters what your policy is, regardless of whether you enforce that policy or not.
I disagree. You get blocked for going against anything one political side says. Just because one political side does not agree with something does not make it hate. Trying to claim discussing medicine side effects is hate is absurd. Trying to claim discussing off label medicine use is hate is absurd. Both are things mainstream registrars will ban you for. You are implying all sites hosted on Epik are hateful. This is simply not the case. There are plenty of non-hateful reasons someone may have chosen Epik.
Science requires discussion and testing of theories and hypothesis. You then use the data you observe in testing to reach you conclusions. Sometimes your initial hypothesis is supported, sometimes its not. Shutting down all discussion before any data is collected is not science, its anti-science in fact. It is like half the world forgot this.
Science requires discussion and testing of theories and hypothesis. You then use the data you observe in testing to reach you conclusions. Sometimes your initial hypothesis is supported, sometimes its not. Shutting down all discussion before any data is collected is not science, its anti-science in fact. It is like half the world forgot this.
Those are not hate, they are just things that kill tens if not hundreds of thousands of people.
I'm pretty happy you're getting booted for doing things that are that fucking dangerous and damaging. Stop doing them.
I'm pretty happy you're getting booted for doing things that are that fucking dangerous and damaging. Stop doing them.
So you have now expanded your criteria. I'm guessing it will never stop expanding. Smoking kills 30k or so from second hand smoke alone each year. Why are all smoking company's not banned. Heart disease is the leading cause of all death in the US, why are sugar companies or site normalizing being obese not banned? Medical malpractice is believed to kill over 200k a year, why are doctors not banned?
You are happy anything you disagree with gets banned. What happens when your side loses power and the opposition decides to ban you as they deem you dangerous and damaging. I would assume you are going to turn yourself in to be disposed of?
Edit: You claim doing science is dangerous and damaging and will kill 10s of thousands of people. So how did the vaccine get made? Magic?
You are happy anything you disagree with gets banned. What happens when your side loses power and the opposition decides to ban you as they deem you dangerous and damaging. I would assume you are going to turn yourself in to be disposed of?
Edit: You claim doing science is dangerous and damaging and will kill 10s of thousands of people. So how did the vaccine get made? Magic?
If you want to engage in debate about things, I would suggest you first work on learning how to do so in good faith. If this is how you act, you make it very clear there is no point talking to you.
This is a typical response when someone can't support their side of the debate.
Bad faith is what you did. I never once mentioned anything that is dangerous or could cost live. Talking about medicine side effects or talking about off label drug use are not dangerous and do not cost lives. Your wrongfully try and claim it is.
Bad faith is what you did. I never once mentioned anything that is dangerous or could cost live. Talking about medicine side effects or talking about off label drug use are not dangerous and do not cost lives. Your wrongfully try and claim it is.
The counter narrative is rarely banned because the in-power authorities openly say “you expressed dissent against our official narrative”. It’s almost always done “to protect people”.
Although it seems your criteria has already quickly expanded from “hate speech” to also “dangerous and damaging speech”, I’m curious at what point you would become concerned yourself?
Is your only criteria for when the line is crossed an open admission by those in charge that they are enforcing one political side over another, with no attached moral justification?
What if someone you respected in your personal life were suddenly deplatformed? What if, tomorrow morning, you personally experienced and verified something to be untrue that today, based on the current narrative, you believe to be true (and therefore “fucking dangerous” if opposed)?
If I’m wrong, and truly only the most vile of speech is being (justifiably) removed, then what circumstances would have to change for you to share my concern?
I’m not being rhetorical or facetious, I’m generally interested in hearing where the line is for you.
Although it seems your criteria has already quickly expanded from “hate speech” to also “dangerous and damaging speech”, I’m curious at what point you would become concerned yourself?
Is your only criteria for when the line is crossed an open admission by those in charge that they are enforcing one political side over another, with no attached moral justification?
What if someone you respected in your personal life were suddenly deplatformed? What if, tomorrow morning, you personally experienced and verified something to be untrue that today, based on the current narrative, you believe to be true (and therefore “fucking dangerous” if opposed)?
If I’m wrong, and truly only the most vile of speech is being (justifiably) removed, then what circumstances would have to change for you to share my concern?
I’m not being rhetorical or facetious, I’m generally interested in hearing where the line is for you.
[deleted]
You’d need security for this to be a brutal hack.
This is the most brutal copying and pasting of publicly accessible data ever.
No, Epik lost plaintext credentials because they didn't practice proper secrets management.
It's not copying and pasting of public data, it's illegal obtaining of other party's data. Extra illegal since credit cards got hacked as well. Just a reminder if you seed this torrent.
No matter who you are and how much "security" you have, you're not beyond the reach of hacks or inexcusable exploits. Microsoft, Google, Facebook all spend billions on security and have all been pwned to varying degrees.
Microsoft's Azure has had multiple cross-tenant exploits revealed in the last 3 months, absolutely inexcusable flaws. One of them exposed a large swathe of Fortune 500 companies' data.
You're not "safer" at Azure than a small provider spending almost nothing on security, because of the impact of more attention and a larger target on your back.
Dunking on providers for being hacked is essentially victim blaming. There's a roughly 100% chance the providers you choose are vulnerable or have lost your data at some point in time.
Microsoft's Azure has had multiple cross-tenant exploits revealed in the last 3 months, absolutely inexcusable flaws. One of them exposed a large swathe of Fortune 500 companies' data.
You're not "safer" at Azure than a small provider spending almost nothing on security, because of the impact of more attention and a larger target on your back.
Dunking on providers for being hacked is essentially victim blaming. There's a roughly 100% chance the providers you choose are vulnerable or have lost your data at some point in time.
I'm not particularly happy that this happened but bear in mind that this isn't just your regular small provider. Gab, Epik and Parler (I guess Parler probably less so, but still) have very publicly antagonised a large amount of politically-motivated activists while also not making some of more basic steps to secure themselves. So you're basically inserting yourself into a political battle while risking your data. I feel sorry for the victims but that's the extent of it.
The motivation behind hacking Ubiquiti, SonicWall, SolarWinds and even Azure is very different and that matters.
The motivation behind hacking Ubiquiti, SonicWall, SolarWinds and even Azure is very different and that matters.
Cloudflare hosts white supremacist websites, anarchist groups, malware providers, hacking groups and otherwise yet if they were hacked I wager you would not have the same response. Why is that?
In fact, Cloudflare currently provides services to Gab.
Is this a case of double standards on your part for political beliefs of the founders?
In fact, Cloudflare currently provides services to Gab.
Is this a case of double standards on your part for political beliefs of the founders?
I would probably not have the same response, indeed. Allow me to explain: my dislike of the way these companies have acted is not political.
Gab rolled their own SQL injection prevention and failed at it, published the source for it (because they forked Mastodon and had to) and got hacked. When they got hacked they tried to cover it up and did barely anything to fight the fire they created. They got hacked again because they never reset any user tokens in the aftermath.
Parler got hacked due to them building a platform on Wordpress, using 3rd party plugins that were riddled with security holes that they never updated. On top of that due to their decision to use WP their entire platform got scraped using the sequential IDs.
And we've all seen this entire Epik debacle.
I see these as a complete betrayal of user trust and it makes any similar platform or service potentially dangerous to its users, that's all. If you're interested in my political opinion: I'm very torn between censorship and free speech as far as any entity in guardianship of others' speech is concerned, I still haven't found a balance where I'd feel comfortable planting myself because no decision happens in a bubble and is shielded from consequences in a bubble.
So, to circle back, I don't dislike Cloudflare for hosting Gab, I wouldn't even say I hate Gab for being Gab, I just avoid it. I don't know if I'd do business with Gab or not, but I'd say this: if you develop a reputation, whether thanks to you or people outside of your influence (the press or social media, for example), you have to manage it and act accordingly or risk causing a fallout.
Now, personally, I'd avoid white supremacists and anarchist groups, malware providers, hacking groups and any extremists as far as doing business with myself.
However, I'm not in charge of a giant company so I don't have to draw the line and I'm thankful for that, I certainly don't know if I'd have the wisdom to both consider my best interests, my company's best interest and the world's, all at once.
Gab rolled their own SQL injection prevention and failed at it, published the source for it (because they forked Mastodon and had to) and got hacked. When they got hacked they tried to cover it up and did barely anything to fight the fire they created. They got hacked again because they never reset any user tokens in the aftermath.
Parler got hacked due to them building a platform on Wordpress, using 3rd party plugins that were riddled with security holes that they never updated. On top of that due to their decision to use WP their entire platform got scraped using the sequential IDs.
And we've all seen this entire Epik debacle.
I see these as a complete betrayal of user trust and it makes any similar platform or service potentially dangerous to its users, that's all. If you're interested in my political opinion: I'm very torn between censorship and free speech as far as any entity in guardianship of others' speech is concerned, I still haven't found a balance where I'd feel comfortable planting myself because no decision happens in a bubble and is shielded from consequences in a bubble.
So, to circle back, I don't dislike Cloudflare for hosting Gab, I wouldn't even say I hate Gab for being Gab, I just avoid it. I don't know if I'd do business with Gab or not, but I'd say this: if you develop a reputation, whether thanks to you or people outside of your influence (the press or social media, for example), you have to manage it and act accordingly or risk causing a fallout.
Now, personally, I'd avoid white supremacists and anarchist groups, malware providers, hacking groups and any extremists as far as doing business with myself.
However, I'm not in charge of a giant company so I don't have to draw the line and I'm thankful for that, I certainly don't know if I'd have the wisdom to both consider my best interests, my company's best interest and the world's, all at once.
An encyclopedia may feature nazi iconography or text.
That's different from a book only featuring nazi iconography and text.
Regardless of our respective views, yours is not an accurate comparison.
That's different from a book only featuring nazi iconography and text.
Regardless of our respective views, yours is not an accurate comparison.
Have you reviewed the data yourself? Very few of the domains containing Nazi or far-right terms have ever actually been live sites. The ones that are/have been live are a very tiny subset of the overall customer base. There was a recently suspended Twitter account, @epikfailsnippets, that was publicly outing “the fash”. They got a handful of sites that were actually hosting hateful content before moving on to “Christian fascist” websites because there really weren’t as many hate sites as they claimed/expected. The majority, well over 99%, were innocent users using Epik for domain services.
I absolutely have a huge problem with CloudFlare. They are providing services to KiwiFarms, which is responsible for multiple suicides. That is not how an ethical company operates.
Maybe you will also have a problem with LetsEncrypt then which that is being used by the Daily Stormer. [0]
The appropriate action is to find any illegal content there and report it directly to either ICANN or to the authorities to force the registrar to take it down.
[0] https://community.letsencrypt.org/t/lets-encrypt-is-enabling...
The appropriate action is to find any illegal content there and report it directly to either ICANN or to the authorities to force the registrar to take it down.
[0] https://community.letsencrypt.org/t/lets-encrypt-is-enabling...
Yes, it's not great that they are doing that. Taking a stand against hatred is never the wrong thing to do.
If KiwiFarms causes "multiple suicides", then why won't you direct your anger at Facebook, which is responsible for thousands of teen suicides? I'm questioning where you choose to direct your outage. Given your own methodology, Facebook is a significantly worse problem than Kiwifarms.
Because Facebook is not dedicated to doing this and does not consist entirely of people trying to drive people to suicide.
Your response here is basically saying "Why are you trying so hard to catch this serial killer when cars kill so many more people".
Your response here is basically saying "Why are you trying so hard to catch this serial killer when cars kill so many more people".
This is not true at all
Yes a determined hacker will be able to breach systems and securities and vulnerabilities in hardware and software are found all the time. But a company that invests in security will almost always be less likely to be hacked and your data stolen. This does not mean the company is immune but, like in the case of Epic, if you store your data in an insecure location, you're practically asking to be hacked. It's not "victim shaming" to point fingers at a company with appallingly bad security
Yes a determined hacker will be able to breach systems and securities and vulnerabilities in hardware and software are found all the time. But a company that invests in security will almost always be less likely to be hacked and your data stolen. This does not mean the company is immune but, like in the case of Epic, if you store your data in an insecure location, you're practically asking to be hacked. It's not "victim shaming" to point fingers at a company with appallingly bad security
If you host with Azure or Epik you were exposed to serious security vulnerabilities in the last 3 months.
You seem to be claiming Azure is less likely to be hacked, however Azure has had cross-tenant security vulnerabilities.
You can't claim Epik is an "insecure location" while Azure is not while Azure has the absolute worst kind of security vulnerabilities. I'll remind you that Microsoft spends multiple billions of dollars on security and has large security and incident response teams :)
You seem to be claiming Azure is less likely to be hacked, however Azure has had cross-tenant security vulnerabilities.
You can't claim Epik is an "insecure location" while Azure is not while Azure has the absolute worst kind of security vulnerabilities. I'll remind you that Microsoft spends multiple billions of dollars on security and has large security and incident response teams :)
> No matter who you are and how much "security" you have, you're not beyond the reach of hacks or inexcusable exploits. Microsoft, Google, Facebook all spend billions on security and have all been pwned to varying degrees.
Yeah. Thanks to some bug bounties, which is a small part of the billions spent on security with some hackers is one of the solutions to this.
Without that, I think you would have a wild west of 0day exploits every day on lots of high profile companies. One day Anonymous will try to target someone else that they don't like and it could be any random S&P 500 company next. Who knows.
Yeah. Thanks to some bug bounties, which is a small part of the billions spent on security with some hackers is one of the solutions to this.
Without that, I think you would have a wild west of 0day exploits every day on lots of high profile companies. One day Anonymous will try to target someone else that they don't like and it could be any random S&P 500 company next. Who knows.
[deleted]
If Epik doesn't have the basic integrity to shut the hell down and get a security expert to rebuild their systems, then at the very least, I hope PayPal and friends are hurriedly cancelling those API keys (and the accounts that acquired and failed to secure them).
It would have been just better to report and target the content that you find hateful or illegal to the authorities directly to force the registrar in question (Epik) to take it down rather than a full fledged breach affecting beyond 15 million users. All for what?
Of course now it also affects people who haven't even used the service. [0] Won't be surprised to see the authorities being involved in the investigation of this breach.
[0] https://arstechnica.com/information-technology/2021/09/epik-...
Of course now it also affects people who haven't even used the service. [0] Won't be surprised to see the authorities being involved in the investigation of this breach.
[0] https://arstechnica.com/information-technology/2021/09/epik-...
My email appears in the hack, but not because I am a customer of Epik. I think they had a database of scraped WHOIS data.
Yikes.