Their "weird" image system is to store images as base64 encoded strings on the database, which isn't weird at all.
well they use some tick to have the images not dwl from TOR, no? the hacker took advantage of this system, maybe. So far as I can tell, the effect of the hack was limited to item images and no sensitive information has been leaked. how can they say that if they suspect SQL injection?
|
|
|
Your buy order of 10.000000000 BTC at $12.82000 CAD/BTC has been completely filled on Dec. 19, 2012, 6:47 a.m. (MST). ![Cheesy](https://bitcointalk.org/Smileys/default/cheesy.gif) That 10btc must have looked like a mighty bid wall over at virtex! ![Tongue](https://bitcointalk.org/Smileys/default/tongue.gif) lol not really now I'm just 35 coins short.
|
|
|
Your buy order of 10.000000000 BTC at $12.82000 CAD/BTC has been completely filled on Dec. 19, 2012, 6:47 a.m. (MST). ![Cheesy](https://bitcointalk.org/Smileys/default/cheesy.gif)
|
|
|
Message from Dread Pirate Roberts (owner): -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hey gang,
I'm aware of the image hack that has taken place and am working with my team to fix the issue. Whoever was able to pull it off was is very skilled and clever. Hopefully no one has fallen for it and sent money to any of these mystery addresses in the images. So far as I can tell, the effect of the hack was limited to item images and no sensitive information has been leaked.
I have switched the default view for all accounts to "incognito" so images won't show up. Also, it is looking like we will most likely lose the defaced images, so those will need to be re-uploaded.
I'm terribly sorry for the trouble this is causing, and we will get it cleaned up asap.
- -DPR
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJQ0V3+AAoJEAIiQjtnt/ol61wIAJgLMU7G9afQIPcEP11QQUfu nvYAnM+BGsh6U/I65r5p7WzoLlIWTl+1mRIg3YNXMT/6UTphOMFKOv6/XXJig5o/ edja/1+5UJhLeOpXNuDlJDrLJqFGqGKu/swIn0rT2AmmxrgBcXYX+QUnoEZ4lJct qMcKVX/j6PnWoT62RfmS5cirvbR7R6DB/ahzaVlihjx+XYzw5PiSmPthivQlUiLB 9XWibiO73kxq2cw/+hVvnhHFKbME1Ima1Q/JVX0knY+oAXIW0jeTrg7irDlg7ObL Xn/w8WJ4GQ+qUkKn/jaY8Im3sFWLXDzWgC+VAAhmatEn49eSraVFA7kVX91tF6Q= =LZjl -----END PGP SIGNATURE-----
It was SQL injection. The attacker was able to change product images, so he added a "Quick Buy" option on to the images which included a BTC address to pay on it. He also removed the shipping options so that it was impossible to place an order. It doesn't look like anybody fell for it & the hack didn't affect most of the product listings, they however do not have backups of the original images so these will have to be reuploaded by the vendors. if it was SQL injection, then they should assume the hacker has the hole database, if you can do SQL injection, you have full control over the db... (protecting against SQL injection is not hard) but some JS or CSS "injection" could have done the same thing... and SR uses some weird way of displaying imgs so that you don't dwl them through TOR ( would be to slow ), sounds like the hacker found a way to hack that "img system" and change the imgs.
|
|
|
if you sell now, you sell for good.
I STILL BELEIVE I can't wait for 12.50, its going to be one hell of a show Get ready!![](https://ip.bitcointalk.org/?u=http%3A%2F%2Fwww.diabetesmine.com%2Fwp-content%2Fuploads%2F2011%2F05%2Fpopcorn.jpg&t=663&c=FoNE7amvoFlNHQ)
|
|
|
Dump alert! - I recommend removing bids, I want to see price fall fast! don't worry we will win the war, secret rockets standing by!
Selling your reputation as an analyst here, huh? :-P Ente Adam you dumping? Or dumped? I think he's dumped, I'm finishing my dumping too. What about you smoothie? ya sold a few days ago.
|
|
|
its hard to believe SR did not protected its database from SQL injection...
my guess is some silly JavaScript or CSS trickery.
not a major problem... and not hard to solve.
|
|
|
Meh, thats a pretty low level hack. Nothing compromised really. Should be fine in less than 48 hours I bet
agreed, but this will trigger the sell off that was going to happen anyway. 12.50 here we come.
|
|
|
lol ya SR has just been hacked...
You're really gunning for that 12.50 aren't you :-P Yea, it's gettin' kinda sad reading all that desperation ![Sad](https://bitcointalk.org/Smileys/default/sad.gif) sry man i don't make the news, i just tell you about it b4 it makes the news.
|
|
|
lol ya SR has just been hacked...
|
|
|
its all about to come crashing down. SR has been hacked.
|
|
|
second and final kid, is now 1 month, in 1 year or so she'll get a job
good, put it to work early. maybe sell macaroni necklaces. no she'll go back to cutting hair... LOL @ 1-year-old hairdresser ![](https://ip.bitcointalk.org/?u=http%3A%2F%2Fmyschoolstore.com.au%2Fpictures%2Forig%2FBS69300238.jpg&t=663&c=GAzysE-jaSsiOw) short back and sides, please. go fuck yourself.
|
|
|
second and final kid, is now 1 month, in 1 year or so she'll get a job
good, put it to work early. maybe sell macaroni necklaces. no she'll go back to cutting hair... or maybe walmart cashier for the benefits. i work for a small company so i don't get benefits...
|
|
|
Maybe try explaining that selling your BTC (or any asset for that matter) to pay for living expenses is a short term solution to a long term problem, only way to fix the problem is to increase income or reduce expenditure, think about it, what will you do when your BTC runs out.
reduce expenditure! that is all that need to happen. no more fucking 50$ baby toys (we have enough hand me downs....) and 5.75$ coffees, we have a coffee machine ( a fucked nice one too she bought it! stupid thing only make 1 coffee at a time -_- )
|
|
|
Never let a woman within 10 feet of your credit card.
A woman with a credit card is as dangerous as a bird with a machine gun.
LOL, my wife used to have a credit card on my account. When they sent us new ones with the chip / pin card feature, I just didn't activate her card and told her to get her own issued to her. She has bad credit due to stupid ass decisions, so she can't. she gave up her job to be a stay at home mom for a few years while the kids grow up. ( second and final kid, is now 1 month, in 1 year or so she'll get a job and money wont be so tight anymore) but for now its come down to that, cutting her off the VISA so we don't loss the house! and bitcoins...
|
|
|
I get mad and I YELL! ...she spends MORE! and tells me " cash in your stupid bitcoin " omg NOT MY BITCOIN PLEASE ANYTHING BUT NOT MY BITCOINS! just tell her they got hacked and they are long gone. then a couple years from now surprise her. in all seriousness, this is a problem that nearly all couples face. sitting down and working out a budget and tracking how you progress against it monthly is a necessary way to foster the communications that need to happen. bitcoins probably shouldn't be your only reserve either. i just told her that, she said " I know where your bitcoins are, i know you didn't lose them, you think I'm stupid?" LOL!
|
|
|
Obviously your partner has an broblems.
Haveyou tried communicating your worries withyour partner, friends or family?
I keep telling here, "we have no money!", "we have no money!", she says she needs the VISA to get food, ok cool get some food... she comes back with supper and 50$ baby toy. WE HAVE A MILLION BABY TOYS! WE HAVE NO MONEY! I get mad and I YELL! ...she spends MORE! and tells me " cash in your stupid bitcoin " omg NOT MY BITCOIN PLEASE ANYTHING BUT NOT MY BITCOINS! i exaggerate but you get the picture ...
|
|
|
stay calm, everything is goign to change, your going to make mistakes, soon your visa bill will be more then you can handle. but in the end you'll come out alive and well, because your smart enough to grow and adapt! you will come out of this much much stronger.
|
|
|
My wife is a crazy person who NEEDS to spend spend spend! Savings running dry! what do i do? ![Tongue](https://bitcointalk.org/Smileys/default/tongue.gif)
|
|
|
|