Widget was hacked... Proof enclosed.

EvilEngineer said:
Basically what an injection attack is designed to do is utilize character input bars to plant code that they hope the server will parse into actually command statements. It does it by first figuring out what the server is programmed in, then working to design a special character string to dump the current line of code the server would be working on and have it follow a different command... from which that point the hacker can almost have complete control.

They literally could be draining the entire database of CC#, address... etc
Click to expand...

I'm a DB Developer - Yuppers ...what you say is TOTALLY TRUE.

I never thought about it. But YES ..one could get in easily.

I do XQuery now - trust me ...totally open! OMG!
 
Any chance of us getting an explanation from HQ rather than being armchair conspiracy theorists?
 
Do you think the campaign would tell you? That would lower their donations next time from paranoid people. Think about it people?
 
Laserbeast said:
You can't inject a SQL "attack" from the donation page, completely false. Moreso you couldn't inject a SQL "attack" via a Flash widget. I've worked as a database administrator 2 out of my short 21 years on this Earth :P

Less panic more celebration!!!
Click to expand...

You should start looking for another job. You clearly don't understand what you are talking about.
 
The information should be forwarded to the FBI - attempt to hack, and hacking, computer systems involving credit card information is a federal crime under 18 USC 1030.
 
In the #ronpaul IRC channel we were pulling directly the raw text data that the widget uses, like the graph sites do.
After the 11 p.m. minibomb we saw some great donation rate, for example at 23:36:13 EST 2007 we had:
last 3.1 minutes: $42,491 from 523 donations ($81.24 avg donation, $13,560/min, 166.9 donors/min)
Overall the bomb after 11 p.m. seemed to have really a lot of small donations, so the number of donors/minute was very high during the last hour before midnight.
And just to compare it with the overall for the teaparty:
online total: $6,022,995 from 58,840 donations ($102.36 avg donation, $4,198/min, 41.0 donors/min)
However the exact accuracy of that overall number is unclear, because during the last 10 minutes before midnight, the data that was being pulling stopped making sense, in particular data that was pulled at a later time had lower numbers than data that was pulled earlier, and about 10 minutes after midnight it jumped back.
Whether someone tried to hack it during the last 10 minutes, or whether it just collapsed due to the 11 p.m. minibomb that contained tons of small donations, I don't know.
But anyway all of this is related to the numbers that feed the widget, and the real amount in donations isn't affected by this, so the campaign should calculate the exact number and publish it.
 
mvpel said:
The information should be forwarded to the FBI - attempt to hack, and hacking, computer systems involving credit card information is a federal crime under 18 USC 1030.
Click to expand...

I doubt the FBI would go after itself...
 
There's now press release on ronpaul2008.com that says $6 million total, but it's rather vague. I followed the online donations data during the teaparty and I think the online donations total was higher than $6m in the end (cannot be sure because of what happened in the last 10mins), plus the $400k+ in offline donations that the campaign added at 11 p.m., so shouldn't the total be $6.4m?
 
iddo said:
In the #ronpaul IRC channel we were pulling directly the raw text data that the widget uses, like the graph sites do.
After the 11 p.m. minibomb we saw some great donation rate, for example at 23:36:13 EST 2007 we had:
last 3.1 minutes: $42,491 from 523 donations ($81.24 avg donation, $13,560/min, 166.9 donors/min)
Overall the bomb after 11 p.m. seemed to have really a lot of small donations, so the number of donors/minute was very high during the last hour before midnight.
And just to compare it with the overall for the teaparty:
online total: $6,022,995 from 58,840 donations ($102.36 avg donation, $4,198/min, 41.0 donors/min)
However the exact accuracy of that overall number is unclear, because during the last 10 minutes before midnight, the data that was being pulling stopped making sense, in particular data that was pulled at a later time had lower numbers than data that was pulled earlier, and about 10 minutes after midnight it jumped back.
Whether someone tried to hack it during the last 10 minutes, or whether it just collapsed due to the 11 p.m. minibomb that contained tons of small donations, I don't know.
But anyway all of this is related to the numbers that feed the widget, and the real amount in donations isn't affected by this, so the campaign should calculate the exact number and publish it.
Click to expand...
I did my best to explain why the number dropped in my post (the last one on page 10)
 
andJusticeForALL said:
I did my best to explain why the number dropped in my post (the last one on page 10)
Click to expand...

I do have the 11:53 p.m. file from the direct feed. All the data before it made sense, and had to wait until 12:10 a.m. or so until it let me pull another file that made sense. In between the numbers were messed up.
But what is the total for the teaparty?? $6m total? Or $6m online total + $400k offline total = $6.4m total as I suspect? Or what? Anyone knows?
If it's $6m total, does it mean that the online total was about $5.6m? How can that be when the numbers I have between Dec. 15 midnight and Dec. 16 midnight progress towards a number higher than $6m? (these numbers track online donations only)
Now ronpaul2008.com says $6.04m total... so how come it's not $6.4m total?
 
You must log in or register to reply here.

Similar threads

Swordsmyth
Trump's USDA Ends a Biden Administration Injustice
Replies
1
Views
26
acptulsa
acptulsa
Swordsmyth
NSA is urging Apple and Android users to change two specific settings on their phones to prevent possible cyberattacks
Replies
0
Views
89
Swordsmyth
Swordsmyth
T
Trump Campaign Hacked
Replies
9
Views
653
twomp
T
M
Entered my email address and they knew my phone, credit card and street address
2 3
Replies
48
Views
3K
acptulsa
acptulsa
PAF
REAL ID: Phony Security, Real Authoritarianism
Replies
0
Views
32
PAF
PAF
Back
Top