Craftbrewer Hoax!

Australia & New Zealand Homebrewing Forum

Help Support Australia & New Zealand Homebrewing Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
I've started using KeePass portable, carry it around on my USB, have not yet tried to see if the Ubuntu version of it can read the same db though that the Windows portable version does........
 
anz's falcon takes the worry out of these sort of things

plus, the credit card issuer will refund fraudulent transactions

Totally Off Topic :icon_offtopic: tried to log onto my ANZ Internet Account and it was blocked It says my eftpos card has been reported lost or stolen which it is odd seeing as I have the card in my hand.

Nothing to do with Craftbrewer as I always pay by direct deposit into their account :icon_offtopic:
 

Passwords can be generated using similar methods - but you can bet that the crackers are using exactly the methods outlined in the comic to generate their own word lists and rainbow tables. I guess I'm more paranoid than most ;)

Yeah, I had a look into it after my last post and saw the stats are a lot faster than when last I looked but the rates are still a lot slower than billions per second for anything stronger than, say, MD5 hashes (which I've been led to believe are fairly out of fashion anyway). But even at those rates can you work out how long it would take to crack my weakest (memorised) current password: 18 characters, upper/lower case, numerals, special characters, spaces? That's 18^93, right? [EDIT: yeah, looking at Shane's graphic above, I've got that up the ****, disregard the figures but I think the point still holds]. Cracking passwords of random internet users simply isn't worthwhile/practical yet.

Yes as you say, some hashes are generated quicker than others. MD5 particularly is designed for speed, and that one of it's downfalls against attacks of this nature.

Based on what you've said, clearly you're in the 1% where these issues are of little concern :) (and by saying that I mean you're aware of the issues and ways to prevent them being a problem when generating your own passwords)
 
My email just arrived. I had been feeling peeved and left out.

The writing seems suspiciously Yasmani - like, although no mention of pishab.
 
Whois suggests the person behind this may be one Rasool Jamali. But it is all pretty complicated. Rasool Jamali might be an honest businessman trading under the name of craftbewer.com. Do NOT navigate to that page, may be unsafe.
 
I hope the culprit gets outed. That'd be fun.
 
Rasool Jamali might be an honest businessman trading under the name of craftbewer.com. Do NOT navigate to that page, may be unsafe.

nope - the content on his site has a free shipping image, and a CSS sheet that references images from craftbrewer.com.au.
 
Whois suggests the person behind this may be one Rasool Jamali. But it is all pretty complicated. Rasool Jamali might be an honest businessman trading under the name of craftbewer.com. Do NOT navigate to that page, may be unsafe.

Most likely he is just the listed contact for whatever ISP this clown uses, or just someone whose system got hacked and then used by the perpetrator. DNS records won't get you anywhere with this kind of thing.
 
Brewers,

Site is back up, apologies for any headaches caused... If you took up the offer & entered your card details for the $5 shipping via the link in the email, please contact your bank & cancel your card immediately.
If you entered card details at checkout on our site, there is no security issue. Call me if you are confused 07 3823 5252
Hopefully no one has been comprimised.

This has been a long day....

Cheers Ross
 
Brewers,

Site is back up, apologies for any headaches caused... If you took up the offer & entered your card details for the $5 shipping via the link in the email, please contact your bank & cancel your card immediately.
If you entered card details at checkout on our site, there is no security issue. Call me if you are confused 07 3823 5252
Hopefully no one has been comprimised.

This has been a long day....

Cheers Ross

Ross can you please disclose weather any data from your site was stolen? Usernames, passwords (and weather they were hashed or not), address, or any other personal information you keep.

It's important to be transparent and disclose what data (if anything) was stolen so your customers are aware.

I understand you may not know, but please ask your IT guys for the specifics.
 
Ross can you please disclose weather any data from your site was stolen? Usernames, passwords (and weather they were hashed or not), address, or any other personal information you keep.

It's important to be transparent and disclose what data (if anything) was stolen so your customers are aware.

I understand you may not know, but please ask your IT guys for the specifics.


This would be nice to know.
 
This would be nice to know.

Yes, usernames and passwords are one thing, but names, addresses and phone numbers are another. Also stuff on specific orders like "always out on Tuesdays, leave round the side" - hypothetical of course but could happen.
 
it's baaack

Untitled.png
 
Not sure if it's all fixed. After reading this thread I was curious to have a look at the craftbrewer site and just clicked on the ad at the top of the forums page literally a minute ago. Was sent to the dodgy page with broken english and free $5 shipping etc. So people probably still need to be wary.

Edit: Beaten to it!
 
I'll say Ross would about due for a Bex and a nice lie down.
 
Brewers,

As soon as we put the site back up, the spammers were instantly in so i've pulled the site back down.

Passwords may have been comprimised so please take action on any other accounts that may be using the same password.
Credit cards have definately not been comprimised unless you entered your card details into the $5 link - in which case, please cancel your card immediately.

I'm away for the evening, so wont be back online till tomorrow - I'm available on mobile for anyone worried or confused 0412 666952.

Really sorry.... i need a drink!!!

Ross
 
Might be time to change hosts? Generally a site can only be hacked if the server contains a security vulnerability. So either the server isnt fully patched or the the OS or associated software has a known bug that hasnt had a patch released yet. What version of Plesk is being run on this server? Anything below a fully patched v11 should not be trusted
 

Latest posts

Back
Top