reddit General

Slav Power said:
The part that says "clones the behavior of our intranet gateway" makes me think that the actual payload site was actually meant to trick the browser into exposing login sessions and tokens of their internal admin pages. But even then, how did they know how to do it if it's a website that's supposedly unreachable from beyond their HQ?
Click to expand...
I assume its a border device, and a phishing page was set up for it. I doubt the device itself was internal only (though it is possible, and it was exposing services that could be used to identify the make/model, they could have just got that, and set up a page on that but less likely), but probably provided VPN access or something to that internal network with the stuff that got compromised.
 
TooManyKittens said:
This. For all the sperging about ip addresses and checks many corporate intranet sites are only available through their *intranet* meaning you are at their HQ or you are using the corp VPN to remote in.

Thats a better question is how an external entity got it. Either:

A. Reddit is retarded and exposes their internal sites externally
B. Reddit network security is retarded and this info was leaked via unauthorized access *and* the intranet has no dynamic content that can't be spoofed or changes so much you can throw shit on there or it was recent.
C. Someone priorly had/currently access to said intranet legitimately and scraped it to use.

My wager is on B personally.
Click to expand...
Nigga haven't you heard of zero trust? Having your internal appliances on the public internet is all the rage now.
 
  • Feels
Reactions: Ukraine is Big Gay
  • Like
  • Lunacy
  • Semper Fidelis
Reactions: Corpun, Allakazam223, Moral Decay and 16 others
WonderWino said:
Meanwhile at reddit HQ.....


It legitimately works more often than people realize. Case in point: I could literally put on my old security uniform, walk into the local hospitals ER, tell the guard working the ER desk that I have a shift in the psych ward and i'd be handed an access key card granting high level access, let out through the ER exist into the hospital and ignored. Nobody would question me. Not security, not staff, not doctors, not anybody so long as I acted like I belonged and didn't do anything overtly stupid to imply I didn't. Thats how easy it would be for me to get full access to restricted areas of the hospital. Act like you belong and people will assume you do. Stop and think what kind of dangerous shit that could lead to if someone figured that out and had a mind to do something malicious. People are so unaware of their surroundings and oblivious to shit going on around them most of the time that they ignore even basic common sense much of the time
Click to expand...
Sperg time!

This is the real shit realization of "A whole lot of society and modern institutions only really work because we actually don't have that many active bad actors." and why opsec and internal vetting is at an all time low, because it's rare even in current year to get a genuine saboteur or bored problem causer on any damning scale. You have more to realistically fear from someone just being a moron casually and naturally.

Hell, before we had a million million distractions, outlets and avenues to go down with the closest you can get to "zero" barrier of entry to get mischievous and malicious tendencies alike out, we had more shenanigans happening simply because it was something to do. As reductive as that sounds it's basically the banal boring truth about the human condition.

It's partially why I laugh whenever these cagey terminally online reddit retards vibrate and scream about the internet and world at large being infested with hate and stalkers and act like they are living in constant fear with threats against their very person whenever someone posts "Guacamole Nigga Penis" on their dumb website and they had to see it for all of 5 minutes before it was deleted
 
  • Like
  • Agree
Reactions: Hoplixe, Sicko Hunter, UnsufficentBoobage and 9 others
Oh no hope this doesn't hurt that 15 billion you were hoping to raise whenever you try to take that turd public.

Reddit announced on December 15, 2021, that it is gearing up to file for an IPO with a valuation of over $15 billion from the Securities and Exchange Commission (SEC).
Click to expand...
 
  • Like
  • Informative
Reactions: Maggots on a Train v2, Allakazam223, From The Uncanny Valley and 2 others
  • Like
Reactions: From The Uncanny Valley, Lady Rackets Ass, Coolio55 and 1 other person
Billy Stinkwater said:
Yeah they had planned on March 2022 but then Ukraine kicked off and they used it to stall and now who the fuck knows.

Click to expand...
I'm using that excuse for everything now. "Honey, why didn't you take the trash out like I asked?" "Ukraine was invaded dear, I can't do that right now."

If they're delaying this long there's something seriously wrong with the company.
 
  • Like
  • Winner
Reactions: Woke Blue Muttlema, Sicko Hunter, Maggots on a Train v2 and 19 others
TooManyKittens said:
This. For all the sperging about ip addresses and checks many corporate intranet sites are only available through their *intranet* meaning you are at their HQ or you are using the corp VPN to remote in.

Thats a better question is how an external entity got it. Either:

A. Reddit is retarded and exposes their internal sites externally
B. Reddit network security is retarded and this info was leaked via unauthorized access *and* the intranet has no dynamic content that can't be spoofed or changes so much you can throw shit on there or it was recent.
C. Someone priorly had/currently access to said intranet legitimately and scraped it to use.

My wager is on B personally.
Click to expand...
I'm going for the write-in option D: "inside job."

Molly White's Breast Milk said:
If they're delaying this long there's something seriously wrong with the company.
Click to expand...
There's a variety of issues there, including hyper-inflated user counts (twitter was a warm-up), rampant pedophilia, overwhelming radical far-left moderation, and of course the small detail of the company not being even remotely worth fifteen fucking billion dollars (lol).

They'll never actually go public. Too much scrutiny. Sunlight is the best disinfectant and they know the whole place is constructed out of cockroaches.
 
  • Like
  • Agree
Reactions: DatBepisTho, Maggots on a Train v2, UnsufficentBoobage and 7 others
There were IPO talks as far back as early 2021, it was a big point of discussion on the investment subs (most said they'd short it lmao) until they realized reddit was probably never going to do it.
 
  • Like
Reactions: From The Uncanny Valley
Wendy's Chili said:
View attachment 4486800
Nigger are you retarded? This is all the article says about how the attackers gained the login credentials, and it is vague.
All this shit says is basically "some dumb retard entered their login to a site that attackers made to look like ours."
That is it. This is very far from saying exactly what the attackers did.

Phishing is not sophisticated either, it is not even real hacking by any measure.
They're just saying it's sophisticated to try and save from embarrassment.
What they're doing is the equivalent of calling HTML a programming language.
My "dumbass guesses" are 100% possible and probable. You have no idea what you're talking about.
Click to expand...
Yeah and right there are multiple details you were speculating about instead of just reading the fucking article.

I didn't debate you on the "sophisticated" part, but I read it as the other meaning of sophisticated anyway. As in "refined, cohesive, not shit" compared to the pajeet-tier standard for phishing attempts, not necessarily technically sophisticated (although I don't know what fucking rocket science you think the high end of this involves). But that's not relevant to you pulling really dumb shit out of your ass about it being some dumb login screen when it says right there it was a man-in-the-middle 2FA intercept.
 
  • Like
  • Dumb
Reactions: teriyakiburns and Fred Herbert
You must log in or register to reply here.
Back