Jason Thor Hall / PirateSoftware / Maldavius Figtree / DarkSphere Creations / Maldavius / Thorwich / Witness X / @PotatoSec - Incompetent Furry Programmer, Blizzard Nepo Baby, Lies about almost every thing in his life, Industry Shill, Carried by his father, Hate boner against Ross Scott of Accursed Farms, False Flagger

[Sargon's wife's son]

the virgin nepo baby game developing groomer versus the Chad autistic self-taught schizophrenic ramblings

 

[Webhead]

the virgin nepo baby game developing groomer versus the Chad autistic self-taught schizophrenic ramblings

cool video but the TAA makes my blood boil

 

[Eminent]

He's not wrong, but that's because humans are capable of making mistakes far more than a computer is. A computer is gonna want to know what elementary school you went to, and depending on how strict it is, it may not accept your miscapitalization based on how you originally answered that question, nor does it agree that [SCHOOL NAME] is the same as [SCHOOL NAME ELEMENTARY], where a human would be more accepting of the former and not say you're wrong by not adding the "Elementary" part on the end, and the same goes for what city you were born in. That's just talking to people, now you start sending emails out saying their bank account is compromised or they need to click this link to accept a UPS package or whatever. People are the weakest link, everything else is hard skills to navigate a network, usually via command line.

I'm not saying he's wrong, I completely agree with his statement. I was just noting that he technically undermines his own knowledge.

 

[Pizdec]

I'm not saying he's wrong, I completely agree with his statement. I was just noting that he technically undermines his own knowledge.

"I have all these scripts, these exploits, zero days, and RATs at my disposal, but really, all I have to do is say 'your mom's been compromised, I need 50k and her social security card'"

 

[Illuminati Order Official]

It just came to me that Jason and his Heartbound is no different than Ethan van Sciver with his Ranbow the Brute and Fatrick Tomlinson with his Christmas Carnage: catty effeminate faggots talking about their magnum opuses while spending all their time on social media instead of working.
At this point @WogglebugLover produced more media than those three. And she's a retard with diagnosed autism and schizophrenia.

 

[Ted's Cabin]

These DEF CON badges are a joke. Jason advertises winning 3 of them on the front on his website as an incredibly important part of his hacker persona. The OP should cover how the "telephreaking" badge was won, and the other badge where he became the room organizer to steal information from other teams. So for the telephreaking badge, Organizers played 52-card pickup and dumped a bunch of badges on the ground so attendees could LARP as hackers by figuring out someone had used their birthday as a password. This process somehow took an entire team of exceptional individuals.

And just a note, DEF CON 25 was July 27-30 in 2017. Don't mix it up with the social engineering group children's badge that took place at DEF CON 2017 also.

The Def Con game started with TProphet dropping 50 Ellingson Mineral "employee badges" around the conference. On the back of each badge was a series of phone numbers that contestants would call and try to swindle the operators to share information about the company and, eventually, to take down the company's power distribution unit.

The Telephreak team went as far as setting up a call center in Minnesota with people who would adjust their replies to the callers based on the amount of Twitter chatter around the company. The more people tweeted about the contest, the tougher it would be to get info from the "employees."

The contest was scheduled to run until Sunday evening at 6PM PT, but the company was successfully hacked by a team called Psychoholics late Saturday night. In addition to getting kudos from the Telephreak organizers, the winning team got an "Uber" badge from Def Con -- which means it'll have free access to the conference for life. That part wasn't expected by TProphet. "It was a total surprise to us when Def Con named it a black-badge competition. We weren't even an official Def Con contest," he said.

De facto Psychoholics team-leader Jason Thor Hall said he handled most of the social-engineering work, but by the end of the challenge even some of the shy team members were getting into it and picking up on social cues. "Being able to read other people is huge in any walk of life, so I am glad they got to experience it and see how social engineering works in practice," he said.

During the challenge, the would-be phreakers had to do more than just make phone calls and remember dial tones; they also had to figure out voicemail passwords. One was an employee's birthdate. Another was the last four digits of an employee ID. Sadly, these are typical mistakes made by actual people in the real world. That alone should frighten the security team of any company.

One other thing I thought was interesting, Bradie Rehmel is listed as a lead artist of Heartbound at Pirate Software and was in his 2017 group too. I think this Adam Baldwin was on it too, just to drive home my point about the epic hacker larping.

I don't care enough to fit it into his timeline, but here's one video where he talks about winning a badge by pretending he wasn't competing, getting the key to the competition room, and leaking information from other contestents back to his team while he apparently stayed awake the entire time in the room. I've heard reports that in these 72 hours he repeatedly shit himself and the smell kept other contestents away from the puzzle room, but can't confirm or deny it.

"The shock and anger was enormous".

PirateSoftware and his craziest DefCon story!

https://preservetube.com/watch?v=A40LkDfTmCk

Your timely reminder: Not all hacking requires a computer

https://archive.is/0dT3G

I'm pretty sure these groups only have prestige because the average person has no idea what they're doing, and the hacker LARP looks convincing if you don't know any better either way.

 

[Burnt Effigy]

One other thing I thought was interesting, Bradie Rehmel is listed as a lead artist of Heartbound at Pirate Software and was in his 2017 group too. I think this Adam Baldwin was on it too, just to drive home my point about the epic hacker larping.

Bradie "Shaye" Rehmel is the legal name of Mald's "boyfriend", who makes zero attempts to not look like the most generic tomboy on the planet despite being a genderspecial non-binary but actually binary "man".

No clue what the powerword is, though.

 

[nukebot]

But he worked at Blizzard for 20 years! He's a veteran in the industry! He couldn't possibly be lying about how much of an epic 1337 haxor he is!

Very good research here. All this stuff kinda follows from his "Epic Industry Veteran" persona where he just talks a big game but for some reason barely shows off his actual "abilities" in lieu of just talking about how smart he is and showing off "his" awards. Not surprising to see even with his cybersecurity credentials it's mostly just lies him being incompetent.

So, I went ahead and slapped out some CompuTIA Tech+, CompuTIANetwork+, and a half a dozen other courses with the CompuTia Preamble on various free resources. I'd say I'm pretty shit still when it comes to "Being Hax0r fagget" but after lurking here, on half a dozen ancient IRCs behind VPNs, operating through the gay faggotry of reddit, trolling Jita on Eve Online mentioning Maldavius, snooping the furry community with a dogshit "Entry Level Linden labs furry wolf avatar thing", and generally spending time I could be zoning out while my child plays minecraft on his own secure server that him and his friends have patched to high hell (Oh, wow, a preteen has his own Customized Minecraft Server with a ton of mods to it and even more bullshit than Jason has, makes you think) I realized that it's energy wasted.

It's not "Hacking". It's not some magical bullshit guruing. All Jason has done is take his insane gaslighting and manipulating of people and renamed it after he himself was tossed to the side by furry pornsite owners. So, psychotic manipulation becomes "Social Engineering" and "Computerless Hacking".

Just to rinse my eyes and ears of Jason, I'll post a video from one of his 'detractors.'

Spoiler: Local Copy

View attachment 6391176

Preserve Tube | Ghost Archive

He's blindly cobbling together game "code" to make a game with "Variables" with basic "If this then that" qualifiers without compiler callbacks because he thinks he's some kind of "Living Braniac" faggot who can operate a game in the form of a ever growing flow-chart with bland as fuck storytelling, character development, and a desperate attempt to be a multiple-ending version of Undertale with more than 3 options and spin off into an attempt to be a Magnum Opus of Chrono Trigger. The music, derivative, is thematically and idiosyncratic of "The Secret of Mana" which was another game he had a huge hard-on for. Now, I don't have the time to compare OSTs but I can tell you right now I listened to them both and they are 100% similar. All of this comes to a head - Jason is an industry fanboy who has nothing to his name but mimicry. Even his "Grand Creation" is little more than a faggy little fan-fiction ripp-off of Undertale and some Golden Age of Squaresoft properties with some furry fuckery mixed into it to target the degenerates that he's fucked with for years.

It would be sad if it wasn't such a shit person

 

[Joe Headroom]

I'm completely lost as to how an "encryption algorithm" vulnerability could lead to breaking 2-factor (in a most likely type situation). Presumably at the time this 2-factor would have been their physical authenticator keychain or SMS-based, as far as I know. In this case the only encryption would be on the phone network, which you're certainly not touching, or on the HTTPS request to the website, which does not contain the 2-factor codes anyway initially.

How do you know this is the "most likely" exploit? It isn't even clear which exact exploit or time frame this would've been.

It was an educated guess based on the information provided in the video. Jason never elaborates, so I extrapolated what I know. But since you're asking, I did a tiny bit of digging. Around the time Jason was employed, Blizzard implemented a Time-Based One-Time Password (TOTP) Two-Factor Authentication (2FA) to secure accounts. From what I remember, it was an optional program where you bought a $20-$30 keychain from the Blizzard store, and it promised an additional layer of security to stop hackers from getting into your account and stealing your gold.

Spoiler: Quick and dirty explanation of TOTP

There are some obvious downsides to the keychain fob. They can break, get lost, and the battery will die on you eventually, all of these will leave you without access to your account until you contacted support. The biggest and less obvious flaw of the fob is that you cannot change or patch them. If a security flaw is discovered, you're pretty much stuck with it unless you change the device. That being said, having bad 2FA is still better than having no 2FA.

Inside the TOTP fob is a 20 character 'password' known only to the fob and the authentication server at Blizzard. Through wizardry, this key is encrypted by using complicated math that takes the current time and our password, mixes them through a non-reversible hash algorithm, and randomly selects a chunk of the output and converts it into a six digit key for you to use that changes every 30 seconds or so. So long as the authentication server and the fob get the same result following the same steps, the keys will match and access will be granted.

I'm not sure if Blizzard used multiple models and manufacturers, but the model I found that was used was the DigiPass GO3. According to a study on the device, there were a few interesting discoveries that could lead to exploits:

• The first digit 'a' is the time sync, and increments by 1 every 64 seconds.
• The remaining digits 'b,c,d,e,f' are twice as likely to have the digits 0, 1, 2, 3, 4, 5 than the digits 6, 7, 8, 9.
• The server accepts codes up 7:59 minutes old, any code that is 8 minutes or older will cause the server and fob to de-sync and become unusuable. (This is to adjust and re-sync time incase the fob's clock is fast or slow)

Based on these numbers, the odds of correctly guessing the correct key on the first try is 1:32,767. The odds get better depending on how many retries Blizzard gives you to authenticate. Most likely they are generous considering people log in to their servers multiple times a day. The limit of failed authentications (if there were any), probably reset every hour or 30 minutes. Let's assume the limit resets every hour, and we're a cautious attacker and use 1 less than the maximum retries to brute force someone's authentication, and continue our attack against a single account for a month. That gives us a total of 720 resets to try and guess it correctly:

Retries Per Hour	3	5	10	20	100
% of Success	4.29%	8.41%	17.94%	34.13%	88.64%

If you're blindly trying this against 10,000 accounts with compromised passwords, you could get some serious results. Blizzard could 'patch' this exploit by lowering the amount of retries, narrowing the time codes are accepted, forcing password changes, geofencing accounts, issuing newer fobs that don't have these exploits, or switching to digital authenticators.

Spoiler: tl;dr

bad/compromised passwords wont save you even if you have 2FA

 

[Brother Milor]

Our overlords at Google realized I was interested in this "Is Jason using a voice changer?" question and recommended a short with him being interviewed. Found the original video after a little digging- (starts at 19:34 if the timestamp fails)-

 

[itogi]

Our overlords at Google realized I was interested in this "Is Jason using a voice changer?" question and recommended a short with him being interviewed. Found the original video after a little digging- (starts at 19:34 if the timestamp fails)-

Ghost Archive, Preservetube, local:

P.s. Why did Bao attend Open Sauce???

 

[Macintosh Love]

Spoiler: Schizo Archiving

PirateSoftware and his craziest DefCon story!
https://preservetube.com/watch?v=A40LkDfTmCk

Spoiler: Local Copy

Preserve Tube | Ghost Archive

Our overlords at Google realized I was interested in this "Is Jason using a voice changer?" question and recommended a short with him being interviewed. Found the original video after a little digging- (starts at 19:34 if the timestamp fails)-

Spoiler: Local copy

Preserve Tube | Ghost Archive

 

[McSneaks]

Is he concerned his milquetoast takes and hypocrisy make him a target from government intelligence agencies?

And if he were such a target his home internet ISP would also be at risk.

Erm, kind of cringe you don't think he's hacked his own internet and shielded his house in top of the line anti-government material (totally not tinfoil).

He even uses a high-tech security device on his front door that prevents spooks from hacking into your typical normie biolock to gain access to his hacker den, it's called a K.E.Y. (keep everything yours). Wouldn't expect you plebs to understand functioning at his level when everyone is trying to steal your shitty indie gamecode and youtube secrets.

 

[Kheapathic]

SNIP

I don't remember exactly when it was; but their devices were eventually figured out as hackers were routinely compromising accounts with the 2FA device linked to the account. Not sure how well the Blizz Authenticator App has been though.

Erm, kind of cringe you don't think he's hacked his own internet and shielded his house in top of the line anti-government material (totally not tinfoil).

He even uses a high-tech security device on his front door that prevents spooks from hacking into your typical normie biolock to gain access to his hacker den, it's called a K.E.Y. (keep everything yours). Wouldn't expect you plebs to understand functioning at his level when everyone is trying to steal your shitty indie gamecode and youtube secrets.

There are imaging devices law enforcement has, that to keep it simple, use sonar or thermal imaging to see through walls. Believe it or not, tinfoiling your walls combats this tech.

 

[nobody here]

He's a complete degenerate and freak schizo. In one of his Youtube Shorts called "PVP Enabled Network" he talks about how he refuses to use any of his accounts outside his home because he doesn't trust whoever owns the cell tower. This doesn't really need to be said, but 3G data and above are not considered vulnerable. Also obviously your actual communication with your bank is HTTPS which means even if they had access to the traffic it wouldn't be useful.

VPN sponsorship incoming

 

[Sunflower Samurai]

Ghost Archive, Preservetube, local:
View attachment 6396798

P.s. Why did Bao attend Open Sauce???

Bao and other hoe vtubers popular on twitch have been slowly transitioning to be pseudo IRL twitch streamers like its common on that platform to farm more simps using their body and to network better with groups like OTV (as some of them are Asian, Bao in particular), considering she showcases OTV member Micheal Reeves' shit at the start, she was probably invited there because of him.
i recall some shittery with William Osman (the guy who made the con) being retarded, but i couldnt tell you OTOH, but he is also in that annoying cricle of tech youtubers that make pop science types and "WACKY111!1!' inventions, its no surprise that Thor weaseled his way into both here and the twitch vtuber crowd, knowing how the latter goes, his chances of being twitlongered increased by 30% atleast

 

[Stumbling7]

When do you think people will realize, that he perhaps will never finish his game?
Seriously, I went to his live, and all I see is 12 Hour Streams of wow and Space marine 2.
Can't he at least make a video where he talks about the what's still in development in his game, or perhaps his audiences doesn't care?

 

[⋖ cørdion ⋗]

Our overlords at Google realized I was interested in this "Is Jason using a voice changer?" question and recommended a short with him being interviewed. Found the original video after a little digging- (starts at 19:34 if the timestamp fails)-

>Asian american girl with circular glasses who still cling to japanese rituals she never naturally exercised in life, grifting a nerd audience, acting the part of "gremlin" as per vtuber standards
Fuck this dumb jewish plant; why is this stereotype such a thing suddenly?

 

[REGENDarySumanai]

>Asian american girl with circular glasses who still cling to japanese rituals she never naturally exercised in life, grifting a nerd audience, acting the part of "gremlin" as per vtuber standards
Fuck this dumb jewish plant; why is this stereotype such a thing suddenly?

Bao's Vietnamese.

 

[Burnt Effigy]

When do you think people will realize, that he perhaps will never finish his game?
Seriously, I went to his live, and all I see is 12 Hour Streams of wow and Space marine 2.
Can't he at least make a video where he talks about the what's still in development in his game, or perhaps his audiences doesn't care?

Honestly? I think people have already forgotten, or never really knew that he's making a game.

Most people know him as "wise computer man with life experience", not as a game developer. Anybody watching him frequently (or sampling his live streams randomly) would be watching him for his interactions, not his content (seriously, out of all his streams, half are him playing games, 40% are him editing minecraft plugin configs, and out of everything else, maybe 5% are him with GMS open).

Unlike yanderedev whose literal existence is nothing but Yandere Simulator, Mald's existence depends more upon the clips of his "wise knowledge" he posts on youtube shorts.


But for when most people are going to think he's never gonna finish heartbound, well, Yandere Sim has had weeks worth of content detailing how much of a shitshow the game is (whether it be design wise, code wise, or how much of a cow Alex is) posted by big names, which have been seen by multiple millions, and yet, there are still people out there that genuinely believe in Yandere Sim being complete one day.
So, to answer your question: never.