IT.COM

alert Epik Had A Major Breach

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
This still keeps me thinking, because it didn't come with the recommended grain of salt.

Yes I know I'm an emo guy :unsure:
That salt was thrown over the shoulder onto a blossoming field of passwords and credit card info. It was a large and supple handful.
 
3
•••
I will argue hackers are immune to patches submitted via bug bounty programs.

It discourages script kiddies and botnet scanners hammering an origin, but application-level vulnerabilities are rarely the cause of an entire system being rooted, as it was with Epik.

As jonh said, it is a matter of competent engineers and security experts.

Btw, thanks Rob for offering me a bounty, which I won't take. Unless you start taking security seriously by announcing you have rebuild your entire codebase, and are not relying on "remote PHP developers" to power Epik, I honestly think you are doomed.


Kirt gave you an honest advise, listen to the part "rebuild". A broken technology is a broken technology, no patch and no team will fix it.

This stuff means Epik is persisting in using remote PHP devs, Zend cannot be patched, but well time will tell if your technical debt is really irreversible.


PHP, Wordpress, alright. That's not how you play the game, that's why you are losing.
Zend is lit. 🐖
 
1
•••
The problems of using too little salt are well known by now. A common problem with too much salt is that the salt itself will become the problem. For example, if you have a small piece of land with a vulnerable crop, salt can get in the way of a continuous exchange of new insights and ideas. The correct dosage is important. I like the blossom analogy, not the boutique one.
 
Last edited:
0
•••
The periodic poll for forum members' favorite domain registrar is up and running again in another thread. Epik still scores high in the provisional standings, but slightly less than in the previous poll. There remains a loyal following, as is the case with a number of other favorite registrars among domainers. In terms of the number of domains under management (DUM), the CEO of Epik has indicated that more domains have been added since the data breach. Others argue that Epik has never lost 1 domain. I personally think the daily threads on this forum provide much more detailed insight into the quality of a registrar, it is extremely difficult to properly grasp the sentiment based on a periodic poll for several reasons, but we can agree that the outcome is important because it can be used in marketing.

https://en.wikipedia.org/wiki/Jelle's_Marble_Runs
 
Last edited:
4
•••
That salt was thrown over the shoulder onto a blossoming field of passwords and credit card info. It was a large and supple handful.

IMG_20211024_081141.gif
 
3
•••
Fancy how this thread now has more views and replies than the other rob monster thread, all in one month.

Rob would have been swaggering around, shining on lemonade & fooling the masses, had people remained quiet and left him to alone to play.

Despite some attempts to come out and ride the dragon, he remains forced to sit in the corner, for now.

This feels like an experiment to create a brand, build it up, then sell it. The subsidiary brands/services were created very quickly, rushed. Like to make the company appear to have more value.

Exactly. That was the whole point. "Launch" a bunch of products (white label) and make the company look as much like GoDaddy as possible, from a biz perspective, get a big pay and cash out. The term is pump and dump.

He knows exactly what he is doing.

He's trying to do like his last company GMI. Think he's grown it 100% every year for 7 years straight or something like that.
Swiss bank, bluffing, gab, free speech, etc.. etc..
Shift for the tides, find opportunities, make lemonade, etc.. its his way of marketing and growing.

Its alright.

Problem is he messed up.
And he doesnt care.
Its a game to him.
And he considers its not game over yet.
Call a Judge.

Literally gambling and trying lemonade in order to win while putting people's lives at stake.
 
4
•••
Last edited:
1
•••
Last edited:
1
•••
0
•••
My mail ID hacked . Despite password reset.

Russians.

Damn!
 
1
•••
0
•••
Outlook.

Trying to recover now. Should get back shortly.
 
0
•••
For anyone besides me who doesn't know what LemonDuck is.

TL;DR - a network of bitcoin minning bots

https://www.microsoft.com/security/...emoncat-modern-mining-malware-infrastructure/

Thanks for providing the link. But that link was already present in the info @Kirtaner provided :)

https://github.com/jgraef/epik-lemon-duck

Note how thoroughly things are being researched right now. As properly documenting takes a lot of time, you can reasonably assume that a lot more of these connections are now being researched.
 
Last edited:
1
•••
Thanks for providing the link. But that link was already present in the info @Kirtaner provided :)

https://github.com/jgraef/epik-lemon-duck

Note how thoroughly things are being researched right now. As properly documenting takes a lot of time, you can reasonably assume that a lot more of these connections are now being researched.

I looked at the git repository but didn't understand the significance. Questions I have are were those domains being used, if not when was it shut down.
 
1
•••
I looked at the git repository but didn't understand the significance. Questions I have are were those domains being used, if not when was it shut down.

Researchers understand the significance of this.

There are basically several investigations going on at the same time.

Tracking the hackers
Tracking the customers of Epik
Tracking the connections with RU/CN
Tracking the connections with Jan 6
Tracking the connections with past and future elections

To name a few.
 
Last edited:
1
•••
(that's why this thread has become such a mess, probably, but it's not the cause of the mess)
 
0
•••
1
•••
With regard to the aforementioned investigations, everyone is explicitly invited to contribute substantively to this thread. It is in Epik's interest (but won't fix the security issues).

Edit: but do respect NamePros ToS, and do not disclose any detailed info from the Epik data breach.
 
Last edited:
0
•••
The periodic poll for forum members' favorite domain registrar is up and running again in another thread. Epik still scores high in the provisional standings, but slightly less than in the previous poll. There remains a loyal following, as is the case with a number of other favorite registrars among domainers. In terms of the number of domains under management (DUM), the CEO of Epik has indicated that more domains have been added since the data breach. Others argue that Epik has never lost 1 domain. I personally think the daily threads on this forum provide much more detailed insight into the quality of a registrar, it is extremely difficult to properly grasp the sentiment based on a periodic poll for several reasons, but we can agree that the outcome is important because it can be used in marketing.

https://en.wikipedia.org/wiki/Jelle's_Marble_Runs
Rob Monster is posting at the other forum about how the whole thing is very unfair. Glad to see he is worrying about important things like the security of his customers' data and the part he and his company played in the harassment and endangerment of various individuals an informal poll on a webforum.
 
Last edited:
6
•••
Rob Monster is posting at the other forum about how the whole thing is very unfair. Glad he is worrying about important things.

Thanks, what did he write this time? :xf.eek:
 
2
•••
Last edited:
6
•••
Thanks, what did he write this time? :xf.eek:

This includes everything from the timing of the poll, to the methodology, to alleging that people voting for or supporting Epik are receiving private DMs, to NamePros "special relationship" with GoDaddy and Dynadot, and more.

Let's not forget guys Rob is the real victim here, going through the "struggle session", not the thousands of customers and millions of others his "shitty code" exposed who are now dealing with the fallout, and likely will be for a long time.

Brad
 
Last edited:
4
•••
This includes everything from the timing of the poll, to the methodology, to alleging that people voting for or supporting Epik are receiving private DMs, to NamePros "special relationship" with GoDaddy and Dynadot, and more.

Let's not forget guys Rob is the real victim here, going through the "struggle session", not the thousands of customers and millions of others his "shitty code" exposed.

Well, I don't understand. On the one hand, he chooses not to be active here anymore with his many ambassadors, otherwise he thinks what happens on this forum is all super important.
 
3
•••
Well, I don't understand. On the one hand, he chooses not to be active here anymore with his many ambassadors, otherwise he thinks what happens on this forum is all super important.

He can't control the narrative here. He did try though with his letters to Paul.

He is not facing the tough questions there that he is getting here.

It seems like he prefers to operate in an echo chamber where he can play the victim and spread nonsense with less pushback.

Brad
 
Last edited:
4
•••
This includes everything from the timing of the poll, to the methodology, to alleging that people voting for or supporting Epik are receiving private DMs, to NamePros "special relationship" with GoDaddy and Dynadot, and more.

Let's not forget guys Rob is the real victim here, going through the "struggle session", not the thousands of customers and millions of others his "shitty code" exposed who are now dealing with the fallout, and likely will be for a long time.

Brad

This is the man's vanity on full display. Hope that the hack scandal blows away, try to find another scandal to draw attention away, get voted #1 on NP, and offer discounted transfers. This is how he views his customers. As suckers. Who gives a rat's behind about infrastructure or code security, or private data.
 
Last edited:
4
•••
Back