Even though I hate the guy, this is an interesting read.

anthonyroberts.co.za/2009/12/private-messages-on-forums-not-so-private

hey MF.... who here PM'd those ghey guys looking for ass?

lol

HA!

(Don't tell him MP. Please.)

ya well known to anyone that is familiar with php and mysql but good to know for those that arent aware

well duh.

HA!

(Don't tell him MP. Please.)

LMAO thanks for the laugh ahahhaha

You don't have to be a coder to appreciate potential security risks. Just be aware that anything you do on the computer can be traced or recovered, it just depends how hard someone's willing to look.

If you're doing shit that's extremely incriminating, never leave a paper trail, physical or electronic. It can come back to haunt you. And don't be retarded and solicit via PM or talk about illegal stuff that you wouldn't in public.

If you're doing shit that's extremely incriminating, never leave a paper trail, physical or electronic. It can come back to haunt you. And don't be retarded and solicit via PM or talk about illegal stuff that you wouldn't in public.

Probably one of the best ways to put it is in the way above.

So from what I found out, Dremen is really Nate's long lost son after one of Nate's party nights out. It was so touching watching them reunite after so many years.

BAM and Gilmour made up and now play street hockey together. Gilmour wears the torn boxers and BAM teases him about it.

Mr. O kept inviting Baracine over but Baracine kept telling him he's not gay. I think Mr. O won out and they had dinner last week. All I saw was a lot of smilie faces in the pm's the next morning.


LOL. All joking aside though, AR made a valid point but the way he presents it is provoking. It's all the rave now to attack a site or person hoping for retaliation in return. That's how they get "known". Notice how he singles out bb.com, steroid.com, ology.com, and EF.com? Why not the rest? Because if anyone retaliates to "defend" themselves, all they do is give him tons of free publicity to make him more popular. He doesn't care if people hate him or not, he just wants traffic.

Now, there are a few pro's on this stuff on CBB. You can chime in if you want, if not, I'll do what I can to clarify things.

When I installed my first version of vbulletin back in 2001-2002, it was one of the first things I pointed out to the community. PM's are not secure nor private. They are stored as plain text in the database. There were no "hacks" or addons back then and it was still possible if one knew a bit of SQL code. Over the years, some coders made addons to make it easier for non programmers to get at pm's. The one in AR's blog is an example. So some guys on other boards got the bright idea to encrypt pm's using the https protocol. That would mean from sender to user, it is HARDER to read, not impossible, just harder. (https is usually attacked using the man in the middle way). But even if from sender to receiver it is encrypted, it still gets stored as plain text in the database and readable by anyone who can get access to it.

Now let me complete AR's blog post in a non attacking way and for real info. That problem is not limited to the boards he says or the board software vbulletin. All board softwares don't encrypt pm's so it has the same issue. Now let's dig a little deeper, facebook doesn't encrypt your messages to others and can be read by facebook's admins at any time. Your emails are the same thing. Hushmail does encrypt so that one is good (but bad for criminal activity). Now my question is, why is AR singling out those sites and not facebook and email systems alike? They have the same vulnerability. We'll I don't think many of you would be doing something illegal in facebook, so you never think of it. Why would someone read my pm's in facebook? And if they do, who cares, there is nothing bad in them right?

So why do people get paranoid on a forum? Unless of course you are doing something illegal or malicious. Then you have something to worry about. Maybe from the mods/admins or maybe from LE if they get their hands on the board. And I've said this till I'm blue in the face (fingers actually), you should NEVER be doing anything illegal online. Especially on a forum. There are so many ways to get at you it's not even funny (unless you're LE).

Now the argument, ya, but I'm only a user, no one will bother me. Maybe.

But what if your "source" really knows how to be anon? What then? The only way for LE to get a step closer, is through you. So are you really anon?

Or what if LE wants to send out a huge message to all sites, bust 500 people and pick you up in that list. Was that cycle so important to you?

So does CBB have that hack. No.
But I don't need it because I can write SQL code to get the info I want. Does that mean I read pm's? The answer is no. But of course there is no way to prove it and that's where trust comes in. If you don't trust me, just presume I am reading them and write accordingly. I have nothing to gain from info in pm's or have the time to start doing that. But if I wanted to check, I could, just like every other forum out there, just like facebook and just like most email systems.

Probably one of the best ways to put it is in the way above.

So from what I found out, Dremen is really Nate's long lost son after one of Nate's party nights out. It was so touching watching them reunite after so many years.

BAM and Gilmour made up and now play street hockey together. Gilmour wears the torn boxers and BAM teases him about it.

Mr. O kept inviting Baracine over but Baracine kept telling him he's not gay. I think Mr. O won out and they had dinner last week. All I saw was a lot of smilie faces in the pm's the next morning.


LOL. All joking aside though, AR made a valid point but the way he presents it is provoking. It's all the rave now to attack a site or person hoping for retaliation in return. That's how they get "known". Notice how he singles out bb.com, steroid.com, ology.com, and EF.com? Why not the rest? Because if anyone retaliates to "defend" themselves, all they do is give him tons of free publicity to make him more popular. He doesn't care if people hate him or not, he just wants traffic.

Now, there are a few pro's on this stuff on CBB. You can chime in if you want, if not, I'll do what I can to clarify things.

When I installed my first version of vbulletin back in 2001-2002, it was one of the first things I pointed out to the community. PM's are not secure nor private. They are stored as plain text in the database. There were no "hacks" or addons back then and it was still possible if one knew a bit of SQL code. Over the years, some coders made addons to make it easier for non programmers to get at pm's. The one in AR's blog is an example. So some guys on other boards got the bright idea to encrypt pm's using the https protocol. That would mean from sender to user, it is HARDER to read, not impossible, just harder. (https is usually attacked using the man in the middle way). But even if from sender to receiver it is encrypted, it still gets stored as plain text in the database and readable by anyone who can get access to it.

Now let me complete AR's blog post in a non attacking way and for real info. That problem is not limited to the boards he says or the board software vbulletin. All board softwares don't encrypt pm's so it has the same issue. Now let's dig a little deeper, facebook doesn't encrypt your messages to others and can be read by facebook's admins at any time. Your emails are the same thing. Hushmail does encrypt so that one is good (but bad for criminal activity). Now my question is, why is AR singling out those sites and not facebook and email systems alike? They have the same vulnerability. We'll I don't think many of you would be doing something illegal in facebook, so you never think of it. Why would someone read my pm's in facebook? And if they do, who cares, there is nothing bad in them right?

So why do people get paranoid on a forum? Unless of course you are doing something illegal or malicious. Then you have something to worry about. Maybe from the mods/admins or maybe from LE if they get their hands on the board. And I've said this till I'm blue in the face (fingers actually), you should NEVER be doing anything illegal online. Especially on a forum. There are so many ways to get at you it's not even funny (unless you're LE).

Now the argument, ya, but I'm only a user, no one will bother me. Maybe.

But what if your "source" really knows how to be anon? What then? The only way for LE to get a step closer, is through you. So are you really anon?

Or what if LE wants to send out a huge message to all sites, bust 500 people and pick you up in that list. Was that cycle so important to you?

So does CBB have that hack. No.
But I don't need it because I can write SQL code to get the info I want. Does that mean I read pm's? The answer is no. But of course there is no way to prove it and that's where trust comes in. If you don't trust me, just presume I am reading them and write accordingly. I have nothing to gain from info in pm's or have the time to start doing that. But if I wanted to check, I could, just like every other forum out there, just like facebook and just like most email systems.

HAHAHAHA that's hilarious!!! Nate would commit suicide if that were true LOL :D

Thanks for the explanation too, very detailed. At the end of the day, we just need to all remember to watch our booties. Never know when and where the LEO are lurking

:moon