This submission has been crossposted

Timestamp - 2014-04-25 20:53:19

I am a bot. If this was an error or have any feedback, send me a message

Haha, can you imagine if this or that idiot or shill was actually a shitposting military AI? There is tremendous intelligence-industrial interest in linguistics and artificial intelligence

I think the only reason "certain subs" still exist is because shitposting AI is still not 100%. I'm sure they're working on that. If only shills knew they'd lose their jobs to robots maybe they'd stop whoring themselves out and get real jobs.

Most people don't even access Reddit using SSL. You have to be an anal bastard like myself to always type https://pay. in front of everything to even use SSL on Reddit. And that specific vulnerability requires one side or the other to peck-peck-peck to grab more memory/session keys to get anything of use.

Can you give us a little more information about the technical details of what it is you're talking about or can you admit to talking out yer ays? :)

This thread has been linked to from elsewhere on reddit.

• [/r/SubredditDrama] An /r/conspiracy user isn't convinced that government hackers are exploiting reddit's servers to steal accounts. OP is not happy with him

^{I am a bot. Comments? Complaints? Message me here. I don't read PMs!}

If Reddit warned users to change their passwords it means their system was vulnerable and most likely people knew about it and took advantage. If it didn't happen there would be no need for Reddit to acknowledge this flaw.

Just like automobile recalls.

No, if you are a responsible service provider and you use SSL and you use OpenSSL (if you are are a responsible service provider YOU USE SSL site-wide; not necessarily OpenSSL), you updated your openssl version and rotated your SSL key and told users about the flaw.

Reddit is irresponsible in that it's 2014 and they STILL can't manage site-wide SSL. But they're responsible in that they realized that they do use OpenSSL on their servers and use SSL (god, i hope) when they accept your password, if not your session key) and they updated their version of OpenSSL and rotated their SSL keys and told everyone about it. If you logged out and in again during the likely 4-12 hours they were vulnerable with your password (i.e., not with a session key, which is likely vulnerable...all the time...), there's a remote possibility that someone using the exploit might get your password...but the likelihood is really, really remote.

Do you have any proof that specific accounts were hacked? And that they were hacked using heartbleed? (Of all the things to use to glean individual account credentials, that's just silliness - for Reddit, running a cracker like John the Ripper with a good password list or just sitting in a coffee shop or university sniffing traffic would be faster and more effective.)

Do you have any proof that specific accounts were hacked?

1. The fact that you know a little too much about this

2. Reddit acknowledged this flaw

3. Reddit warned users to change their passwords

EVERY WEB SITE VULNERABLE TO THE FLAW TOLD USERS ABOUT THEIR VULNERABILITY.

That does not mean that someone stole your password using the heartbleed flaw and used it to log in and shill. It's so much easier just to guess your password, ESPECIALLY SINCE PRETTY MUCH NO ONE EVEN ACCESSES REDDIT USING SSL BECAUSE REDDIT SUCKS AT PROVIDING USERS WITH BASIC SECURITY.

Sorry for the caps, but my head is exploding. I apologize for my short temper, too.

I hope you realize you're using just as much conjecture as I am, except mine makes sense and was confirmed by Reddit itself, and I don't need to lose my temper to make a point.

I didn't lose my temper, I used capital letters so that people reading this may better understand my points. Seriously, no offense, do a little bit of reading about the exploit itself, how it works, how it can be exploited, and you'll understand.

You're more exposed by the fact that Reddit is not secure at all than you are by this specific bug. Not to say that this bug isn't a big fucking deal - it is - just not to Reddit, which was never really all that secure to begin with.

Also, do you own a botnet or are you an /r/conspiratard, or what? Very interesting and atypical vote dynamics on this thread.

What? If anyone presents tard traits it's you. "You can't prove anything you're saying and I'm the expert so NOW I NEED TO SCREAM BECAUSE I'M WHINING ABOUT DOWNVOTES".

Grow up dude. If people downvote you take it like a man and reevalute your argument. Did you stop to think that maybe you're wrong?

Why would I take it like a man when I'm a woman? Chill and learn a little bit, eh? Read a little about the heartbleed exploit, what it is, and how it works. Then read about how, you know, Reddit doesn't use SSL site-wide and direct your energy into getting them to secure their site and our interactions with it instead of getting all pissy and spewy.

Oh snap

Getting all pissy and spewy? If I recall it's you who just apologized for the short temper. Then you accuse me of something just because you can't handle being wrong? Maybe it's you talking out of "yer ays".

I'm not wrong. It's easier to steal your password by guessing it than to steal it using the Heartbleed vuln, especially if you didn't log in during that 4-12 hour period and you don't use https to access the site anyway.

I'm done arguing with you because obviously you are too fragile and butthurt to do some basic research to back up your ridiculous theory - so fine, it's true: the magic heartbleed fairies stole your passwords and they're shilling under your account name and Reddit even admitted to it by being precautionary and asking you to change your password like every other affected web site did! Onward, extrapolator.

You're funny. You lose your temper, apologize for it and then complain about downvotes and accuse me of having a bot net.

Then you call me butthurt. Now I know why you got downvoted.

I was joking and trying to be nice to you.

But let's quit the derail - can you explain the proof you have of non-shills whose accounts were taken via the Heartbleed exploit and then became shilly? Or at least link to a couple? And the info that makes you think the accounts were pwned using that openssl vuln?

You clearly have not been here too long, or just playing dumb. If you had 2 brain cells and able to look at a user's history it's quite obvious.

Which user's (or users') history? You may have some good info about compromised accounts - but you haven't shared it yet.

I have close to 1000 users cataloged. You're in /r/conspiracy so I'm going to assume you know how to research. Do it.

Why not share them and the proof that they were pwned using the openssl bug? Or share with a security researcher to publish? Posting vague bullshit sounding stuff to the sub doesn't help the cause, but putting real info out does.

If I wanted to share 1000 usernames I would have put it in the post. Putting real info out? Yeah, people get shadowbanned for that. Your refusal to actually investigate this and expect me to spoon feed you doesn't help your case, and makes you look like an amateur. I don't like indulging amateurs.

Alright, Skippy. You go on with your bad self.

But seriously, I know you know the deal despite your insults trying to cover - when this is over, I'm confident that you'll do some real research (I saw you did a little, heh)--there's a lot of cool data out there and in the future, maybe you will find something worthwhile with some data behind it to share for the greater good vs. Reddit peen-measuring. :)

I don't know who you are, I've never seen you before. You think I'd just give out names to some stranger? Truly an amateur. Stick around more, maybe you'll learn something.

Your account is less than a week old...

That's supposed to mean something? The people who are supposed to know who I am know me just fine. Actually, your account pretty much matches my theory. Maybe that's why you're so upset about this? I said something you don't want people to know about?

Like what?

You didn't read the post title? Like I said, amateur.

You're an "expert" in networking and this is the type of question I have to deal with. You're killing your credibility, I hope you realize that.

I never said I was an expert, I asked you to explain why you think your premise is true. You haven't yet. You seem pretty confident, so you should just pony up.

You're in /r/conspiracy. I expect better things from the people here. If you're new to the whole shilling phenomenon I suggest you do a little research before getting into a subject you apparently know nothing about. I'm not here to educate you. My theory is sound on the grounds I claimed and your denial doesn't stand up to scrutiny and like you said, you never said you are an expert. Work on that first. You sound like you're talking out of "yer ays" again.

So why is it that you think a bunch of accounts were hacked and used to shill using the heartbleed vulnerability? Why be such a jerk about it and why not explain more than "mystery solved." Mystery ISN'T solved, you haven't provided even a halfway decent theory, much less even a bit of evidence. Done arguing with you, because you obviously aren't able to either back up your theory with even cursory info.

Because I didn't spill the beans on the users like you conveniently wanted? You must also not know anything about the recent surge in subscribers as reported by the mods. Here's some homework, kiddo: search this sub for the word "shill".

My backup is the expectation you have some notion of what goes on in here. You apparently don't, that's why you fail at understanding my position.

Why be such a jerk

Ad hominem. Be civil.

Why is it you think a bunch of accounts were hacked and used to shill using the heartbleed vulnerability?

Did you do your homework? Or is spoon feeding the norm where you come from?

So why is it you think that so many old accounts are/were suspected of being puppet or shill accounts? Why do you think they were hacked using the Heartbleed exploit?

An amusing ignorance of how the Internet actually works.

Downvote me all you want, but anyone could get your Reddit login credentials easier than using heartbleed. SMH.

Easier to just create throwaway accounts in bulk. Like your own account which is suspiciously only 5 days old for example.

Plus I don't think most people don't use SSL for reddit, or bother with a secure password for it. It's not like its your bank account or something.

Throwaway accounts don't have years of history as cover stories. They're useless since people wouldn't take them seriously. Reddit uses SSL for authentication always. Besides, heartbleed is an option that was probably exploited since Reddit warned people to change their passwords. I'm sure brute force or other methods work just fine for those who don't care about secure passwords.

Throwaway accounts don't have years of history as cover stories. They're useless since people wouldn't take them seriously.

Says the person who has been a Redditor for six days. I'm glad you confess we shouldn't take you seriously either.

I'm going to ask you again that you please refrain from harassing this user or making "shill" accusations levying personal attacks, as both are against the rules of this sub you had done against this user in another thread.

With all respect, I did neither. He/she is the one who said that new accounts were "useless since people wouldn't take them seriously." I simply pointed out that this would include their own.

Please clarify: is mentioning the age of an account "harrassment" and thus no longer permitted?

With all respect, I did neither. He/she is the one who said that new accounts were "useless since people wouldn't take them seriously." I simply pointed out that this would include their own.

I see.

Please clarify: is mentioning the age of an account "harrassment" and thus no longer permitted?

You were reported for allegedly harassing this user. After reviewing your post history, I see I was in error in regards to the "shill" accusations, having mistaken you for another user who had made similar statements.

Still, I see two seperate instances, in another thread, wherein you attacked this particular user. I also see he attacked you once in response. All offenses were removed and you were both warned prior, accordingly.

So, I'm going to have to ask that you simply avoid attacking other users, in general.

In regards to the post above:

Says the person who has been a Redditor for six days.

isn't quite a violation.

I'm glad you confess we shouldn't take you seriously either.

could be a violation but is so minor I'm going to leave it, and again just ask that you refrain from attacking other users as you had prior, in another thread, and suggest (not demand, but ask) that you and the other user simply avoid interacting with one another if possible, as you clearly can't seem to agree on much and one or the other appears to typically escalate the situation unnecessarily.

Thank you for understanding.

I appreciate the clarification.

Do you have any actual evidence for this, or is it mere speculation? It seems like mere speculation, but you sound very confident in your idea.

I'm betting on speculation. OP devolves to ad hominems and downvotes VERY quickly.

I apologize for my short temper

Why be such a jerk

getting all pissy and spewy

If you're going to bullshit your way through this debate, at least get your fallacys right.

So why is it you think that so many old accounts are/were suspected of being puppet or shill accounts? Why do you think they were hacked using the Heartbleed exploit?

So why is it you think that so many old accounts are/were suspected of being puppet or shill accounts?

Because I know how to read.

Why do you think they were hacked using the Heartbleed exploit?

Ask the mods. They can tell you.

You're not an expert in networking, so I won't take anything you say seriously.

Well, you haven't in any way convinced anyone besides your votebots that you know what you're talking about re:heartbleed (you don't appear to even be able to speak to it or even defend your own claims, which is kind of weird), but you are apparently definitely an expert in not admitting you're talking out yer ays, haha. So good deal, persona_manager!

I sincerely hope this isn't just a test of your "persona management" software, though. But just in case it is, Hey, Eliza! Good to see you again!

You: You're wrong because I said so, and SSL doesn't work like that. But I'm not an expert and can't back up anything I've said so far. Because I'm not an expert, but you're still wrong.

Funny how you deny my theory and call me a shill at the same time. LOL

You didn't say it was a theory, you said it was a fact. But continue to provide no basis. It's just weird. Why go to all the effort to call me names vs. just saying why you think there are a bunch of accounts pwned using heartbleed? That's big news, share the deets.

What name did I call you? Was I the one apologizing?

How many clicks will it take for you to even add a sentence to defend your central premise vs. insulting me? It's like the licks to get to the center of a tootsie roll pop.

You still fail to mention where I insulted you and with what.

You still fail to mention any data or even opinion that would support your initial post.

Why did you lie about me insulting you?

...

So...again, why are you spending so much time in this thread insulting me vs. defending your central premise? Can you even add more than "mystery solved" to defend it?

I have no reason to indulge people who legitimatelly insult me, lie about it, and with no expertise in networking.

If my premise doesn't make sense to you then you need to better equip yourself before getting into a debate about a subject you know nothing about. You're a waste of my time.

This thread has been linked to from elsewhere on reddit.

• [/r/Retards] Any evidence? No? Of course not. Now go on your way vote brigading when other subreddits laugh at you. Keep collecting those shadowbans while you can before your subreddit gets banned for the next bix doxxing attempt.

^{I am a bot. Comments? Complaints? Message me here. I don't read PMs!}

A hateful sub which takes its name from a bigoted slur claiming the moral high ground. I never thought I'd see the day...

16 upvotes - you guys are killing me -- do y'all not know anything about how the Internet works and network security in general?

I don't recall any admin saying that accounts were hacked.

The "immediately change your password" announcement was SOP for any website confirmed with the vulnerability. It doesn't confirm that any accounts were actually compromised.

A+B=C doesn't necessarily apply to this topic.

[deleted]

Yes I will.

[deleted]

It's not hard to read that you know.

might be for a machine

But...but...he comes...

:(

My man. You have to provide evidence.

I doubt they would need to look too far for passwords.

OP please tell me you are trolling and we can all have a big laugh

Can you show any of these accounts?

Yet more entirely unsubstantiated claims, without a shred of evidence to back them up.

And let me guess, everything you learned about the Heartbleed SSL vulnerability, you learned from the MSM, which you have claimed is inherently unreliable.

I'm pretty sure Reddit has just been selling deactivated accounts to PR firms and other paid interests.

Did you do your homework? Or is spoon feeding the norm where you come from?