International Skeptics Forum

International Skeptics Forum (http://www.internationalskeptics.com/forums/forumindex.php)
-   USA Politics (http://www.internationalskeptics.com/forums/forumdisplay.php?f=6)
-   -   Merged: What is Parler? / Parler gets owned (http://www.internationalskeptics.com/forums/showthread.php?t=348919)

JoeMorgue 11th January 2021 09:45 AM

Quote:

Originally Posted by Wudang (Post 13356801)
Nah, it's a corrolary to Hanlon's Law "never attribute to malice that which is adequately explained by stupidity".

The problem is stupidity and malice become the same thing at a certain point.

plague311 11th January 2021 09:46 AM

Quote:

Originally Posted by cow_cat (Post 13356792)
Even so, jpeg pictures tied to jpeg EXIF data tied to accounts tied to the front and back of driving licenses. Oops...

Oh yeah, plenty of information to use that the MACs aren't needed at all.

If I'm understanding the thread on twitter correctly, I'm admittedly not as good with linux, and OSINT tool readouts as I should be, but it appears they're emulating it. It sounds like they're going to host the data, and I'm a bit curious if they'll do it in just a searchable format or emulate the app without any restrictions on what data is shown. Just show it all.

Segnosaur 11th January 2021 09:56 AM

Quote:

Originally Posted by plague311 (Post 13356824)
Oh yeah, plenty of information to use that the MACs aren't needed at all.

If I'm understanding the thread on twitter correctly, I'm admittedly not as good with linux, and OSINT tool readouts as I should be, but it appears they're emulating it. It sounds like they're going to host the data, and I'm a bit curious if they'll do it in just a searchable format or emulate the app without any restrictions on what data is shown. Just show it all.

I wonder if they might want to be careful that they don't accidentally 'dox' someone who doesn't deserve it.

I recognize Parler was a "Wretched Hive of scum and villainy", and that anyone who participated in the rallies (either breaking into the capitol, or even attending the speeches) deserves to be exposed. But, there may have been people on it who were innocent (i.e. who didn't go to the rallies, who may have even signed up for the service before they realized who it was catering to) that may not deserve to have their data exposed.

Sherkeu 11th January 2021 09:57 AM

Weird thing about Parler:

I signed up to see what was in there and the next day I got a notification from twitter that my account there had an attempted access via invalid password. That might not seem too coincidental to some but I have not logged on to that twitter account for at least 8 years and had no notifications until joining Parler.

Deleted!!!

slyjoe 11th January 2021 09:59 AM

Quote:

Originally Posted by Sherkeu (Post 13356845)
Weird thing about Parler:

I signed up to see what was in there and the next day I got a notification from twitter that my account there had an attempted access via invalid password. That might not seem too coincidental to some but I have not logged on to that twitter account for at least 8 years and had no notifications until joining Parler.

Deleted!!!

You wish. Parler didn't delete anything. There's a chance you may be part of the download.

Mader Levap 11th January 2021 10:06 AM

Quote:

Originally Posted by Sherkeu (Post 13356845)
Weird thing about Parler:

I signed up to see what was in there and the next day I got a notification from twitter that my account there had an attempted access via invalid password. That might not seem too coincidental to some but I have not logged on to that twitter account for at least 8 years and had no notifications until joining Parler.

Deleted!!!

Most likely bots trying to break into accounts on Twitter. There is a lot of people that use same password for many things. Considering trumpanzees aren't sharpest tool in the shed, it is quite likely many of them will use same login and password for both Parler and Twitter.

BTW that would strongly imply they have passwords as plaintext. Yay...

Squeegee Beckenheim 11th January 2021 10:07 AM

Wrong thread.

Guybrush Threepwood 11th January 2021 10:08 AM

Quote:

Originally Posted by slyjoe (Post 13356847)
You wish. Parler didn't delete anything. There's a chance you may be part of the download.

Yep, I could be too, I joined to follow one of our own wackadoodles who'd been kicked off Twitter, but she wasn't as entertaining without user feedback.

I never parlayed anything though so hopefully I'm safe from the men in black. :boggled:

Segnosaur 11th January 2021 10:10 AM

Quote:

Originally Posted by Guybrush Threepwood (Post 13356862)
I never parlayed anything though so hopefully I'm safe from the men in black. :boggled:

What, you mean johnny cash was a Parler user?

slyjoe 11th January 2021 10:12 AM

Quote:

Originally Posted by Guybrush Threepwood (Post 13356862)
Yep, I could be too, I joined to follow one of our own wackadoodles who'd been kicked off Twitter, but she wasn't as entertaining without user feedback.

I never parlayed anything though so hopefully I'm safe from the men in black. :boggled:

You probably are if you don't use the same password on Parler as elsewhere. If you do, change your other passwords.

slyjoe 11th January 2021 10:13 AM

Quote:

Originally Posted by Segnosaur (Post 13356865)
What, you mean johnny cash was a Parler user?

He was the man in black.
Will Smith and Tommy Lee Jones (and others) were the MEN in black.

:D

Segnosaur 11th January 2021 10:26 AM

Quote:

Originally Posted by slyjoe (Post 13356870)
Quote:

I never parlayed anything though so hopefully I'm safe from the men in black.
Quote:

What, you mean johnny cash was a Parler user?
He was the man in black.
Will Smith and Tommy Lee Jones (and others) were the MEN in black.

I thought that was Jessie Venture and Alex Trebek.

(see: Nerdist.com

uke2se 11th January 2021 10:37 AM

How to defeat an insurrection:

1. Cut off the traitor's lines of communication.
2. Defeat them in detail.

This is beautiful work.

Safe-Keeper 11th January 2021 11:11 AM

While I do consider this good news, my worry is that it will also entrench them even further. They already view the closing of Trump's account, and social media's removal of hateful and misleading posts as censorship of their opinions. This could be easily construed as a hostile attack on their freedom of speech by Them (whoever you want to use to fill in that blank - communists, Biden, Deep State, what have you).

Also, while I don't mind the FBI gaining access to the Parler database, I've got misgivings about all this personal information just being released into the public. You just know the Internet mob will descend on some of these people, quite possibly disrproportionally to what they've actually done.

As for losing Parler... is this something that's easily replaced, or is it actually a significant blow to them?

Agatha 11th January 2021 11:15 AM

1 Attachment(s)
Quote:

Originally Posted by uke2se (Post 13356899)
How to defeat an insurrection:

1. Cut off the traitor's lines of communication.
2. Defeat them in detail.

This is beautiful work.

3. But before you do 1 and 2, create an account that purports to be from the "White House Pardon Attorney" and request that anyone who was in the Capitol Building and might be in need of a pardon should reply, listing their name, their city and their transgression (eg vandalism, theft, pipe bombs...)

You will be unsurprised to learn that several geniuses did indeed reply to this post with their details and what they did.

plague311 11th January 2021 11:27 AM

Quote:

Originally Posted by slyjoe (Post 13356847)
You wish. Parler didn't delete anything. There's a chance you may be part of the download.

If we're being fair, there aren't many social media sites that do delete things entirely. I was actually unaware of that until I started digging into this hack.

Quote:

Originally Posted by Safe-Keeper (Post 13356930)
Also, while I don't mind the FBI gaining access to the Parler database, I've got misgivings about all this personal information just being released into the public. You just know the Internet mob will descend on some of these people, quite possibly disrproportionally to what they've actually done.

Quote:

Originally Posted by Segnosaur (Post 13356842)
I wonder if they might want to be careful that they don't accidentally 'dox' someone who doesn't deserve it.

I recognize Parler was a "Wretched Hive of scum and villainy", and that anyone who participated in the rallies (either breaking into the capitol, or even attending the speeches) deserves to be exposed. But, there may have been people on it who were innocent (i.e. who didn't go to the rallies, who may have even signed up for the service before they realized who it was catering to) that may not deserve to have their data exposed.

There will undoubtedly be collateral damage with the release as there was with the Ashley Madison release. Which, I agree, completely sucks but it shouldn't be too hard to show you weren't a piece of **** if your name pops up. When they release the data I'd assume you'd be able to do a content search, especially if they emulated it. My impression is they won't just be doing a username\email dump, but it'll show what was posted and when.

I have mixed feelings on it but overall if I had no intentions of being a contributor and I just wanted to lurk, I wouldn't be doing it under a legit email and my name. I also wouldn't be sending in my drivers license to have it verified.

Horatius 11th January 2021 11:34 AM

Quote:

Originally Posted by Safe-Keeper (Post 13356930)
While I do consider this good news, my worry is that it will also entrench them even further.



Well, this is the problem with trying to deal with stupid and evil people. Anything you do will make them entrench even further. Anything less than complete acquiescence to their demands will be met with cries of horror and calls for violence.

These people need to be defeated hard enough that they finally get the message, no matter how stupid they are. It is not going to be easy, it is not going to be pleasant, but it simply must be done. Worrying about how they will react is of no use, because they will react the same way no matter what we do.

plague311 11th January 2021 11:36 AM

Quote:

Originally Posted by Horatius (Post 13356959)
Worrying about how they will react is of no use, because they will react the same way no matter what we do.

These past 4 years have proven this point repeatedly.

Wudang 11th January 2021 11:54 AM

Quote:

Originally Posted by Agatha (Post 13356936)
3. But before you do 1 and 2, create an account that purports to be from the "White House Pardon Attorney" and request that anyone who was in the Capitol Building and might be in need of a pardon should reply, listing their name, their city and their transgression (eg vandalism, theft, pipe bombs...)

You will be unsurprised to learn that several geniuses did indeed reply to this post with their details and what they did.


<swoon> That is beautiful.


Official link saying it's not the WH.

https://www.justice.gov/opa/pr/state...ardon-attorney

acbytesla 11th January 2021 11:56 AM

Quote:

Originally Posted by plague311 (Post 13356953)
If we're being fair, there aren't many social media sites that do delete things entirely. I was actually unaware of that until I started digging into this hack.

Most companies of a certain size and larger perform automatic backups. Incrementals and Full backups. As a salesman selling automatic backup solutions I often started Sales presentations with this joke. There are two kinds of computer users. Those who do backups and those that will.

Any responsible company usually can reproduce databases in hours if not less. Since Parlor was hosted by Amazon, there is a good bet that deleting their data is almost a waste of time as it probably can be reproduced through a backup restoration process.

smartcooky 11th January 2021 12:03 PM

Quote:

Originally Posted by plague311 (Post 13356738)
In their defense, they were really terrible at programming, network security, and data encryption, but if it helps, they also lost their services so fast I don't think they had a chance.

From what I've read in a few spots, it sounds like their 2FA and email verification provider stopped providing them the service. This meant accounts could be created without any registration process at all. Someone used that to figure out how to create an account with admin privileges (I still haven't figured that one out) and then scripted it to make a ton of admin accounts, which have the perms to download everything. They also never actually deleted posts that were "deleted" through the app, they just changed the visibility bit to false. Meaning nothing was ever really deleted and people "verified" their accounts using their state issued ID's. It's just terrible all around.

The right move would have been to just shut it off once you realized your services vendors were dropping you. They didn't, now they'll pay the price.

If you can break into the database, then you can create an ordinary user account and then hack that account into becoming an admin by setting the necessary flags in your permissions. Once you have done that, you can use your admin permissions to allow the running of scripts, and use a script to create literally hundreds of thousands of admin accounts so that the real admins cannot lock you out.

smartcooky 11th January 2021 12:08 PM

Quote:

Originally Posted by cow_cat (Post 13356792)
I was wondering that while I was typing. I thought I saw something on a tweet earlier today mentioning MAC address information. I couldn't locate my source (and even if I could - it's twitter), so that's why I surrounded it with a "maybe". See - conditional language that completely absolves me of any wrongdoing, perceived or implied!

Even so, jpeg pictures tied to jpeg EXIF data tied to accounts tied to the front and back of driving licenses. Oops...


Oh dear. This is a digital "here I am, come and get me"

Skeptic Ginger 11th January 2021 12:14 PM

Quote:

Originally Posted by The Great Zaganza (Post 13356790)
If I was a Conspiracy Nut, I might think that the FBI created Parler as a trap ...

They should have left it up a bit longer but I doubt the FBI had the wherewithal to ask the media companies involved to wait.

Or maybe they did and that's why Parler was given 24 hours notice.

smartcooky 11th January 2021 12:14 PM

Quote:

Originally Posted by Safe-Keeper (Post 13356930)
While I do consider this good news, my worry is that it will also entrench them even further. They already view the closing of Trump's account, and social media's removal of hateful and misleading posts as censorship of their opinions. This could be easily construed as a hostile attack on their freedom of speech by Them (whoever you want to use to fill in that blank - communists, Biden, Deep State, what have you).

Also, while I don't mind the FBI gaining access to the Parler database, I've got misgivings about all this personal information just being released into the public. You just know the Internet mob will descend on some of these people, quite possibly disrproportionally to what they've actually done.

As for losing Parler... is this something that's easily replaced, or is it actually a significant blow to them?

It could be, because after all this has happened, and they have been burned so badly, large numbers of them might not trust any "Parler replacement" platform. There are already rumours circulating among some conservative discussion boards that "Parler" was a honey trap set by "them". This was mooted as a possibility as early as June last year!

http://voxday.blogspot.com/2020/06/parler-is-trap.html

Skeptic Ginger 11th January 2021 12:19 PM

Quote:

Originally Posted by Upchurch (Post 13356805)
If I were the FBI and Parler was my trap, I would have kept the doors open as long as possible. Certainly until after the inauguration and at least to for a good period of time after to try to catch more terrorist plans in the works.

Or, they would be monitoring the people who were cut off to find where they would migrate to next, revealing more alt-right platforms. :idea:

Skeptic Ginger 11th January 2021 12:23 PM

Quote:

Originally Posted by Sherkeu (Post 13356845)
Weird thing about Parler:

I signed up to see what was in there and the next day I got a notification from twitter that my account there had an attempted access via invalid password. That might not seem too coincidental to some but I have not logged on to that twitter account for at least 8 years and had no notifications until joining Parler.

Deleted!!!

Did you submit a picture ID in order to register?

Though it seems like it would be so easy to photoshop a fake ID.

Skeptic Ginger 11th January 2021 12:25 PM

Quote:

Originally Posted by Guybrush Threepwood (Post 13356862)
Yep, I could be too, I joined to follow one of our own wackadoodles who'd been kicked off Twitter, but she wasn't as entertaining without user feedback.

I never parlayed anything though so hopefully I'm safe from the men in black. :boggled:

Photo ID submitted? :confused:

Skeptic Ginger 11th January 2021 12:27 PM

Quote:

Originally Posted by slyjoe (Post 13356868)
You probably are if you don't use the same password on Parler as elsewhere. If you do, change your other passwords.

I started using unique passwords years back but I had a couple of accounts with an old password I had used on more than one account.

I got an email that used that password as who it was from.:jaw-dropp

I changed the rest of them.

plague311 11th January 2021 12:28 PM

Quote:

Originally Posted by acbytesla (Post 13356988)
Most companies of a certain size and larger perform automatic backups. Incrementals and Full backups. As a salesman selling automatic backup solutions I often started Sales presentations with this joke. There are two kinds of computer users. Those who do backups and those that will.

Yeah, we're pretty small (about 10 servers) and I do backups just because they take about 15 minutes to setup. We do the power of 3 though. On-site, off-site, and cloud based. Though the cloud is technically my house.

Quote:

Originally Posted by acbytesla (Post 13356988)
Any responsible company usually can reproduce databases in hours if not less. Since Parlor was hosted by Amazon, there is a good bet that deleting their data is almost a waste of time as it probably can be reproduced through a backup restoration process.

I'm not entirely sure what will go into reproducing this database, but I can't imagine it'll be easy. It's a massive amount of data. We'll see though, they've promised to host it.

JoeMorgue 11th January 2021 12:30 PM

I'm actually legit surprised we haven't gotten the media being all up in arms about the "Dark Web." It was one of their most favoritest scare words for a while there.

But I sorta doubt an Tor session is within the brainpan of most of these people.

plague311 11th January 2021 12:30 PM

Quote:

Originally Posted by Skeptic Ginger (Post 13357033)
Did you submit a picture ID in order to register?

Though it seems like it would be so easy to photoshop a fake ID.

No one had to submit a photo to register, they had to submit a photo if they wanted to be a "verified citizen" or whatever it was. The photo had to match the account information. I really doubt more than a couple hundred people went through the process. Really I'd say it would only be the people that intended to be influencers and make money off of it.

Skeptic Ginger 11th January 2021 12:32 PM

Quote:

Originally Posted by Safe-Keeper (Post 13356930)
While I do consider this good news, my worry is that it will also entrench them even further. They already view the closing of Trump's account, and social media's removal of hateful and misleading posts as censorship of their opinions. This could be easily construed as a hostile attack on their freedom of speech by Them (whoever you want to use to fill in that blank - communists, Biden, Deep State, what have you).

Because of course they don't think that now. :rolleyes:

Quote:

Originally Posted by S-K
Also, while I don't mind the FBI gaining access to the Parler database, I've got misgivings about all this personal information just being released into the public. You just know the Internet mob will descend on some of these people, quite possibly disrproportionally to what they've actually done.

Doxxing sucks. Isn't there a law against it? There should be.

Skeptic Ginger 11th January 2021 12:34 PM

Quote:

Originally Posted by Agatha (Post 13356936)
3. But before you do 1 and 2, create an account that purports to be from the "White House Pardon Attorney" and request that anyone who was in the Capitol Building and might be in need of a pardon should reply, listing their name, their city and their transgression (eg vandalism, theft, pipe bombs...)

You will be unsurprised to learn that several geniuses did indeed reply to this post with their details and what they did.

Ding ding ding....
Great idea!

plague311 11th January 2021 12:38 PM

Quote:

Originally Posted by Skeptic Ginger (Post 13357057)
Doxxing sucks. Isn't there a law against it? There should be.

I'm not sure if there's a thread for it, but this is kind of a grey area. There isn't anything specifically against doxing unless it's in the form of some type of harassment. I don't know that the actual act of doxing is illegal, but the results of doxing could be illegal. State laws vary, and as far as I know, there's nothing federal on the books. Might be worthy of its own thread.

Skeptic Ginger 11th January 2021 12:39 PM

Quote:

Originally Posted by Wudang (Post 13356987)
<swoon> That is beautiful.


Official link saying it's not the WH.

https://www.justice.gov/opa/pr/state...ardon-attorney

Quick, send a followup saying that denial was part of the Deep State because they don't want Trump to pardon you. :p

Segnosaur 11th January 2021 12:43 PM

Quote:

Originally Posted by acbytesla (Post 13356988)
Quote:

If we're being fair, there aren't many social media sites that do delete things entirely. I was actually unaware of that until I started digging into this hack.
Most companies of a certain size and larger perform automatic backups. Incrementals and Full backups. As a salesman selling automatic backup solutions I often started Sales presentations with this joke. There are two kinds of computer users. Those who do backups and those that will.

Any responsible company usually can reproduce databases in hours if not less. Since Parlor was hosted by Amazon, there is a good bet that deleting their data is almost a waste of time as it probably can be reproduced through a backup restoration process.

There are different ways that a database can be 'backed up'...

What you are mentioning here (incremental/full database backups) I am sure are done regularly. But, in order for someone to hack into them, they'd probably have to go in through the operating system or database.

The other way is within the database itself... create tables that create audit logs of changes. Or design your database so that records are never deleted, but you have a field that indicates "this record is active" or "this is deleted". They don't need the database-level backups to do this... and to hack into it you can probably go through the application.

From the description, It appears that the hacks into Parler were of the second type... not involving database backups but just hacking into existing data.

acbytesla 11th January 2021 12:54 PM

Quote:

Originally Posted by plague311 (Post 13357045)
Yeah, we're pretty small (about 10 servers) and I do backups just because they take about 15 minutes to setup. We do the power of 3 though. On-site, off-site, and cloud based. Though the cloud is technically my house.

:thumbsup:
We use to preach 'defense in depth' which included off site backups.
Quote:

Originally Posted by plague311 (Post 13357045)
I'm not entirely sure what will go into reproducing this database, but I can't imagine it'll be easy. It's a massive amount of data. We'll see though, they've promised to host it.

Some are much easier than others. A qualified and trained IT staff should be able to do it relatively easily. Minimizing downtime is everything. The most professional IT departments practice data restoration drills.

I'm not in the industry any more, but the one constant is change. Still, certain things are unlikely to change. One thing that proves to be true over and over again is the permanence of data. Many a CEO has sent an incriminating email and attempted purges of that data only for some computer forensics company uncover it.

I'm oversimplifying everything and there may be some reason why I am wrong and people can permanently delete those incriminating posts. But I wouldn't bet on that,

acbytesla 11th January 2021 12:57 PM

Quote:

Originally Posted by Segnosaur (Post 13357070)
There are different ways that a database can be 'backed up'...

What you are mentioning here (incremental/full database backups) I am sure are done regularly. But, in order for someone to hack into them, they'd probably have to go in through the operating system or database.

The other way is within the database itself... create tables that create audit logs of changes. Or design your database so that records are never deleted, but you have a field that indicates "this record is active" or "this is deleted". They don't need the database-level backups to do this... and to hack into it you can probably go through the application.

From the description, It appears that the hacks into Parler were of the second type... not involving database backups but just hacking into existing data.


Now we're getting in the weeds.:D. :thumbsup: ;)

Guybrush Threepwood 11th January 2021 01:04 PM

Quote:

Originally Posted by Skeptic Ginger (Post 13357036)
Photo ID submitted? :confused:

If you read the articles photo ID was for an account with the parler equivalent of a blue tick proving you were the real you.
Since I am a complete non-entity there didn't seem much point in getting a tick to show I really was a specific non-entity.
So no photo ID.

DevilsAdvocate 11th January 2021 09:21 PM

Quote:

Originally Posted by Wudang (Post 13356746)
It's worth reading the twitter feed from https://twitter.com/donk_enby


Python script to create users at https://gist.github.com/d0nk/7251444...9cc69987070e21

Whoa! And also...Damn!

That's just amazing.


All times are GMT -7. The time now is 10:08 PM.

Powered by vBulletin. Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2015-20, TribeTech AB. All Rights Reserved.