If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(IT World)   Swedish politicians leave racist comments on far-right website; identities revealed by Disqus security flaw   (itworld.com) divider line 98
    More: Fail, Disqus, Swedish, swedish politicians, users, API, security  
•       •       •

5656 clicks; posted to Main » on 11 Dec 2013 at 1:08 PM (37 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



98 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2013-12-11 10:29:50 AM
"Also, it is possible, but difficult, to convert MD5 hashes back to their original value"

I'm just going to leave that there...
 
ZAZ [TotalFark]
2013-12-11 11:16:28 AM
Reminds me of the Ohio judge who sued a newspaper for $50 million after she was revealed as the author of online comments about an active case in her court, as well as other, racist comments. (The newspaper won, she got a payment from another defendant.)
 
2013-12-11 11:25:46 AM
Ah the joys of rainbow tables.

It's also fun to see hackers being creative and using a weakness of one service combined another weakness of another service to gain access to something that is supposedly secure.
 
2013-12-11 12:32:00 PM
But Sweden is a liberal heaven, with socialized medicine and unicorns farting rainbows.
 
d23 [TotalFark]
2013-12-11 01:10:23 PM
ghost19.files.wordpress.com
 
2013-12-11 01:10:38 PM

Flab: Ah the joys of rainbow tables.

It's also fun to see hackers being creative and using a weakness of one service combined another weakness of another service to gain access to something that is supposedly secure.


imgs.xkcd.com
 
2013-12-11 01:13:33 PM
So... Swedes don't have freedom of speech or thought?
 
2013-12-11 01:14:05 PM
So much for Swedish neutrality. It's a good thing Swedish women are still hot.
coedmagazine.files.wordpress.com
 
2013-12-11 01:14:13 PM
The journalists appeared to have abused a feature it used for a third-party service, it said.

Abused?
 
2013-12-11 01:15:43 PM

R.A.Danny: But Sweden is a liberal heaven, with socialized medicine and unicorns farting rainbows.


That what I heard.  IN fact I don't even think things that others miight find offensive even exist in Sweden, like racism or porn.
 
2013-12-11 01:16:21 PM
Who posts 'anonymous' comments online and uses their primary(read identifiable)email?
 
2013-12-11 01:17:01 PM
Who the hell uses a publicly known email address when signing up for these things?
 
2013-12-11 01:18:01 PM
It wouldn't surprise me if American politicians trolled Fark all day long. It's really the only way to explain the Politics tab.
 
2013-12-11 01:18:39 PM

itcamefromschenectady: "Also, it is possible, but difficult, to convert MD5 hashes back to their original value"

I'm just going to leave that there...


Well it's certainly "possible" in the same sense that "anything is possible" - just like a tornado could conceivably pick up a new car and drop it in my driveway while spontaneously swiping a pen across the title in the shape of my signature. Doesn't mean it's ever going to happen in trillions of years, but it's *possible*.

MD5 is considered vulnerable to collision attacks and various other attacks, which is why it is no longer recommended for use in sensitive applications. Real-world attacks have been carried out against systems using MD5 hashes.

That being said, if Gravitar is just using the unsalted MD5 hash of the email addresses, it is trivial to ask "does this email address match this Gravitar?" which would appear to be what they're doing here. Just get a list of known email addresses, hash them, and see if they map to a Gravitar that was associated with one of the posts. Easy to do.
 
2013-12-11 01:18:52 PM
That site uses Disqus
 
2013-12-11 01:18:54 PM

reaperducer: So... Swedes don't have freedom of speech or thought?


Free speech really is a foreign concept to a lot of Europeans. They actually think they have a right to not be offended. It would shock me if Sweden had any form of free speech.
 
2013-12-11 01:19:48 PM
The journalists likely collected the nicknames of commentators from the websites, then pinged Disqus' API to see what MD5 value was returned.

And I would have gotten away with it too if it wasn't for those damn kids and their pesky MD5 values!
 
2013-12-11 01:19:56 PM
This is why I don't use Gravatar, even though WordPress keeps pushing me to do so.

I don't want a single site to hold all my online identities.
 
2013-12-11 01:20:12 PM

R.A.Danny: But Sweden is a liberal heaven, with socialized medicine and unicorns farting rainbows.


Much in the same way New York is a "blue state" that somehow still has Republicans living in it.

Shocking, I know.
 
2013-12-11 01:20:38 PM

itcamefromschenectady: "Also, it is possible, but difficult, to convert MD5 hashes back to their original value"

I'm just going to leave that there...


Welcome to 1996.  MD5 has been broken for over 15 years now.  There is literally no reason for someone to use it instead of SHA-2/3.
 
2013-12-11 01:24:15 PM
Without knowing what they actually said, I don't know whether I should be outraged at their remarks or outraged at the violation of their privacy,
 
2013-12-11 01:24:29 PM

Gonz: reaperducer: So... Swedes don't have freedom of speech or thought?

Free speech really is a foreign concept to a lot of Europeans. They actually think they have a right to not be offended. It would shock me if Sweden had any form of free speech.


Oh Jesus Christ. Really? You're NOT this stupid, tell me you're invoking Poe's law, right?

Freedom of Speech applies to the Government punishing you for voicing an unpopular opinion. It does NOT, and I repeat, NOT protect you from public/personal consequences because of your unpopular opinion, NOR is it infringed because someone ridicules you, or calls you out for said opinion.

But just in case you're intentionally trying to go full on DERP, here's something you might be interested in:
 
2013-12-11 01:25:03 PM

Valiente: So much for Swedish neutrality. It's a good thing Swedish women are still hot.
[coedmagazine.files.wordpress.com image 318x318]


She looks doable, but there's something about that abandoned marionette pose that makes me wonder if there's a Swedish equivalent of Silent Hill.
 
2013-12-11 01:25:55 PM

bigwf2007: Without knowing what they actually said, I don't know whether I should be outraged at their remarks or outraged at the violation of their privacy,


So you would feel justified violating their privacy if they said something you didn't like?
 
2013-12-11 01:26:24 PM
www.snert.com
"Yeez furdey hurdey minorities gunder immigrants fer da yimmina white race bork bork!"
 
2013-12-11 01:26:33 PM
It's one thing for journalists to expose and report on a security flaw, it's an entirely different thing to exploit the flaw for political purposes.  I say they should be arrested.  That just counts as hacking in my book.
 
2013-12-11 01:26:49 PM

George Babbitt: Who posts 'anonymous' comments online and uses their primary(read identifiable)email?


ToastmasterGeneral: Who the hell uses a publicly known email address when signing up for these things?



Ahem...
"Swedish politicians leave racist comments on far-right website; identities revealed by Disqus security flaw"
 
2013-12-11 01:28:37 PM

hstein3: It wouldn't surprise me if American politicians trolled Fark all day long. It's really the only way to explain the Politics tab.


Yes its true. I, for example, am secretly Joe Biden.
 
2013-12-11 01:28:52 PM

George Babbitt: bigwf2007: Without knowing what they actually said, I don't know whether I should be outraged at their remarks or outraged at the violation of their privacy,

So you would feel justified violating their privacy if they said something you didn't like?


Politicians and public officials are subject to greater public scrutiny because legislation and the force of law can be altered based on their opinions or beliefs. In this case, it's not a matter of "something you don't personally like", but a voiced bias that can affect the way they govern the populace which elected them, many of which are probably the group they show such ire for.

Do you honestly think there's not a difference between a private, individual citizen voicing a racist opinion, versus say a Judge who presides over capital crimes?
 
2013-12-11 01:29:08 PM
I used to think Swedish racism was based on Swedes being so white and not on the skin color of other people.

But hey Sweden had African and American colonies, worked the slave trade and behaved much like any other European superpower.
 
2013-12-11 01:29:20 PM

Cubicle Jockey: George Babbitt: Who posts 'anonymous' comments online and uses their primary(read identifiable)email?

ToastmasterGeneral: Who the hell uses a publicly known email address when signing up for these things?


Ahem...
"Swedish politicians leave racist comments on far-right website; identities revealed by Disqus security flaw"


Yeah, we got that. Who would sign up for an anonymous commenting system such as Disqus with an email that could identify who signed up? I have a Disqus account, it uses an email that I don't use anywhere else.
 
2013-12-11 01:29:45 PM
Salt, Anyone?

A "salt" is a constant value added to something you hash (ideally a secret) to prevent people from guessing what hash goes with what value.

if you don't have salt on your hash, it's your fault.
 
2013-12-11 01:30:31 PM

ToastmasterGeneral: Who the hell uses a publicly known email address when signing up for these things?


People interested in politics typically aren't the sharpest knives in the drawer.
 
2013-12-11 01:32:11 PM

hstein3: It wouldn't surprise me if American politicians trolled Fark all day long. It's really the only way to explain the Politics tab.


It would be less sad than realizing these farkers argue all day long like they're getting paid to do it. Realizing that a tool is willing to threadshiat in the entertainment or geek tabs just because he just hates a politicalparty that much is depressing.
 
2013-12-11 01:32:25 PM

hardinparamedic: George Babbitt: bigwf2007: Without knowing what they actually said, I don't know whether I should be outraged at their remarks or outraged at the violation of their privacy,

So you would feel justified violating their privacy if they said something you didn't like?

Politicians and public officials are subject to greater public scrutiny because legislation and the force of law can be altered based on their opinions or beliefs. In this case, it's not a matter of "something you don't personally like", but a voiced bias that can affect the way they govern the populace which elected them, many of which are probably the group they show such ire for.

Do you honestly think there's not a difference between a private, individual citizen voicing a racist opinion, versus say a Judge who presides over capital crimes?


Policing thoughts is still policing thoughts. We don't root around in public officials bedrooms unless they switch hitting bedrooms. Is that next? Do we start demanding that we wire up all public entity's homes like they are on 'Big Brother DC'?
 
d23 [TotalFark]
2013-12-11 01:33:21 PM

ElLoco: ToastmasterGeneral: Who the hell uses a publicly known email address when signing up for these things?

People interested in politics typically aren't the sharpest knives in the drawer.


These days it's just a matter of how good your hair is and how well you can follow the written instructions given to you by your donors.
 
2013-12-11 01:33:45 PM

George Babbitt: Policing thoughts is still policing thoughts. We don't root around in public officials bedrooms unless they switch hitting bedrooms. Is that next? Do we start demanding that we wire up all public entity's homes like they are on 'Big Brother DC'?


Yes. Public ridicule is EXACTLY like rounding people up and throwing them in jail, or illegal searches and seizures by the Government. That's a TOTALLY not idiotic and clever equivalency you've made there.
 
2013-12-11 01:34:11 PM

Gonz: reaperducer: So... Swedes don't have freedom of speech or thought?

Free speech really is a foreign concept to a lot of Europeans. They actually think they have a right to not be offended. It would shock me if Sweden had any form of free speech.


You must spend a lot of time being shocked.
 
2013-12-11 01:36:20 PM

hardinparamedic: George Babbitt: Policing thoughts is still policing thoughts. We don't root around in public officials bedrooms unless they switch hitting bedrooms. Is that next? Do we start demanding that we wire up all public entity's homes like they are on 'Big Brother DC'?

Yes. Public ridicule is EXACTLY like rounding people up and throwing them in jail, or illegal searches and seizures by the Government. That's a TOTALLY not idiotic and clever equivalency you've made there.


Go rescue a cat from a sewer or something.
 
2013-12-11 01:36:38 PM
I have a friend who has lived in Sweden for 25 years.  When he was first interviewing for jobs by phone from the United States it was pretty common for employers to ask him if he was black or Jewish.
 
2013-12-11 01:36:42 PM
"I believe this with every fiber of my being...but I'll only say it anonymously on the internet."
 
2013-12-11 01:37:22 PM

George Babbitt: Cubicle Jockey: George Babbitt: Who posts 'anonymous' comments online and uses their primary(read identifiable)email?

ToastmasterGeneral: Who the hell uses a publicly known email address when signing up for these things?


Ahem...
"Swedish politicians leave racist comments on far-right website; identities revealed by Disqus security flaw"

Yeah, we got that. Who would sign up for an anonymous commenting system such as Disqus with an email that could identify who signed up? I have a Disqus account, it uses an email that I don't use anywhere else.


I'm with Babbitt.  Hell, depending on the email I used, I might be George or Charlie Babbitt.  The one thing I'm not, is a General.
 
2013-12-11 01:37:48 PM

flak attack: itcamefromschenectady: "Also, it is possible, but difficult, to convert MD5 hashes back to their original value"

I'm just going to leave that there...

Welcome to 1996.  MD5 has been broken for over 15 years now.  There is literally no reason for someone to use it instead of SHA-2/3.


What exactly do you think a 'hash' is? Apart from the kind you get with eggs at a diner.
 
2013-12-11 01:39:55 PM

bigwf2007: Without knowing what they actually said, I don't know whether I should be outraged at their remarks or outraged at the violation of their privacy,


[whynotboth.jpg]

Though I guess you could argue that, as politicians, they are not private citizens and do not have the same right to privacy as most people.

That is a thing outside the USA, right?  The idea that a politician has less of a right to privacy than a private citizen?  So it's less outrageous to publicize comments they made privately?
 
2013-12-11 01:43:40 PM
Sweden democrats?

*looks*

Yep, Sweden Democrats.  The Sverigedemokraterna are described as "immigrant suspicious" and are basically the Swedish tea party.
 
2013-12-11 01:46:33 PM

DROxINxTHExWIND: "I believe this with every fiber of my being...but I'll only say it anonymously on the internet."


www.loc.gov
 
2013-12-11 01:48:33 PM

hstein3: It wouldn't surprise me if American politicians trolled Fark all day long. It's really the only way to explain the Politics tab.


Many of our politicians aren't technically savvy enough to manage that. They leave it to the overzealous staffers.

/non story
 
2013-12-11 01:49:56 PM

Lord Dimwit: itcamefromschenectady: "Also, it is possible, but difficult, to convert MD5 hashes back to their original value"

I'm just going to leave that there...

Well it's certainly "possible" in the same sense that "anything is possible" - just like a tornado could conceivably pick up a new car and drop it in my driveway while spontaneously swiping a pen across the title in the shape of my signature. Doesn't mean it's ever going to happen in trillions of years, but it's *possible*.


I will buy you a year of TotalFark if you can convert79054025255fb1a26e4bc422aef54eb4 back to its original value. Feel free to Google it.
 
2013-12-11 01:52:16 PM

itcamefromschenectady: Lord Dimwit: itcamefromschenectady: "Also, it is possible, but difficult, to convert MD5 hashes back to their original value"

I'm just going to leave that there...

Well it's certainly "possible" in the same sense that "anything is possible" - just like a tornado could conceivably pick up a new car and drop it in my driveway while spontaneously swiping a pen across the title in the shape of my signature. Doesn't mean it's ever going to happen in trillions of years, but it's *possible*.

I will buy you a year of TotalFark if you can convert79054025255fb1a26e4bc422aef54eb4 back to its original value. Feel free to Google it.


While you're at it, can you get back to me with this one as well --> 17yiQqij1ymZ6cdAfz6NsAC1dBdP727EQG
 
2013-12-11 01:55:24 PM

ciberido: bigwf2007: Without knowing what they actually said, I don't know whether I should be outraged at their remarks or outraged at the violation of their privacy,

[whynotboth.jpg]

Though I guess you could argue that, as politicians, they are not private citizens and do not have the same right to privacy as most people.

That is a thing outside the USA, right?  The idea that a politician has less of a right to privacy than a private citizen?  So it's less outrageous to publicize comments they made privately?


I'm pretty sure that celebrities in the US have less of a right to privacy than an ordinary citizen, and politicians are a sort of celebrity.
 
Displayed 50 of 98 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report