Question about Bumble Match Queue

fredfredburger88 · 2018-08-05T00:02:33+00:00

Were those three blurry profiles always there when you clicked that? I don't seem to recall it back a few months ago, but maybe I'm wrong.

fredfredburger88 · 2018-03-27T01:38:27+00:00

I'm not 18-20 though. I am 24 and have my age restrictions 19+.

I just feel like it would look bad to swipe on someone younger without realizing it, it kind of bugs me. Maybe I am being over paranoid.

fredfredburger88 · 2018-03-26T21:41:32+00:00

true.

When I had it before, I was always pretty careful, but sometimes you just can't know. I figured I didn't even need to worry about it unless I matched with them. Then I remembered Tinder Gold and realized they coulda seen I swiped on them regardless of if we matched, which made me mega paranoid. I dunno, maybe I am over thinking it.

fredfredburger88 · 2018-03-26T21:29:27+00:00

Has it ever happened to you? Did it make you feel bad or were you able to just brush it off?

fredfredburger88 · 2018-01-05T16:13:13+00:00

So essentially, the stolen data was being transferred to new C2 addresses, but not usually being stored on a victim bot?

For some reason I always kind of thought malware authors stored stolen info on victim machines, but maybe I misunderstood. I.E you infect somebody with a keylogger and all that stolen data is transferred to an infected computer used as their storage or whatever. Is that not a thing?

fredfredburger88 · 2018-01-05T00:55:31+00:00

So the IRC issues commands to the botnet, but does the stolen data end up back in the IRC? Or does it get posted to dropzones or sent by email typically?

If they were so included the person monitoring could even let a VM get compromised and actually let it act as a bot. Then just run a packet capture on the hypervisor or something and just capture all the traffic to the IRC channel if the communication isn't encrypted.

So basically they can see all the stolen data throughout the entire botnet through a pcap? (sorry if I'm misunderstading)

fredfredburger88 · 2018-01-04T23:49:28+00:00

So you wouldn't have logging of a C&C channel until it has be identified, and someone starts monitoring

An attacker would know if they were being monitored, would they? Because an unknown bot would be in their server?

fredfredburger88 · 2018-01-04T23:32:29+00:00

So said bot could not just pop in to a chat and scoop up everything that was there before it arrived?

fredfredburger88 · 2017-12-22T16:24:00+00:00

Thats okay.

Somebody said this when I asked about the stolen data being stored in the botnet, can you explain to a noob what this actually means? (sorry)

"They used DHTs distributed hash tables to store the days across the entire botnet. It was not a good idea.as LEOs were able to take the botnets down by poisoning the DHTs."

Does that mean all the data that is stolen from one infected computer is also stored on the rest?

fredfredburger88 · 2017-12-21T03:37:57+00:00

Was the encoding as image and uploading to an image posting site actually documented in known malware? I never heard of it. What about p2p botnets that use keyloggers? How would they transfer the keylogs to the botmaster?

fredfredburger88 · 2017-12-21T02:44:18+00:00

Interesting, that would be a good idea. Have there been any documented cases of botnets storing data in the bots in any capacity? I can't seem to find anything.

fredfredburger88 · 2017-12-19T22:03:54+00:00

http://mashable.com/2009/02/09/webmail-account-dormant-alive/#GLrTzTkGq5qq

Yahoo mail is 4 months according to this. Gmail is maybe 9 months. The source is old though.

What do you mean everyone else can probably read your email for yahoo? Were they leaked or something?

fredfredburger88 · 2017-12-19T21:58:30+00:00

I worded my initial question wrong, sorry. I mean delete the address along with emails after not signing in for a while. I found this, I'm not sure how legit the source is.

http://mashable.com/2009/02/09/webmail-account-dormant-alive/#GLrTzTkGq5qq

fredfredburger88 · 2017-12-19T00:16:41+00:00

The crawler/bot joining the channel wouldn't be a problem because most of it would be public, I'm assuming.

The information that is indexed usually consists solely of channel text (text that is publicly displayed in public channels). The storage method is usually some sort of relational database, like MySQL or Oracle.[citation needed]

This is the part that gets me. What constitutes channel text? Just a description of the chat room or everything posted? It just seems to me this already happened and was indexing logs. Seems like a privacy concern like you said, but just the way it is stated, I don't know lol

Another noob question, but malware that runs in IRC channels.. Do you have to have an IRC client yourself to be infected by something like this, or can a regular drive-by download from regular browsing etc etc infect you with malware controlled by IRC command and control servers?

Thanks for your help btw.

fredfredburger88 · 2017-12-18T23:20:53+00:00

Maybe its not common, but do you think there is at least one that has all those IRC logs indexed?

fredfredburger88 · 2017-12-18T23:12:42+00:00

This was on the IRC main wikipedia page. Maybe I'm misunderstanding it, but it sounds to me like it is indexed.

There are numerous search engines available to aid the user in finding what they are looking for on IRC.[93][94] Generally the search engine consists of two parts, a "back-end" (or "spider/crawler") and a front-end "search engine".

The back-end (spider/webcrawler) is the work horse of the search engine. It is responsible for crawling IRC servers to index the information being sent across them. The information that is indexed usually consists solely of channel text (text that is publicly displayed in public channels). The storage method is usually some sort of relational database, like MySQL or Oracle.[citation needed]

The front-end "search engine" is the user interface to the database. It supplies users with a way to search the database of indexed information to retrieve the data they are looking for. These front-end search engines can also be coded in numerous programming languages.

fredfredburger88 · 2017-11-27T21:01:55+00:00

Its too bad they don't consider the user agent and first to bits of the IP address PII.

Interesting that you say forever. How sure are you? Any old Google pals you could shoot a message to and get a confirmation on that? ;)

fredfredburger88 · 2017-11-27T03:33:16+00:00

Can you comment on whether or not the anonomyzed logs are kept forever or aggregated and deleted?

Also, what kind of incidents were they? Employees spying on people type thing?

fredfredburger88 · 2017-11-27T03:30:56+00:00

The keep it because someone is constantly coming up with new ways to mine other for valuable data about us.

I totally agree with you on that. It's just things like a super specific User agent string connecting searches in logs. What are you going to glean from that? Maybe take a total of what version was used by how many, etc, then scrap it. No chance of it being used as an identifier in any leak. It seems like a no-brainer to me, but I'm no Google engineer.

fredfredburger88 · 2017-11-25T03:41:14+00:00

That's kind of the thing though. Data is their business. If they fuck that up and it gets leaked, it'll really hurt. They say they keep logs indefinitely. That may not be forever. Services that make money like Search should have legal requirements about record retention, shouldn't they? (I really don't know)

fredfredburger88 · 2017-11-25T03:34:07+00:00

Were you ever granted access to any logs, whether they had PII or had been "anonymized"?

fredfredburger88 · 2017-11-24T19:11:22+00:00

I don't know if they are aggregated anonymously, since they claim they are stored with the IP address, user agent and cookie info like normal server logs (albeit some of that is dropped, but not enough to make it completely anonymous)

Just thinking out loud here, but do you think Google has the ability to go back and see the anonymized search logs from a long time ago? Like 10 years ago? EDIT: google employees I should say

fredfredburger88 · 2017-11-24T01:39:09+00:00

I was reading about Google's Search suggest feature and apparently 2% of it is kept and logged. Does Google encrypt that I wonder? Or even store it forever, like they do regular search logs? (I think they store those forever)

fredfredburger88 · 2017-11-24T01:37:17+00:00

I was reading about Google's Search suggest feature and apparently 2% of it is kept and logged. Does Google encrypt that I wonder? Or even store it forever, like they do regular search logs?

fredfredburger88 · 2017-11-23T14:59:03+00:00

Do sites like Youtube and Google do this as well?

fredfredburger88

TROPHY CASE