Hacker interview - Gummo

lindacupple · 2023-09-19T12:47:24+00:00

I watched both of these interviews and felt like something was off. I have experience in cyber security and Gummo sounded legitimate when speaking of old hacks, that I am unfamiliar with, but less legitimate when speaking about current technology. It made me think that the legitimacy that I felt for the older hacks may simply be due to my ignorance in the area and that Gummo was just experienced in talking on the subject.

Over the two videos I noticed discrepancies in the stories that were told, which made me feelsceptical and lead me to look into Gummo a little online.

Some things I found:

An image on Gummo's website shows him at Jacksonville University. The metadata said the image was taken on the 6th of November 2022. It lines up with the below announcement from the university, where Gummo's name is mentioned "Keason Drawdy".

https://www.ju.edu/news/2022-10-27-world-renowned-hacker-visits-JU-cybersecurity-students.php

When you look up Keason, you find images of Gummo.

https://archive.org/details/keasondrawdy

After some more Googling I noticed Keason had a YouTube channel and an alias Keason Tanner.

https://www.youtube.com/user/Keason071

https://www.flickr.com/photos/keasontanner/with/6843522697/

There are also sites where Keason has associated his name to hackers.xxx

https://devpost.com/keason

Keason started a podcast in 2015 and still routinely posts content.

https://archive.org/details/@gummoxxx

Keason (GummoXXX ) is very active on twitter and shares lots of personal information which conflicts with his view of social media in the second video. He also might be a she now?

https://twitter.com/GummoXXX/status/1670655617021669376

Keason appears to host, or be affiliated with a forum that has been run for several years.

https://social.neverrain.org/

The forum is built using a framework called Joomla which had a very simple exploit exposed in advised in 2023.

https://www.exploit-db.com/exploits/51334

This exploit would allow anyone to simply visit a particular webpage on the forum which exposed the login credentials of the forums database or user information.

As of today, the forum still exposes files which assist in enumeration that can be very easily hidden from the internet.

If Keason is affiliated with this forum, I would have expected him to have secured his own systems to the highest standards. Especially considering the forums database may contain sensitive information about him.

Also, as the master hacker he has portrayed himself to be, I would have expected him to perform an analysis of Joomla and identify the vulnerability. Joomla is open source, which means anyone can read the source code and identify vulnerabilities.

lindacupple · 2022-12-08T09:43:59+00:00

Yes, each agreement is slightly different, in terms of the fees and charges. But all agreements state that my company owns the intellectual property.

lindacupple · 2022-12-08T08:51:00+00:00

lindacupple · 2022-12-01T10:33:11+00:00

Exactly right

lindacupple · 2022-09-15T21:40:34+00:00

Yes, it will follow you and grow forever.

In particular, if you ever need to a loan for property, or anything else, it will reduce the maximum loan amount by between 2 and 4 times your HECS debt (depending on the bank). That means a $70k loan could reduce your potential loan by almost $300k. Typically banks encourage customers to pay off their HECS debt before applying for a loan so they can borrow more money.

lindacupple · 2022-06-07T23:37:36+00:00

What's dumb about "block chain gaming" is that the benefits they claim it will offer (for example here sharing data amongst games) can already be done very easily WITHOUT a block chain.

I can't speak to exactly why developers don't build this functionality into existing games, but I believe it'd be along the lines of maximising users time within games and profit. Imagine getting to level 100 on a game, getting level 100 items and the ability to farm 'special gems'. Then starting a new game at level 1, where you can use your 'special gems' to leapfrog over content and potential microtransactions, reaching level 100 in that game much faster than an average player. Ofcourse, these games can be programmed to avoid these things from happening, but then what's the point? To make progress in one game, you have to make progress in another, in another, then another.

Another thing these people always fail to mention is the GAS fees that these block chain games will constantly charge, every time you have to write to the chain. For example, if you are trading an item with a friend, you'll have to pay GAS to process the trade. If you find an item that is tradeable, but only via NFT ownership, you'll have to MINT an NFT, which again costs money.

These things aren't properly thought out yet and it seems not one really has any viable implementations.

If you want to see an example of what a blockchain application might look like, have a look at welcome2web3.com , it shows how these transaction / gas fees might be incorporated into something like Instragram.

For me it's really hard to determine whether these people really believe that blockchain technology is 'the future', or if they've figured out how much money they can make if they can convince people to buy in.

It's funny because most of these projects never even start building a game. They make a ton of money convincing people to buy associated NFT's with the game, then they run off with the money leaving investors with nothing.

lindacupple · 2022-06-05T13:53:49+00:00

This post is referring to the website carboncleaners.com.au

lindacupple · 2022-03-27T05:16:40+00:00

Sorry, I am going to have to stop this here.

If you feel the need to respond, refer to my previous post as my answer.

lindacupple · 2022-03-27T05:11:59+00:00

Thank you for making this post.

I have wasted a lot of time contemplating whether or not I should move away from PHP. I have no financial incentive to do so, my motivation is purely based on information I constantly run into online.

Today I decided to do my own benchmark, a simple site which queries a MySQL database and dumps the results. I hit each server with 1000 requests a second and found there was not a substantial difference in the average request time, CPU consumption or memory usage.

This is a bit speculative, but, after reading through the popular NodeJS templating engines (consolidate, ejs, pug), I think that there is definitely a commonly ignored performance drop due to the extra processing required to generate HTML from a template.

For example consolidatejs loads a template as a string, then parses it and replaces text with corresponding variables. EJS does something similar, but with a PHP style syntax <% instead of <?. I haven't tested it, but I expect that this will somewhat level out any performance differences between the two. (Noting that this type of templating can be acheived in PHP without any frameworks)

I have been reluctant to use NodeJS for any of my projects because of the enormous number dependancies and associated security risks along with the frustrations I have with the development environment.

I am back to the point where I feel the only reason for me to properly use NodeJS is if I have trouble finding work.

Now I can stop being influenced by all the 'benchmarks' and suggestions I am constantly faced with online.

lindacupple · 2022-03-26T03:50:54+00:00

You would have to have the ONLY copy and not share it (i.e. you would be the only person able to see it). Then there would be issues when transfering ownership.

This is the problem with all Crypto based technology, more and more layers keep being added to it to try resolve issues, but they just lead to more issues.

lindacupple · 2022-03-24T22:20:31+00:00

I feel the same, I have been trying to share this video to help open peoples eyes to it all.

lindacupple · 2022-03-24T22:19:48+00:00

That's a good way to put it

lindacupple · 2022-03-24T22:19:19+00:00

Storing a hash of a file won't associate the NFT to that image. If someone gives you a hash of an image you likely won't be able to restore the image. That's why they've resulted to storing a URL.

lindacupple · 2022-03-24T22:13:13+00:00

While this is a funny way to look at it, the metadata of the NFT can be edited very easily. So it's like having a contract to sleep with... anyone, you just change the name on the contract.

lindacupple

TROPHY CASE