Hacker News new | comments | show | ask | jobs | submit login

I think the details were pretty interesting, so let me expand your summary:

  1. Someone gets permission to hack their friend
  2. They find their email / phone number online
  3. They lookup old password leaks for the email
    3.1. They find their password hash (salted) in the Tumblr dump
    3.2. Tumblr turned out to use the same hash for everybody, so the author
         finds other accounts with the same hash, follows them to a LinkedIn
         leak (unsalted), and successfully recovers the password
    3.3. The password turns out not to work (changed some time ago)
  4. They end up setting up a fake page to phish their friend
    4.1. First phishing attempt produces... the old password that is already
         known through point 3.
    4.2. Second attempt is modified to reject user input a few times, producing
         another password, which happens to work
    4.3. The victim grows suspicious of the phishing e-mails, but another
         message puts those suspicions to rest
  5. They wait until their friend falls asleep to reset the Twitter password and (later, in the same way) capture
     their LinkedIn account
  6. They photoshop their profile pictures to subtly include a Mario character, and they
     make their friend follow a bunch of fake Mario accounts on Twitter
    6.1. When that doesn't get noticed, they redo the trick in a much less subtle way
  7. Friend notices, they meetup to swap stories (the friend doesn't follow the fake Mario accounts)



I appreciate you summarising the article, thanks!

I really couldn't stand the writing style the author used — I understand peppering your writing with jokes, but there were far too many attempts at 'humour' for my taste.


I had hard time following the text too. I usually don't mind jokes, but when joke/content ratio gets > 1, I think it's too much.

Fortunately, I had a few minutes to kill while eating lunch, so I read it all.


I actually found it pretty easy to skim the article by simply ignoring the jokes. It was about 3 joke sentences to 1 relevant sentence and fortunately he was reasonably consistent in his unconventional sentence formation in his joke writing, making it really easy to skip them.


I would pay good money to have all HN articles summarized like this


It might not be the digest you asked for, but it's the summary we deserve: http://n-gate.com/hackernews/2017/07/31/0/


I am exhausted just imagining that this bucko is still at this project. It's like a perpetual motion machine of self-hatred.

Irony is only irony if it is not greater than 73% of your life, according to scientists. This person long ago passed that threshold.


You're assuming they actually read the threads. It would be easier, and yield the same results, to merely read the headline, and write based on that. In fact, I'm sure a simple script could cover the majority of cases, leaving them to only need to write for the odd one their script can't cover.


Knowing them, I don't think that's what they do tho.


Yeah, they definitely read the threads. This is some pinpoint-accuracy hate and idiocy.


>In fact, I'm sure a simple script could cover the majority of cases

I'm sure you could get some funding to provide that as a service.


This project definitely tells more about the author than about the HN community.


well I find it hard to think that website encompasses more than 10% of his/her life.


I just discovered it, and I wouldn't have clicked on the link but the negative comments got me into it.

I have been laughing out loud for the past hour.


It warms my heart that this is still going strong.


This makes me unreasonably happy.


Wow, you just saved me like 19 hours a week.


n-gate is pure gold


There was a community-driven project for exactly this. It was hosted on http://tldr.io. There was a browser extension showing you the summary of an article when you visited it and you could contribute your own summaries. And I started creating a Windows Store app (back in the time of Windows 8.0) for browsing all TL;DRs.

But sadly, the project has been discontinued for a couple of years already. I think it lacked incentives for summary writers (for example micro payments from summary readers) and also a monetarization model for the project creators.

The code is still on GitHub: https://github.com/tldrio

I thought about contacting them to get the web service running again on some cheap AWS VM or so, but haven't done it yet.


Correction on the password part:

3.2 Tumblr used same salt for everybody, but author don't know the salt. He searched the hashed password and found 20 other users have same password hash, using same password.

3.3 Linkedin leak have no salt, by looking for the 20 other users he found the plain text password, which should be the target password.

3.4 The password no longer worked.


Thanks!

Also, when I noticed my typo in the 3.2 ("hash" instead of "salt"), I pretty much hit myself in the head :/.


Unfortunately HN cannot render blockquotes readably.


> 4. They end up setting up a fake page to phish their friend

An important part of the story was that the phishing attempt failed, but was followed up by a spear-phishing attempt that was eventually successful.


Thank you. That really was a long and convoluted read.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: