ALL BLOG POSTS AND COMMENTS COPYRIGHT (C) 2003-2020 VOX DAY. ALL RIGHTS RESERVED. REPRODUCTION WITHOUT WRITTEN PERMISSION IS EXPRESSLY PROHIBITED.

Tuesday, November 24, 2020

Personal info released from Parler

Neon Revolt reports that Parler is even worse than skeptics has imagined.

Parler got hacked via a zero-day exploit on... wait for it...

Their app.

Personal info of thousands released into the wild, including private messages.

Color me shocked.... You may recall that I did tell you to stay away from it, like you should from all gatekeepers.

UPDATE: Neon Revolt has retracted. My position on Parler remains unchanged. Do you know what SG requires from its users? An email address. That's it.

Labels: ,

71 Comments:

Blogger Halvar Andersen November 24, 2020 9:03 PM  

I looked into signing up with them a few months ago when there was the first big exodus from twitter. First thing they wanted was a phone number.

Nope.

Blogger crescent wrench November 24, 2020 9:12 PM  

Poso saying this is a disinfo campaign by twitter/facebook to blunt Parler's growth.

Meat and potatoes tweet:
https://twitter.com/WhiskeyNeon/status/1331388892570906626

Blogger jijijeac November 24, 2020 9:13 PM  

ah yeah the thing that asks your for real life id and phone number lol.

Blogger map November 24, 2020 9:13 PM  

Once again, Sidney Powell is interviewed on Lou Dobbs, talking about the lawsuit she is filing against Georgia tomorrow.

Once again, Powell reiterated that there is no doubt in her mind that President Trump was elected in a landslide.

She says the fraud was so blatant that, In Arizona, one witness saw 35,000 votes added to every Democrat candidate before any counts began.

https://www.youtube.com/watch?v=p6y8VhYP8M8&feature=emb_logo

Blogger map November 24, 2020 9:17 PM  

One commenter over at Sundance has an interesting theory: the state delegation gambit was supposed to work for the Democrats because they expected to gain more delegates in the House.

formerdem says:
November 24, 2020 at 8:53 pm
Sidney says the evidence is overwhelming, it’s as if they expected us to catch it, doesn’ t see why. I suggest it is because they intended to throw the election to the House – see this from Politico in September (https://www.politico.com/news/2020/09/27/pelosi-mobilizes-democrats-house-decision-on-presidency-422359 ) . So they threw blatant fraud around on purpose to promote that, because they thought they’d capture another state delegation. But they did not. So now they have all this blatant fraud and if it goes to the House they will lose, so now they are weighed down by all the work they did to prepare the nation for that stunt. All the open cheating was going to work FOR them.

Blogger Brant Thacker November 24, 2020 9:19 PM  

Just Bongion’s name attached to it was enough to say, no thanks.

Blogger X November 24, 2020 9:23 PM  

Is this related to the “hack” a few months ago where a troll took a picture of a Wordpress config file saying it was a Parler data breach?

Blogger Pathfinderlight November 24, 2020 9:25 PM  

Two factor identification is all the rage now in the tech sector. It's supposedly much safer than passwords.

No tech company should store data itself. They should always store a hash. However, for professional coders, knowing the hash of a phone number and the hashing algorithm allows you to find out the phone number by brute force.

All this supposed that the app you sign up for doesn't directly sell your phone number. Verizon does this. Using a burner phone can help.

Blogger Tom Bombadil November 24, 2020 9:27 PM  

All social media now require personal info. You can't make an anonymous account anymore. At least, not without going through a lot of hoops. That's been my experience lately. And I was nearly locked out of a lot of accounts recently when one of my computers died. For example, paypal didn't recognize my new IP address and had an old phone # on file. Even though I knew my password they wouldn't let me into my account without 2 step verification (which I never set up for the account). It was a major hassle to get straightened out. Also, nothing works anymore from a VPN, or behind any type of reasonable security. They need to know exactly who and where you are :)

Blogger DiGi377 November 24, 2020 9:28 PM  

This comment has been removed by the author.

Blogger mh01701@gmail.com November 24, 2020 9:31 PM  

I barely trust family, I'm going to trust an entity that wants to give me something for nothing? I may be too short for most of the rides here but geeze even I'm not that short.

Blogger Angela November 24, 2020 9:33 PM  

Oh, how the bowties will spin.

Blogger travvyboy November 24, 2020 9:38 PM  

Their icon looks just like the Israeli new shekel sign ₪

Also, any platform that requires my phone number to sign up will not get it.

Blogger D. November 24, 2020 9:43 PM  

Oh my the Titanic/Bongino hit an iceberg

Blogger Unknown November 24, 2020 9:49 PM  

But Bongino assured us it was cool... ?

Blogger Andrea Daley Utronebel November 24, 2020 10:06 PM  

I don't mind signing up with phone number because I have a secondary phone number that I use ONLY for the internet.

I never use my personal phone number for anything except personal use and personal accts.

Btw, it makes sense that they ask for phone number. Otherwise, too many trolls can sign up with multiple emails and post spam.
That was the problem with facebook in the beginning. You could make 100 accts in a day with bogus emails. So many accts were total junk.

Anyway, for the internet, get a secondary number. you can get a tracfone for cheap on ebay. And it costs like $20 for 3 months.
Use THAT number for internet accts.

Blogger Autarky Bear November 24, 2020 10:09 PM  

Parler is just rebranded twitter. It might be different people running it but after enough people leave twitter the Globalists will buy out Parler if they haven't already.

Blogger Glen Sprigg November 24, 2020 10:12 PM  

Geez...how desperate are the gatekeepers to keep the Demoncrats going? You would think they would have at least waited a month to betray their entire customer base. These people really are deeply stupid.

Blogger MarioM November 24, 2020 10:15 PM  

Per Jack Posobiec you fell for the left's disinformation:
https://twitter.com/JackPosobiec/status/1331413624586383364?s=20

Blogger jkmack November 24, 2020 10:18 PM  

parler gave dan bongino cancer.

Blogger Doktor Jeep November 24, 2020 10:18 PM  

It's always the apps more than anything now. Ever see an Android studio project? So much crap in there, countless files doing this or that. There is hardly a way to tell what's coming or going. Android is developed by who? That's right.

Blogger Drew November 24, 2020 10:29 PM  

Neon Revolt corrected himself. https://gab.com/NeonRevolt/posts/105268808868064913
Not hacked, but still a weak app not to be trusted.

Blogger Weak November 24, 2020 10:44 PM  

Wasn't this obviously the plan for Parler all along? They're just executing their plan.

Blogger DiGi377 November 24, 2020 10:46 PM  

This comment has been removed by the author.

Blogger Ken Prescott November 24, 2020 10:51 PM  

https://gab.com/NeonRevolt/posts/105268808868064913

He pulled his gab and says he got fooled.

If our loudly self-proclaimed betters would own their screwups at 1/10th the speed Neon Revolt does, they might actually rate some of the respect they rudely demand.

Blogger Jim Blake November 24, 2020 10:55 PM  

Don Bondgino is on twitter saying this is a hoax.

Blogger Dave W. November 24, 2020 11:03 PM  

Neon Revolt deleted his post, said he was wrong.

https://gab.com/NeonRevolt/posts/105268808868064913

Blogger Dave W. November 24, 2020 11:06 PM  

I still don't really trust Parler, anyway.

Blogger Jon P. R. November 24, 2020 11:07 PM  

this was incorrect. tech news lately has been filled with know nothings trying to talk about stuff they don't understand. this and that cookie thing from ddg the other day. these people need to check with someone who knows this stuff before publishing nonsense.

Blogger Valar Addemmis November 24, 2020 11:17 PM  

Is a zero day exploit leading to corruption of "thousands" really worse than expected? The co-founder of Parler is, of course, Rebekah Mercer. You know, one of those Mercers who bought Breitbart at least partially to harvest their subscriber rolls etc. Sundance recently brought that up on Twitter and Bongino didn't take it well (although at no point did he really cover how the Mercers weren't or couldn't be harvesting user data for all users for whatever political purposes they wanted).

I mean, all social media is about monetizing user information, but Parler was literally founded by the billionaire data mining family that financed Cambridge Analytica. Talk about glowing...

Blogger mrpinks November 24, 2020 11:17 PM  

error 404

Blogger Jason November 24, 2020 11:18 PM  

I just, as in earlier tonight, tried signing up for Parler. Noticed the phone number requirement, tried to use a Google voice number and no go, they don't accept VoIP numbers, they want your real number. So I didn't sign up. Glad I didn't now.

Blogger Anon November 24, 2020 11:20 PM  

Something something two day rule?

Blogger CoffeeGroundsBear November 24, 2020 11:22 PM  

If the Big Bear bats 1000, I cannot comprehend whatever Vox regularly bats. Phew!

Blogger Beto November 24, 2020 11:30 PM  

wasnt this hack a hoax?

Blogger CoolHand November 24, 2020 11:41 PM  

Neon just retracted this over on Gab.

Said he got confused about what was broken into when, etc.

Shit's flying every direction these days, it's easy to do.

Parler still sucks tho.

Blogger Yukichi Sensei November 24, 2020 11:47 PM  

Besides Social Galactic, I have no interest in Social Media. It is a text based MMO Video game for normies.

Blogger vinifera November 24, 2020 11:48 PM  

I joined Parler about a month ago. I've never had a twitter account prior and have cancelled all social media accounts 5 years ago. I use gmail for email. With this said 'someone' (I am going to assume a scumbag with Google) changed my name on my email account. Probably because of news stories shared between myself and a few friends that 'they' don't like. I believe the scumbags at Google are trying to intimidate. Honestly I don't find Parler fits my style, same with the social media platform world. So I cancelled the account, and don't care if it is a hoax, I'm just not that interested. I didn't know a single person who 'followed' me, and I don't care much for that.

Blogger Difranco November 24, 2020 11:52 PM  

Neon Revolt has retracted.

https://gab.com/NeonRevolt/posts/105268808868064913

Blogger Difranco November 24, 2020 11:53 PM  

Neon Revolt has retracted.

https://gab.com/NeonRevolt/posts/105268808868064913

Blogger Doktor Jeep November 25, 2020 12:15 AM  

Apps are still weak. Better not to use them.

Blogger Jack Tanner November 25, 2020 12:54 AM  

You can get a throwaway phone number for website verification purposes such as in Parler. The phone issue is a lie thrown out to discourage joining Parler. That said, they need to fix their slow as hell app.

Blogger map November 25, 2020 1:16 AM  

Pathfinderlight wrote:No tech company should store data itself. They should always store a hash. However, for professional coders, knowing the hash of a phone number and the hashing algorithm allows you to find out the phone number by brute force.

I don't think this is true. You have only MD5 and various flavors of SHA1 for hashing algos. You would not be able to recreate the phone number from the hash value and the algo.

Hash's are one-way and the hashing algos are open-source.

If you SALT the hash, then that becomes even more difficult.

Blogger Snidely Whiplash November 25, 2020 1:32 AM  

ATTENTION:
WE KNOW NEON RETRACTED. PLEASE STOP POSTING THIS.
Any further posts saying this will be deleted. At least until I go to bed.

Blogger Snidely Whiplash November 25, 2020 1:35 AM  

@map,
With the limited allowed character set and known length, a brute force hack of a hashed telephone number is trivial.

Blogger Reprehensible Adam November 25, 2020 1:53 AM  

Burn

Blogger map November 25, 2020 2:03 AM  

Snidely Whiplash wrote:@map,

With the limited allowed character set and known length, a brute force hack of a hashed telephone number is trivial.


Yes, with hashcat or john the ripper, you can just have these run until the generated hash set matches the known hash set.

My minor pedantic point is that hashes cannot be unscrambled from the algo, the known hash and the characteristics of the hashed item (key space and character set.) They can just be generated and then compared until a match.

And this technique is defeated with a SALT value, which would then require knowing the salt.

Anyway, minor, pointless issue. Feel free to ignore.

Blogger John Rockwell November 25, 2020 2:40 AM  

Jason wrote:I just, as in earlier tonight, tried signing up for Parler. Noticed the phone number requirement, tried to use a Google voice number and no go, they don't accept VoIP numbers, they want your real number. So I didn't sign up. Glad I didn't now.

Very sus for any social media.

Blogger Imwill November 25, 2020 2:53 AM  

Tries to talk cyber security and says MD5.
Give no advice over bad advice my friend.

Blogger Imwill November 25, 2020 2:55 AM  

Not if using a modern hashing algo

Blogger Crunchy Cachalot November 25, 2020 2:57 AM  

They need to know exactly who and where you are

You know only criminals need anonymity or to use cash, right?

Blogger Lazarus November 25, 2020 4:22 AM  

jkmack wrote:parler gave dan bongino cancer.

fINALLY! some clarity on the subject!

Blogger Drew November 25, 2020 7:02 AM  

Snidely Whiplash wrote:ATTENTION:

WE KNOW NEON RETRACTED. PLEASE STOP POSTING THIS.

Any further posts saying this will be deleted. At least until I go to bed.



But the blog post wasn't updated to reflect this.

Blogger Cappuccinobear November 25, 2020 7:03 AM  

Bongino, the former Obama goon, er I mean secret service agent. I'm really starting to understand that this whole dog and pony show Q is showing us is to show the world the United States and the west were controlled by criminals, therefore, all the crimes committed by the west over the past 100 years should be written off, therefore protecting the west and the small hats from the world's outrage. Will it work?

Blogger PubliusFlavius November 25, 2020 7:11 AM  

Yep it is horrible, from purely a user point of view.

I actually gave it a try, right after the election.

Will probably let that account rot like my farcebook has for 5 years.

Blogger Terry A. Kirkpatrick November 25, 2020 9:05 AM  

What is SG?

Blogger Zeroh Tollrants November 25, 2020 9:10 AM  

This may seem like a dumb question, but why do people pronounce Parler like parlor, instead of the correct way, parlay?
I have been trying to figure that out for months.
Also, never trust anything Neocons & grifters are involved in. I made an acct there to secure my name, just like I did on Gab & also Twitter & FB, long, long ago.
Doesn't mean I'm gonna post there, tho.

Blogger tuberman November 25, 2020 9:48 AM  

Neon's headed into credibility problems, not so much from this mistake, as it was minor. I don't see me using Parler, but I was never interested as it does Glow Gatekeeper.

More important was his immediate stances on BRCC and Tucker. Without looking into their backgrounds, he insisted that anyone attacking, no, just saying anything bad about either one of those was breaking "our" unity. This isn't treating either of these as neutrals. He comes out with a hard line "Don't attack our own." We got this with Jordan from all over.

Then, when Rush got flakey On Monday, he had a stance, that now everyone would attack Rush as being a "traitor" too. He was double-dog daring anyone to even go there, as he was going to... whatever.

Yet, the problem is and always has been, "Controlled Opposition" who are not traitors so much as always controlled by the Globalists, including the 'R's" that are in the Club. They are all over and it's now when the hidden ones are required to commit. Exposing the controlled opposition completely is part of the game.

So, in the very least we need to look into these people under a magnifying glass, or their past, who their connections are, and who they've helped and contributed to, if political.

Black Rifle Coffee has been looked into more completely, and the owner has been found to be very wanting. He gives to "Veteran's Charities," but all those Charities he gives to are Fake Cons (Wounded Warriors, good example). He gives money to extremist Left political people, including anti-gun people. He gave a 'Like' to a hate-filled tweet toward Kyle.

I don't want to even go into Tucker's connection with Fox, and several things in his past showing he's batting for the Chamber of Commerce Republicans (unlimited immigration, open borders).

Point being Neon didn't put single gab posts out saying, "Let's have a fair discussion about these people." He instead harshly put multiple posts out suggesting anyone who disagreed with his stance that these are all true right people and if you say anything else, then you have to be like the eye-patch guy, GOPe, a Boomer, or worse. He's also gone on to say how wonderful it is that Glen Beck and the Blaze has come around. Ha!

It's not good to take authoritarian stances that you want to shut down discussions, but he has been doing that lately.

Blogger nyan November 25, 2020 10:08 AM  

I just ran into a similar problem with an old Wordpress installation on an old web property of mine. "Leaked" all the same info, but I haven't had a MySQL instance installed in years! (And indeed, my maintenance pass was aimed at rewriting my primitive PHP templating system with Server-Side Includes instead.)

Security advisories should come from the technically competent, but our cultural zeitgeist is such that "share first, let the community evaluate" is the operating mode right now. Glad the hivemind was on top of this so quickly.

Blogger ThatWouldBeTelling November 25, 2020 10:51 AM  

Here's one reason to suspect Parler: I use iMatrix, which is a bit like NoScript, it allows very fine grained visibility and control over what a web page is asking for, and what you'll give it.

Parler is thoroughly tied into the totalitarian tech Left, it will not display anything for you unless JavaScript code from YouTube is allowed to run. YouTube also tries to place cookies on your computer from the basic parler.com/feed page.

It's not yet viewed as evil enough for Cloudfront to boot it. That's the most prominent content delivery network (CDN), and one of those is essential to prevent DDoS attacks from taking your site down, and costing you a lot of money if you're using a cloud provider.

Everyone believes Parler is using cloud provider Amazon Web Services (AWS) for production, including one analyst of their smartphone app as of the 14th who said it's going directly to a single AWS address instead of being fronted by Cloudflare. That's also believable because they've been able to handle their new surge in demand much better than Gab, which uses its own hardware (one of the major proper use cases for cloud providers is dealing with varying demand, including a huge spike if got your architecture right, and one of their Top Men used to work for AWS (that's ignoring politics of course)).

At one level or another, Parler is either incompetent at at time when that's unacceptable, or so associated with the totalitarian tech Left it should be counted as one of their members.

Blogger Valar Addemmis November 25, 2020 11:07 AM  

Imwill wrote:Not if using a modern hashing algo

Hashing algo doesn't matter if the set of data you're hashing is very small, like a 10 digit phone number. This is basic 90s rainbow table stuff. You can precompute all of them.

It's harder when you start taking into account salts, but then you're still implementation dependent (it's not "the algorithm" that protects you as much as competent cyber security practices). And relevant to many people I assume, salts only really help against precomputing hashes against a large list of accounts simultaneously. Even with a well-designed salt value, it provides limited to no protection in a scenario where one specific hash value is being targeted for cracking.

Blogger Dan in Georgia November 25, 2020 11:27 AM  

Social Galactic. Sign up for Unauthorized TV and you get an account. Twitter without the cursing and communists.

Blogger Dan in Georgia November 25, 2020 11:28 AM  

It has been now, and he’s a mod.

Blogger Snidely Whiplash November 25, 2020 11:31 AM  

Drew wrote:But the blog post wasn't updated to reflect this.
Vox isn't allowed to sleep?

You think I'm going to edit the SDL's post? Are you crazy?

People smart enough to click on the link in the original post can't read the 50% or more of the comments that have already dropped their enormous truth bomb?
Even a cursory glance, which is almost unavoidable if you're going to post a comment, would have made it clear.

Blogger Snidely Whiplash November 25, 2020 11:36 AM  

Zeroh Tollrants wrote:This may seem like a dumb question, but why do people pronounce Parler like parlor, instead of the correct way, parlay?
Parce que les Americains ne parlent pas Francais.

Blogger Ominous Cowherd November 25, 2020 1:05 PM  

tuberman wrote:Neon's headed into credibility problems, not so much from this mistake, as it was minor.
...
More important was his immediate stances on BRCC and Tucker.

So far, I question his judgement, not his integrity.

Blogger John Bradley November 25, 2020 2:14 PM  

This may seem like a dumb question, but why do people pronounce Parler like parlor, instead of the correct way, parlay?

In English that word is spelled "parley".

If the French spell it 'parler' and pronounce it 'parlay', A) that's exactly the sort of nonsense one would expect from the French, and B) the Anglosphere and Americans in particular don't care about what the French do, or how they say it.

"Chevrolet" being a notable exception. (And by that logic, shouldn't it be spelled "parlet" in French?)

Blogger tuberman November 25, 2020 2:18 PM  

66. Ominous Cowherd

Yes, me also, as I still use him as a source often, and over-all I liked his book, although he did get off into some esoteric areas. Yet when he gambled on Options, lost money, then blamed Trump for "artificially keeping the market high," I added a grain of salt.

He did one more thing that I thought was slightly off. He attacked "Praying Medic" as a grifter, and I figured that was a projection. On the other hand, his critic of "IntheMatrixxx" as a grifter was spot on.

I like his writing though, and he often has very good positions. I don't think he's batting for the other team, not at all.

Blogger Ominous Cowherd November 25, 2020 2:38 PM  

John Bradley wrote:"Chevrolet" being a notable exception.
That's pronounced chevy. Everybody knows that!

Blogger Passerby November 25, 2020 5:23 PM  

this also looks strikingly similar to the flag of Greece's Golden Dawn party, whose name immediately invokes musings (in me at least) over whether or not it has any connections via personnel, policy, or theosophic philosophy, to the Freemasonic offshoot the Hermetic Order of the Golden Dawn???
. . . illuminati confirmed? I don't even know if I'm joking when I say that at this point. The symbolic tie ins are becoming more and more bizarre these days.

Blogger Archella November 26, 2020 4:51 AM  

SG is the best online community I have ever been part of. #kelbear

Post a Comment

Rules of the blog

<< Home

Newer Posts Older Posts