Back to Epicmafia

Oracle is potential spyware

deletedabout 7 years

So I just downloaded Oracle and I performed a login on EM and looked under Chrome's network activity tab and this is what Oracle is doing.

https://imgur.com/a/z1JnL

If you look at the part that is boxed in red, you can see that EVERY time you log in, Oracle is automatically sending a GET request to the following ip address: http://45.63.17.67/

Included with that request are a few suspicious parameters. I believe the p parameter (circled in red) is a hashed version of your password.

So whats probably going on is...every time you log in...Oracle takes a copy of your password, sends it to 45.63.17.67 (a server that is "epicmafia.net" and saves it somewhere. So the extension is just building a database of usernames and passwords.

For reference..here is what a log on looks like without Oracle.

https://imgur.com/a/9K1ov

Notice how without Oracle there is just a simple login POST to epicmafia.

You can try this yourself with the following steps.

Install Oracle on the chrome web store

Log out of your account

Right click on your screen and click inspect element

Go to the Network tab

Perform a login

Then you'll see in the network tab that your browser is making a get request to an ip address owned by lailai and its sending a few hashed parameters

There is no reason why Oracle needs to make this request. Nothing about oracle's functionality requires it. It's very likely that it is just logging your password and saving it

deletedabout 7 years
this thread proves that Australia DOES have Jewish occupants
shaGuar
about 7 years
.
Arcbell
about 7 years
let's make lailai donate a large amount of bitcoins to epicmafia or be reported to the fbi
xxerox
about 7 years

yoyo200900 says




Is this for real? Has Oracle actually trying to steal EM code and LaiLai has used it to make a new website?
Arcbell
about 7 years

Recidivism says

https://www.wired.com/2016/06/interview-hacker-probably-selling-password/


that's in large quantities. also you can get those for free now.
The
about 7 years
The newest version of it is not on github
sky
about 7 years
this better be a joke tbh
xxerox
about 7 years
I don't think LaiLai would want to use them for something bad, but maybe someone else got acess to them?
Arcbell
about 7 years

The says


xxerox says

Was the code for Oracle published on github?


Doesn't matter, you can view the source if you have it installed anyway


solace view the source
yoyo200900
about 7 years
Arcbell
about 7 years
is that base 64 in the user field?
deletedabout 7 years
https://www.wired.com/2016/06/interview-hacker-probably-selling-password/
shaGuar
about 7 years
lailai you sleeze
The
about 7 years

xxerox says

Was the code for Oracle published on github?


Doesn't matter, you can view the source if you have it installed anyway
The
about 7 years
Everyone report it on the chrome web store: https://chrome.google.com/webstore/detail/oracle-for-epicmafia/cjohdaajjbgnilepmfmmeilfjhgedjpo
Arcbell
about 7 years
not in small quantities anyhow
xxerox
about 7 years
Was the code for Oracle published on github?
Arcbell
about 7 years
trust me passwords have no market value. you can't sell them to anyone
deletedabout 7 years
Passwords definitely have market value because invariably some people are going to be using the same password for everything, including online banking. I could be wrong I'm no expert, but that seems like A to B logic.
Arcbell
about 7 years
now try same password different username
deletedabout 7 years
yeah its different. im pretty sure its just an encrypted form of your password
Arcbell
about 7 years
passwords have no market value

let's see if changing the username and password changes those values though
deletedabout 7 years
Damn is lailai selling ya'lls passwords maybe he's smarter than we thought
Arcbell
about 7 years
change the password you enter and see if it changes the value sent, or if it's the same
deletedabout 7 years
Oh sorry here is image 1

https://imgur.com/a/z1JnL