|
Zoning to the max | <BACK> |
The incident that (almost) killed BitView:Fun fact: a portion of this (Paragraphs 9-15) was made listening to Cars by Gary Newman and paragraphs 16-19 were made listening to Michael Jackson - Smooth Criminal. Introduction and origins:
idontmind, the 2nd alt of iloveall did his average task of friending everyone on BitView, which wasn't a bad thing, right? Unfortunately,idontmind had a plan to grab session id's from everyone who friended him, visited his channel, or clicked on his empty "wow" playlist. The first target I found idontmind do before his suspension was Vistafan12, the co-owner of BitView. He changed Vista's profile picture (listed below). After this happened, idontmind had the freedom now to completely hack BitView as a site.
Real contest - the first noticable hack. The first change to BitView idontmind made to BitView (from my expeirience) was the "new" contest which read "January 1970 Video Contest real". This is obviously not a real contest as the date was spoofed and most of the details were "real" (see below). After about 4 minutes, idontmind was suspended and the contest was reverted to the normal Februrary contest with these announcements from Hypermug1: "log out and log back in" became my main guidance to tell people since the procedure clears your session id, a unique string that tells your login apart from others and prevents people from hacking. Once your session is over, the current session id will be revoked and become invalid. If you dont clear your session id and someone manages to get your session id (in this case, through a XSS attack), they will be able to access your account and do whatever they want on it.
Even though idontmind was banned off of BitView, he still had access to prior account information, which was already useless because everyone was automatically logged out of BitView, clearing their session id's (see paragraph 5). A moment later Owler had gone down, causing a wave of people to get on Blips.
Blips insanity:
Blips had been surpassed in popularity by Owler since Februrary, 2024. Blips and Owler are both Twitter clones, however, Owler is a 2007 Twitter clone while Blips covers 2009 Twitter. Owler appeared with more features than Blips, but the major reason for the switching to Owler was the introduction to image embeds (only imgur at the time), which ended up with the addition of video embeds (BitView and YouTube) later on.
After some time, Owler went down for maintenance, and people flooded the public timeline of Blips. My reaction to using Blips again apparently sparked many copypasta's from user to user over and over AND OVER again to the point where the entire Blips public timeline was filled with these. The average person on Blips would now be either angry or paranoid about what just happened, however, it wasn't over yet.
BitView dies:After a couple of hours, BAFAMPOfficial and TheMasterGamer14 spreaded comments on many channels to make them click on a playlist with an XSS script to collect Session ID's and send them to a server. Even before idontmind was suspended, he hacked the accounts of BitView staff and deleted their videos.
BitView's channel owned by Jan after idontmind hacked his account and deleted his videos. These comments made many people click on them and send their Session ID's to a server. In the range of 5-20 minutes. Normal users got hacked by an unknown person(s) (could be idontmind but after owning 2 alts, he is most likely ip banned). My channel after getting hacked due to the XSS exploit. As you can see here, my profile picture got deleted, making myself look like a noob.
Now, nobody was safe from the hacking as everyone who clicked on the XSS filled playlist were hacked and even banned temporarilly. Thats right, everyone who got hacked got temporarilly banned due to the amount of spam they sent through other accounts (this included me).
BitViviVIREEEDxW IS sddfhuyinngdg THeeeeheE EEee Ned Credits go to Alessandro on Owler Due to the major XSS problems, BitView's features became unavailable until when BitView was nearly going down. This was when my BitView expeirience was full of 240 messages counting due to the relentless spam coming from my account, all written from another person. A few minutes later, my account was unsuspended and I made a rushed video with no real editing, extremely not the kind of content I would make. The last goodbye of my video, made with the same intention of my old "Goodbye" video, just in case something happens to me or my account when there is a potential for losing them. I uploaded the video, and just a few seconds after the video started processing, BAM! BitView now shows a 403 page.
403 message Everyone saw this on BitView and the Owler and Blips communities went wild! People assumed that BitView was now dead and that idontmind killed BitView with a simple exploit. Not just that, but an XSS script had been planted on Blips that completely erased the entire directory, greeting people with the Vistafan12 404 message (shown below).
BitView died, Blips died, now the only options left were plain old YouTube, Owler, and Tubelious. Everyone went insane worrying that Blips and BitView were permanently dead.However, BitView staff made an announcement that Blips was going to come back the next day and that BitView was going to come back when the bugs were fixed. Everyone on Owler was very releived that they never abruptly died. And for the time being, users switched to Tubelious.
Happy Mar10 day, I hate it now:
The day is now March 10th, Mar10 day and the first day of DST h***.The first thing that has changed is the fact that the 403 page has been replaced with a login prompt that only permits admin access.
The authentication screen. Ironically, older browsers give more detail on a specific message.
Sadly, Tubelious had been hit with another XSS attack, giving out user information and breaking all of tubelious.
Many people switched to Tubelious while BitView was down, however, that unfortunately didn't last long as Tubelious has been hit by an XSS attack, not only stealing login information but emails as well. Soon after, I published a status page to Lukas Zone (see below).
Tubelious was now dead. Idiotic sniper's site got sniped REAL bad. The annoying fact is that every website that has BitView embedded in it would have this displayed. March 11th, nothing?
March 11th was not really an eventful day at first unlike the other days since the 03/09 BitView terrorist attack. not much has happened other than smaller and more flawed sites getting Pwned by idontmind. Mihail's Guide was updated this day, providing some information on the XSS attack. The video wasn't posted long before I got hacked.
However, after some time, BitView went back up at around 7:00 PM CDT. BitView at first looked dead as there were only 2 videos on the "Most Viewed" section and only 6 videos on the "Most Popular" section. However, the most viewed section increased rapidly to the point where there were now 2 pages (this still is less than normal) for the Most Viewed videos for 03/12/24. 03/13/24 - Conclusion
At last, BitView lived another week (barely however). BitView's security has also greatly increased after the XSS atack even to the point where large updates from the future will be cancelled to help out security. Yet again, the XSS security breach was an example on what social media security shouldn't be as well.
Farewell for now. With my text about BitView's exploit fixed,I will be focussing on various Weather Service replica's from all around the web. |