Sephora Mafia Means Business – Challenges Nicholas Family

by Pixeleen Mistral on 09/05/10 at 8:27 pm

The Nicholas and Sephora mafia war continued over the weekend – a conflict fought with YouTube videos, Second Life client hacks, Distributed Denial of Service (DDOS) attacks, SQL injection exploits and web site security vulnerabilities — a sort of Internet-enabled alternate reality game for hackers with bragging rights among the families of Second Life at stake.

Sephora scans Nicholas

After the Sephora gang recovered from a Nicholas mafia DDOS attack, they fought back with what appears to be a security vulnerability scan of their rival’s web site which was published in a post titled "We Mean Business" and a YouTube video with their signature gang movie soundtrack.

A second YouTube challenge was then posted and the Sephora gang claimed that one of the Nicholas patched Second Life clients harvests account and password information – just the sort of thing that might give one pause before running a gangland virtual world client.

A Nicholas family spokesman dismissed the Sephora claims, saying "none of their information is correct".

In response to the Sephora claims, the Nicholas family posted what appears to be a log of failed attempts at SQL injection attacks against the Nicholas site pointed out that "they are doing shit that hasn’t worked in years. they have no idea wtf they are doing".

Nicholas Logs SQL injection attempts
Nicholas mafia logs SQL injection attempts

While this appears to be all good fun among e-friends and e-enemies, this sort of meta-game does have a potential downside when played outside Second Life. There are significant penalties for unauthorized access to computer systems, and the possibility that the game could spin out of control is something that we hope the players will keep in mind. But after a steady diet of consequence-free Second Life with the Linden’s characteristic lax attitude toward enforcement of the ToS in-world, these sorts of considerations seem far from any of the gangster’s minds.

35 Responses to “Sephora Mafia Means Business – Challenges Nicholas Family”

  1. Gundel Gaukelei

    May 9th, 2010

    skiddie wars using autopwnage *yawn* – thats so 90s… Even back then, we called it lame already …

  2. Kiddoh

    May 9th, 2010

    That’s just adorable! :D

  3. Sephora Don

    May 9th, 2010

    You Missed One final Thing Herald:

    http://img571.imageshack.us/img571/994/fuckeds.jpg

    I think the creators inside Second life have alot more to worry about in the future with what they create then just sim crashers and griefer groups such as PN and soviet woodbury. Its people spending RL money to create inside second life and some is there job as a living. I think many lawsuits and problems will come in the future if this continues…

    -Sephora Family

  4. Darien Caldwell

    May 9th, 2010

    So the Mafia whines about personal freedoms and their rights? I thought the Mafia just shrugged and dumped their enemies in the river with Cement Overshoes. I guess this is the ‘Twilight’ version of the Mafia. LOL

    What’s next, a Pillowfight, or a Bake-Off?

  5. Kiddoh

    May 9th, 2010

    “I think the creators inside Second life have alot more to worry about in the future with what they create then just sim crashers and griefer groups such as PN and soviet woodbury…” <–My eyebrow started twitching here.

  6. Sephora Don

    May 9th, 2010

    @ Kiddoh

    You know Its True….

  7. Kiddoh

    May 9th, 2010

    It’s NOT true, you leave WU out of your bullshit.

  8. Jayd3n

    May 9th, 2010

    RARW Guys, Lets have a war, but lets remember who our True Enemies are.

    Skills Hak + The Emerald Team. Get rid of them all, then we can all have our wars with eachother for the lulz.

    Cmon Guise Im serious :D

  9. Sephora Don

    May 9th, 2010

    Our bullshit? lol its not em saying that WU is at fault for anything But im not saying All members within WU are perfect either. You will have some members who use those clients, as well as the creaters themselves use it, that is where the problem lies…

  10. Sephora sells perfume

    May 9th, 2010

    Sephora appears to be one or two people that aren’t making a whole lot of friends ;) good job on the PN and woodbury dig. you sure are rallying the troops in your favor dumbass

  11. Kiddoh

    May 9th, 2010

    Are you serious? Are you trying to use the “not everyone is perfect” approach as a way of being technically correct? You’re labeling WU as a griefer group and one that crashes grids no less. If you’re going to try and use WU as a stepping stone to make yourselves look cool, let me forewarn you that “stone” is liquid made up from 60% of Prok’s urine and 30% of Kalel’s jizz. D:<

    "You will have some members who use those clients, as well as the creaters themselves use it, that is where the problem lies…"

    Spare me your pretentiousness, please~! That has absolutely nothing to do with being a sim crasher or a griefer. It's not the tools, it's how someone uses them that makes all the difference.

    Example: A firefighter has an axe, he can either use it to cut down a door in a house that's on fire to save someone or he can goto a random person's house and use it to rob them silly.

  12. Nebula/PinkBunny

    May 10th, 2010

    Nick Mafia got the shit pwned out of them in world by my nebula agents when I was still in the game. Nick Mafia can go suck a cock…. Oh wait most of them are gay LOL, even the out dated relics at PN are better then them. Spheroa or what ever the fuck they are called even look better then them. And guys if you want to be skiddos and attack nick go grab skiddo tools don’t fidder fudder around. just grab around 100 people and do it to it baby! I am sure at least one of you knows about the wiki. you know the e/b/aums world one. I know it is still around. Just go use them even they are more effective then your shit scripting. Oh p.s. becuase I know you are reading inf. Your copy bot clients and SUPAH proxy are being posted to JIRA by me asap. Griefing is failure enjoy being looser living with you mothers for the rest of your lives.

    @Sephora Don
    WU DID NOT make sim crashers only 1 of their members widely handed them out and the box full of around a couple hundred of them were mostly made by me and can be destroyed by typing /915 for teh lulzors. Get your info right as WU while they may have griefed didn’t use shitty little lol cubes to do it, they are much smarter than that and were able to use more mind fuck and superior trolling.

    Also you should know where to contact me by now if you want some information to pawn nick mafia hit me up, I cannot stand them their constant insults in world to my greatness is not going to stand as nick mafia is the ass end of second life.

    @ nick mafia

    They keep getting shitteir and shitteir. The one griefing group that has withstood the test of time even though I hate them and they are the most pathetic is the PN. Even my group while we got more done then any of the griefing groups combined will still be worse then PN they pwn your shit. Now ditch the god complex nick mafia

  13. IntLibber Brautigan

    May 10th, 2010

    Quite right, Kiddoh,
    Generally speaking, the “WU are griefers” meme is a result of Digital Worlds idiots joining WU then going and causing trouble wearing the WU tag, and making sure JLU or Prok sees them.

  14. Nebula/PinkBunny

    May 10th, 2010

    @ INT Lib

    When I was pissed at WU for a month I crashed all the sims I could with the WU tag on makign sure everyone saw it and yelled out 4chan wu rules you i am griefing you. Its a common tactic leave them with blame let them handle it. never worked though. ah I never mess that time. Plus if you talk to some of the people in WU they are very nice. WU fags are some of the most kind people I have met. Kiddo himself being very well mannered.

  15. Sephora Don

    May 10th, 2010

    oh god look the drama that was caused!

    @ Nebula – Its no “new” news that Nicholas is made of cocksuckers who live at home in there basements, I just love hearing the herald calling them “Oh so powerful” and then we just crush their dreams. especially now that junior is “Don” that makes it even better because I know he cant code for shit and he makes it easy to just show their mistakes to everyone.

    Call me Two-Faced because we are a “mafia” and we shouldn’t be posting about exploits and hacks and all that “evil” stuff, Lol!!! Give me a break, Mafia or not Family comes first and we could care less about SL but posting about hacked clients and ways around it and watching it go into chaos is way more fun.

  16. Nebula/PinkBunny

    May 10th, 2010

    @ Sephora Don

    Well seems someone has at least half a brain! Wow they are ahead of half of sl now! I am not calling you two faced either. You are not nick mafia posting hacked viewers that are patched that now just steal passwords for them and they can say they don’t all the want the link you posted may be false but if they did anything to the viewers I would fucking bet that they added in the 2 little lines to jack passwords.

    If you want chaos just do the old school grid crash method that still works. or better yet just take down nicks website it isn’t hard hell I bet skiddie tools could even rape it to death. However, I don’t see their webbie down yet so if you are trying to troll them it doesn’t seem to upset them adn you should just move onto raping them before they decide to fight back. I am not a griefer any more and haven’t been for a long time with no intention to go back to it, but things don’t really change much over time so shouldn’t you guys just go for the gold here instead of letting the shit storm continue. nick mafia is a pitifull group not even one of them could stand up to my party hard cubes and they are as basic as it gets. Hell I bet two hits from insert skiddie tool here would get the site down.

  17. Gaara Sandalwood

    May 10th, 2010

    “That’s just adorable!”

    Indeed it is. I actually had glance at this on the actual website ebfore I checked this article out(which was jsut now btw). Interesting stuff.

  18. Deadlycodec

    May 10th, 2010

    None of these guys seem like they know the first thing about hacking. Firstly, scanning for vulnerabilities with Acunetix and Nessus is for noobs. These scanners usually have only very generic detection for bugs like SQL injection and such, and they often focus mainly on detecting specific bugs in specific software, which are often patched by most sysadmins pretty soon after the bugs are made public, except when an organization is using some obscure little-known and less-popular software. Also, good luck finding SQL injection bugs in WordPress lol. You might find them in some wordpress plugins, but not in the core components – not anymore. WordPress is fairly secure, aside from the default admin account and the fact that user enumeration is a cinch thanks to verbose login error messages, and of course the fact that by default logins can be bruteforced.

    Anyways, clearly if the Sephora mafia had any information on any serious vulnerabilities in the other one’s servers, they’d have exploited them, provided they have the technical expertise to do it. All in all, this is nothing but a bunch of posturing which really shouldn’t be taken very seriously.

  19. Gundel Gaukelei

    May 10th, 2010

    Not exactly what I would call secure:

    http://blog.sucuri.net/2010/05/new-attack-today-against-wordpress.html

    Once you got compromised, it doesn’t matter if it’s in the core or some common plugin.

  20. verbena pennyfeather

    May 10th, 2010

    Wow, I love when idiots trumpet. Being an actual..you know, trained IT sectech…step one, you don’t go gloating about your initial scans when pentesting., That’s just tarded.Two…you don’t attack code outside a cursory check. People who ACTUALLY do pentesting for a living know what the weakness is, and I’m not telling. Trust me, it’s not in the magic computery boxes.

  21. James Freud

    May 10th, 2010

    See what happens when you leave kids unsupervised?

  22. Cartman

    May 10th, 2010

    Loved how WU somehow manages to get sucked into everything. Very educational, dickwads.

  23. Deadlycodec

    May 10th, 2010

    “Not exactly what I would call secure”

    Uhh, you look at the code? As I said, it’s fairly secure. Seldom is something completely secure. I have found and reported bugs in major corporate networks, frigging monolithic and “secure” organizations – and these were serious vulnerabilities.

    Also, it does matter if the core is vulnerable. The vulnerable plugins are not installed by default, and and written by other people.

    WordPress is open source, and the vast majority of serious bugs like sql injection were vetted out from the core components quite some time ago. I suspect if someone found a bug in it, they MIGHT be attacking the session handling mechanisms. I think they use like 4 characters of the user’s password to generate their token, combined with some other stuff. I can’t remember, it’s been awhile since I looked but I was seeing if the tokens were brute forcible at one point. Never finished ,got side tracked with another project and haven’t got back to it. I don’t think I even tested to see if it validates my ip by grabbing a valid token from my own install and using it on two different computers. If you can do this, then it may well be possible if the tokens are not generated from sufficiently randomized and meaningless data.

    Another thing is that writing software to automatically enumerate usernames specifically for wordpress and automatically launch a brute force dictionary attack against each enumerated username is really easy to do, in like 5 or 10 minutes. It could scan the first several pages of blogs for author names, which are usually usernames anyway. Even when they aren’t, using a dictionary of the most common words used on the blog to try to login may reveal valid usernames. Expanding that code to act as a worm would also seem like a possibility. But more than likely, it may well be one of the more popular plugins.

  24. Gundel Gaukelei

    May 10th, 2010

    http://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/

    By now there are growing indications they came thru the open front door this time. They just mostly targeted WP installations, but could have compromised any other software as well, if they really have the level of access as shown in the video.

  25. Deadlycodec

    May 10th, 2010

    Yeah I’m getting reports that the WordPress attacks aren’t limited to wordpress, but other PHP applications too. Looks like most of this is happening on major hosts like Dreamhost and GoDaddy. I heard one person suggest that initial access was being gained through a bug in Fantastico There is definitely a lot of confusion about the source right now.

  26. Cartman

    May 10th, 2010

    Also love watching Intblub shooting off his mouth in random directions as if a) anybody hadn’t noticed he’d done a total crash and burn in the most public way possible, and b) he wasn’t insane.

  27. Kiddoh

    May 10th, 2010

    “Loved how WU somehow manages to get sucked into everything.”

    You act as if we wanted to be dragged into this. D;

    ” Very educational, dickwads.”

    What is this even supposed to mean? Are you demanding that whenever WU enters the picture we teach some form of Math class or something?

    Well it just so happened we just educated the readers on what exactly makes someone a griefer, or were you not paying attention?

  28. Ridicc.Nicholas

    May 10th, 2010

    LMAO nebula, maybe you want to learn grammar and spelling before you post something? eh? You seem quite butt hurt, sorry if we “pawned” you =/

  29. Hazim Gazov

    May 11th, 2010

    What right do these retards have to talk about security when they’re on a freehost and their page was made with DragAndDropBuilder? Honestly.

    And the whole “Hurrdurr I can run lame automagic vuln scanning scripts” thing along with their horrible attempts at SQL Injection is just the icing on the cake.

  30. Nebula.Rules

    May 11th, 2010

    Please shut up Nicholas you cant pwn shit if you didnt key log it .
    Better keep your mouth shut scum lowlife keyloggin piece of shit .

  31. sephora mafia

    May 12th, 2010

    lol sounds like a few nicholas are butthurt as for the sql injections…we never made no such act on your website which is just more lol because it is someone else targetting your weak asses too….

    as for the draganddrop on our website…lol theres no point to it besides showing nicholas’s information…and we didnt even pay for it…”junior” of nicholas did….oh and thanks nicholas for pointing out how you cant do shit without key loggers…you dont even know who i am in order to do anything….you a bunch of bitches taking our 12 inch dick and cant do anything about it…like i said we are stepping on you now…

  32. Nebula/PinkBunny

    May 12th, 2010

    lmao at my fan boy

  33. Cartman

    May 12th, 2010

    HAha, Intblub, the WU are griefers meme comes from the WU being griefers! Who knew??

  34. Kiddoh

    May 12th, 2010

    You tried just a little too hard, Cartman.

  35. Stiff Bored

    May 13th, 2010

    This crap was boring when you first started giving it coverage and it still is now.

    A real yawnfest.

Leave a Reply