news Was there a Hack/Data Breach at Epik?

[accurate]

GD probably has the worst practices we do not know about.

Most probably. No doubt in my mind. Scraping has gotten harder but the likes of GD are storing a lot of data they probably shouldn't.

There are great and smart people there for sure such as @jmcc. He also shares info here.

I find 98% of it absolute drivel about New Gs. Totally waste of my mental energy.

I prefer DNForum.

Depends. There are some very interesting people on that forum. Even some of the worst are quite nice to be talking with in private if you just give them the chance to engage in an open-minded discussion.

 

[accurate]

I'm sure.

Once a code has been breached, it continues to be very vulnerable.

How do you learn to write secure code?

I'm interested since I'm trying to learn programming myself. Are there places to learn how to write more secure code?

My job is programming and whenever there are major updates to language or server processors you have to go through the code to update parts of the code to keep it secure.

I'm hopeful Epik did update the code.

Then there is network security. If code hasn't been updated in over 10 years, it makes things a lot more stressful. It is also stressful for those whose data has been compromised.

Probably not.

Ask yourself, would those security steps outlined in the link you posted have been taken if there was no such public data dump?

Agreed.

At my full-time job we just had a ransomeware attack. Most of the steps that they are taking now are "too little too late". It was also an issue of untrained employees and bad security monitoring since the main IT guy left the company after being there for many years.

What would you do at this point to update and improve "shitty code" as you put it @Tom K.?

Most of the things listed are superficial, or too little too late. The heart of the matter lies in the "shitty code".

 

[Tom K.]

How do you learn to write secure code?

I'm interested since I'm trying to learn programming myself. Are there places to learn how to write more secure code?

You can get a lot results in Google. But for example, when connecting to the database you should write prepared statements, open and close transactions when doing updates, keep the code up to date with the current language processor updates. Secure code is only part of the equation. The list is too long to write here.

I'm hopeful Epik did update the code.

@robmonster made it clear that the code was kept captive by the developer, it was boxed, and he operated with the Russia-based dev team on the basis of trust. And the code was from 2009. So that is very old code. Rob admitted it was seriously weak. So it raises the question, when did the code become open-source to Epik and when was the last security update made?

What would you do at this point to update and improve "shitty code" as you put it @Tom K.?

If the code was not being updated to work with the latest language processor versions over the years, and that's what it sounds like, the only option is a complete rewrite. IMHO.

 

[Tom K.]

What would you do at this point to update and improve "shitty code" as you put it @Tom K.?

BTW, those are not my words you put in quotes. Those are Rob's words.

 

[404]

There are great and smart people there for sure such as @jmcc. He also shares info here.

For sure! Loved his book. Google it, buy it. Not sure if I can link but a must read for any domainer imo so....

Amazon.com: Domnomics: The business of domain names eBook : McCormac, John: Kindle Store

Amazon.com: Domnomics: The business of domain names eBook : McCormac, John: Kindle Store

www.amazon.com

I find 98% of it absolute drivel about New Gs. Totally waste of my mental energy.

I prefer DNForum.

I feel you. I prefer where ever there's a lot of engagement though and dnf ATM is kinda disappointing.

 

[Tom K.]

I feel you. I prefer where ever there's a lot of engagement though and dnf ATM is kinda disappointing.

It is very disappointing. I am going to peace out. Hope Epik and DNF can figure out how to reboot this forum.

 

[accurate]

I was thinking maybe there was maybe online training specifically for this. Google is the way.

You can get a lot results in Google.

Thanks, understood.

The list is too long to write here.

I did not realize this!

@robmonster made it clear that the code was kept captive by the developer, it was boxed, and he operated with the Russia-based dev team on the basis of trust. And the code was from 2009. So that is very old code. Rob admitted it was seriously weak. So it raises the question, when did the code become open-source to Epik and when was the last security update made?

Wouldn't that take quite a long time?

If the code was not being updated to work with the latest language processor versions over the years, and that's what it sounds like, the only option is a complete rewrite. IMHO.

 

[accurate]

That is good they are getting separated.

My goodness, this thread got busy today.

Quick update:

- The tech work continues apace. Most significantly is the explicit separation of Dev and Ops. Traditionally in a small enterprise those teams can be one and the same but as an organization achieves maturity, those functions become operationally separate.

All of this registrar code is being rewritten from the ground up?

- The oldest legacy code from the 2011 acquisition of Intrust Domains is substantially being upgraded and ultimately replaced. Bear in mind that the registrar software is a rather unique class of software so full replacement is not a small task, but because we have a large dev team that work is well under way.

I'm not sure many of us care about these service, but I could be wrong.

- Software like Masterbucks, DNProtect.com, WHOQ.com and TrustRatings.com are more representative of modern coding frameworks. They were being deployed apace. Some of these ecosystem innovations are now on a slower track due to the emphasis on the core.

Always had great support from the Epik team. @Epik

- The support team continues to do an exemplary job, as it has undergone significant expansion and upgrade, operating 24.7 for email, chat and phone. Our TrustPilot score has stayed at or around 4.9 throughout the episode. Account security and domain security remain our top priority.

Glad to hear it.

- Domains under management also continues to rise and never dropped below the level when the incident occurred. Today's transfers out were a benign 62 domains, quite typical for a registrar where domains are being bought and sold. Nearly 600 transfers in, vast majority of which is .com.

I don't know much about this Gab.com story so I'm not sure I can comment well.

I do believe you need to distinguish between being a domain registrar and hosting these websites. Journalists get this wrong all the time.

As for the topic of "shady customers", let me remind the deal reminder of our thoughtful analysis on the topic:

SPLC Weaponizes False Claims of Racism to Support Big Tech Monopolies - Epik Blog

www.epik.com

The reality is that Epik has very few of these so-called problem customers.

What is also worth noting is that customers like Gab.com which the SPLC reviles just celebrated their 3 year anniversary of the brutal takedown operation that was directed against them.

Andrew Torba ✝️ on Gab: 'Three years ago today my life and my business was…'

Andrew Torba ✝️ on Gab: 'Three years ago today my life and my business was in ruins, but this is the story of how Jesus saved me and lifted Gab up to become one of the top websites online. Gab had been systematically removed from the entire internet all in the same week: app stores, domain...

gab.com

I believe Epik made the right decision in allowing them to come back online when Godaddy booted them. The controlled media has never really forgiven Epik for that decision, but the reality is that they have sown the seeds of their own destruction as evidenced by the viral "Lets go Brandon" meme which mocks media doublespeak.

Rob, you are of course free to share your opinions. Although, few CEOs or executives I have known in my career do for various reasons.

I think more the issue most have, including myself, is I do not really understand what the below means.

And now we have entered into a new chapter with the arrival of DWAC and a multi-billion dollar war chest with which to buy those assets that have yet to be destroyed by other means. The following image from the DWAC investor briefing is illustrative of the plan:

View attachment 5594

What these organizations will ultimately will find that not everything can be bought, and not everyone has a price. That was the implied subtext of this Tweet:

https://twitter.com/i/web/status/1453135652145483776

We are heading into a very interesting phase. Those of you who enjoy independent media might some day appreciate the useful role that Epik played.

If you are wondering why Epik got so much attention in the last 2 months, you might consider what others have already concluded: there are no other Epik's.

If you enjoy being lied to, or like losing your civil liberty, that is your prerogative. Most people would rather have it the American way which is why Epik is their friend and ally, even if it is occasionally uncomfortable to utter it.

https://twitter.com/i/web/status/1453518755171024900

I have Forever Renewal of my most valuable domain with Epik.

Thanks to all our dear industry friends who continue to have our back, and who understand the historic times we are living in, and govern themselves accordingly.

#BeEpik

 

[Tom K.]

I did not realize this!

Transcript of Rob Monster's live Q&A following the Epik breach

Transcript of a live Q&A session held by Rob Monster on September 16, 2021.

blog.mollywhite.net

 

[accurate]

If you think I'm going to watch all 4 hours of this you are mad.

Transcript of Rob Monster's live Q&A following the Epik breach

Transcript of a live Q&A session held by Rob Monster on September 16, 2021.

blog.mollywhite.net

 

[accurate]

I'm sure as a Marine veteran that must have been sickening.

Yes, I saw that. I can't believe that I saw a Marine 4-Star General state that we were using them as "tools". Honestly never been so sick.

Yes!

The ranks of the military have been infiltrated by politicians that no longer are accountable for their actions.

 

[mr-x]

My goodness, this thread got busy today.

Quick update:

- The tech work continues apace. Most significantly is the explicit separation of Dev and Ops. Traditionally in a small enterprise those teams can be one and the same but as an organization achieves maturity, those functions become operationally separate.

- The oldest legacy code from the 2011 acquisition of Intrust Domains is substantially being upgraded and ultimately replaced. Bear in mind that the registrar software is a rather unique class of software so full replacement is not a small task, but because we have a large dev team that work is well under way.

- Software like Masterbucks, DNProtect.com, WHOQ.com and TrustRatings.com are more representative of modern coding frameworks. They were being deployed apace. Some of these ecosystem innovations are now on a slower track due to the emphasis on the core.

- The support team continues to do an exemplary job, as it has undergone significant expansion and upgrade, operating 24.7 for email, chat and phone. Our TrustPilot score has stayed at or around 4.9 throughout the episode. Account security and domain security remain our top priority.

- Domains under management also continues to rise and never dropped below the level when the incident occurred. Today's transfers out were a benign 62 domains, quite typical for a registrar where domains are being bought and sold. Nearly 600 transfers in, vast majority of which is .com.

As for the topic of "shady customers", let me remind the deal reminder of our thoughtful analysis on the topic:

SPLC Weaponizes False Claims of Racism to Support Big Tech Monopolies - Epik Blog

www.epik.com

The reality is that Epik has very few of these so-called problem customers.

What is also worth noting is that customers like Gab.com which the SPLC reviles just celebrated their 3 year anniversary of the brutal takedown operation that was directed against them.

Andrew Torba ✝️ on Gab: 'Three years ago today my life and my business was…'

Andrew Torba ✝️ on Gab: 'Three years ago today my life and my business was in ruins, but this is the story of how Jesus saved me and lifted Gab up to become one of the top websites online. Gab had been systematically removed from the entire internet all in the same week: app stores, domain...

gab.com

I believe Epik made the right decision in allowing them to come back online when Godaddy booted them. The controlled media has never really forgiven Epik for that decision, but the reality is that they have sown the seeds of their own destruction as evidenced by the viral "Lets go Brandon" meme which mocks media doublespeak.

And now we have entered into a new chapter with the arrival of DWAC and a multi-billion dollar war chest with which to buy those assets that have yet to be destroyed by other means. The following image from the DWAC investor briefing is illustrative of the plan:

View attachment 5594

What these organizations will ultimately will find that not everything can be bought, and not everyone has a price. That was the implied subtext of this Tweet:

https://twitter.com/i/web/status/1453135652145483776

We are heading into a very interesting phase. Those of you who enjoy independent media might some day appreciate the useful role that Epik played.

If you are wondering why Epik got so much attention in the last 2 months, you might consider what others have already concluded: there are no other Epik's.

If you enjoy being lied to, or like losing your civil liberty, that is your prerogative. Most people would rather have it the American way which is why Epik is their friend and ally, even if it is occasionally uncomfortable to utter it.

https://twitter.com/i/web/status/1453518755171024900

Thanks to all our dear industry friends who continue to have our back, and who understand the historic times we are living in, and govern themselves accordingly.

#BeEpik

Thanks Rob.

 

[mr-x]

They've = Anonymous

And I don't see anyone rushing to blame the criminals, yet give them a stronger voice and deflect any public responsibility on a crime organizationor's part in this.

Not 1 person has gone against Anonymous and their part in it.

I have on multiple occasions and have the screen captures to prove it.

Without defending epik I have called anonymous criminals and pushed back as hard as I was allowed on the lie anonymous did the world a favor by hacking epik.

They say, "yes the hack was bad", but yet they still engage with the very criminals that perpetrated this. Show me any posts to the contrary that, say you or Brad, explicitly called out Anonymous and the "representatives" of the organization to state their role in all this. It's madness. Them again, you're probably the type of people fine that the Taliban can have Twitter but Trump can't.

 

[mr-x]

Show me any posts to the contrary that, say you or Brad, explicitly called out Anonymous and the "representatives" of the organization to state their role in all this. It's madness. Them again, you're probably the type of people fine that the Taliban can have Twitter but Trump can't.

You won't find it. You will find many NP members liking a lot of post and offering praise to the "security researchers" and "journalist" attacking epik and even Rob personally.

You'll also find post calling domain speculators extortionist and reference to Government supported violence.

 

[amplify]

I have on multiple occasions and have the screen captures to prove it.

I've read all 140+ pages, but I must've missed it or forgotten about it since it would've obviously been drowned out.

You won't find it. You will find many NP members liking a lot of post and offering praise to the "security researchers" and "journalist" attacking epik and even Rob personally.

You'll also find post calling domain speculators extortionist and reference to Government supported violence.

The leftist lunacy and hypocrisy amazes me day by day as they get closer to, unfortunately, getting their way. These are the same people that said the "summer of love" had "mostly peaceful protests" and turn a blind eye to the billions lost by even Black-owned businesses.

 

[amplify]

Hack aside, this attack of Rob's character is mind-bending. I cannot seem to do the mental gymnastics to agree/like it.

The irony of this not being disagreed to (at least ONE disagree/reply to disagree) on a forum that promotes the buying and selling of domain names at the least and the maximum possible price respectively is beyond me.


As Joe said, "Come on, man!" Someone should've had the fortitude to remind them of where they were, NamePros, which has "buy, sell, discuss domain names" in the logo. I'm unsure of anyone who would buy anything for $7 and sell it for $7 in any industry? Nobody wants to disagree with them on any point of view though.

 

[accurate]

The whole point of domain investing is selling for a profit.

I don't get what they mean here.

Hack aside, this attack of Rob's character is mind-bending. I cannot seem to do the mental gymnastics to agree/like it.

The irony of this not being disagreed to (at least ONE disagree/reply to disagree) on a forum that promotes the buying and selling of domain names at the least and the maximum possible price respectively is beyond me.
View attachment 5610

As Joe said, "Come on, man!" Someone should've had the fortitude to remind them of where they were, NamePros, which has "buy, sell, discuss domain names" in the logo. I'm unsure of anyone who would buy anything for $7 and sell it for $7 in any industry? Nobody wants to disagree with them on any point of view though.

 

[mr-x]

I've read all 140+ pages, but I must've missed it or forgotten about it since it would've obviously been drowned out.

Possibly because any push-back is reported, labeled off topic and removed.

The leftist lunacy and hypocrisy amazes me day by day as they get closer to, unfortunately, getting their way. These are the same people that said the "summer of love" had "mostly peaceful protests" and turn a blind eye to the billions lost by even Black-owned businesses.

It gets better, the extortionist.

 

[accurate]

Should Epik Change Name and Rebrand?​

I think this might be something to consider.

 

[mr-x]

Should Epik Change Name and Rebrand?​

I think this might be something to consider.

NO.