Pure speculation: could this have been the cause of the slowdowns over the last couple of months? Maybe the hack was there for a long time, slowing things down, and only this morning did it fully manifest itself and was seen?
iusedtoberich:
Possible? Yes. Likely? I'm not sure -- I don't have visibility into Mike's security policy for AZBilliards.
But I can tell you this -- many hacks are performed this way. It's called "low and slow" attacks. Meaning, the attacker is trying his/her
(yes, there are female hackers!) damdest to make sure noone sees or "feels" the effects of penetrating the security of the website. Only after the attacker is sure all the ducks are in a row, and it's time to unleash the hounds, do the effects of the attack become clear.
Most often, "low and slow" attacks are used to go after government entities, or huge corporations with IP (intellectual property) that the attacker is after. One of the largest information security firms, RSA Security, was successfully penetrated in this way:
http://bits.blogs.nytimes.com/2011/04/02/the-rsa-hack-how-they-did-it/
In fact, RSA Security had to reissue -- for free -- all new tokens to their customer base because large portions of their source code was stolen.
"Low and slows" are the bane of any security officer's existence.
Getting back to AZB, do I think a "low and slow" was in process during the forum slowdowns these past couple of weeks / months?
No. I personally think it was (and might still be, if Mike didn't fix it) issues with the adserver.
I can make the problem completely go away on my side by short-circuiting my browser from pulling ads from the adserver, as I explained in this post:
http://forums.azbilliards.com/showthread.php?p=3652405#post3652405
When I do this, the forums are lightning fast. However, this is obviously not a sanctioned "fix" -- the proper thing to do is to let Mike fix the adserver issues. AZB's existence is paid in large part by its sponsors, afterall.
Hope that helps,
-Sean
