DHL will give an official truthful response to allegations and account for everything in a few hours. Thank you for your patience.
DHL will give an official truthful response to allegations and account for everything in a few hours.
DHL will give an official truthful response to allegations and account for everything in a few hours. Thank you for your patience.
[44 Points] Cocinacowboy:
[22 Points] bhp5:
Thanks fed
EDIT:Any day now
[17 Points] None:
It'd be funny if they just exit scammed aha.
[9 Points] DooshNozzzle:
Thanks for the attention you are giving this, looking forward to hearing your side of things.
I appreciate your site and I hope you stay up as long as possible
[11 Points] None:
pokes the DHL Cmon...do something.
[8 Points] HugBunter:
Their whole site is pretty much vulnerable to XSS now that I've had a quick look... I haven't even got an invite and found a vulnerability to it in their password reset, which isn't an exploitable issue really unless an external form was able to be submitted to it, guiding a user there. However, this shows how much they are lacking, anyone care to send me an invite and I'll take a closer look?
If anyone wants to test the injection on the password reset, it doesn't sanitize the username field at all except when checking for a standard script tag set and then outputs it in plain text.
XSS String: "<BODY ONLOAD=alert('yo');>"
URL: http://darkheroesq46awl.onion/reset_password2
Enable JS to test...
edit:: search is vulnerable to most, hardly sanitized.
[3 Points] dslickjb:
i appreciate that this response will be truthful, unlike the previous ones where you said the XSS bugs /u/t0mcheck pointed out were useless and didn't warrant a reply from the admin and didn't matter. or was it known about and discussed already? i get confused.
i'm also confused as to why the "svg bug" being bigger (your opinion) means that the XSS bugs needn't be fixed (either?) you said you knew about all of these and have discussed them before. what sort of programmer chooses to leave bugs in their code? especially when OPSEC matters more than anything else.
isn't it just like pussy to get a dude up and moving early in the mornin'
[2 Points] yup1488:
as a lover of internet drama i posit the following theories:
(a) one or more of the PHP monkeys the owners hired from fiverr got greedy and is blackmailing DHL
(b) LE got to one of the operators and he has been cooperating by making "mistakes"
any other ideas? it only counts prior to the "truthful response" :)
[3 Points] MotherOfMeatballs:
How funny would it be when all the sudden LE puts up a seizure notice
[3 Points] Polygon_Windows:
Come on.. dont leave us wating too long /u/DHL-1
[3 Points] TILYouLoveDrugs:
I'm gonna say it:
BELIZE !!!
[3 Points] XanthonyBourdain:
8 hours now..
[2 Points] Wheredmydickgo:
"Seized by the US GLOBAL JUSTICE DEPT."
[1 Points] None:
submitted 7 hours ago by DHL-1
Is it time yet???
[2 Points] SloppyJoeLieberman:
Slightly concerning that you have to qualify this announcement as being truthful in comparison to the original statement. This could have been handled in a much more professional manner. Hoping to see this official response soon - 9 hours is a long wait for something so important.
[2 Points] felix1429:
[2 Points] Hi_Im_New_Here___:
maybe it has become en vogue to announce an announcement of an announcement.
as others have mentioned, when an "official" response needs to be specifically qualified as truthful, one must wonder.
people tend to want to openly "account for everything" when not properly accounting for things is par for the course. i hope they don't forget to include the community's collective patience when accounting for everything.
[2 Points] Cocinacowboy:
.....grabs more popcorn.
[2 Points] TILYouLoveDrugs:
How long does it take to empty some wallets and exit? Jeezzus, come on already!
[2 Points] justinherass99:
rofl they're not gonna say shit
[1 Points] lobb-it-away:
[1 Points] R4ID:
Popcorn here! Get y'er Popcorn here, step right up!
[1 Points] JaboodlesBarbara:
DHL is back online.
[1 Points] None:
Well...
[1 Points] JohnTSchmitz:
DHL: "Uhh ... Heartbleed. Remember that one? We were hacked. The coins ... they're gone? DDOSed, but not down & out. Regular maintenance. We're #1. What? That's not my email address. FUD! Fucking FUD! We hired the police. Big market announcement ... coming ... soon. Your call is important to us—it will be answered in the order that it was received. By someone in India. Wait ... what? Outsourcing. Buy Belize."
[1 Points] None:
As truthful as your promise of "a few hours"? Fucking hell
[1 Points] elfer90:
still waiting...
[1 Points] Desecration29:
Makes thread.."Expect everything in a few hours".. A day later.. "What's a DHL?"
[1 Points] charliesheenwinner:
Soooo...
[1 Points] Brookklyn:
Umm truthful response ?
[0 Points] blockmains:
official truthful response
Read that as Federal Bureau of Investigation
Grabs popcorn.