wombat2combat and mod bias on security issues is obvious to see if you just browse the history of this sub

UPDATE: Follow up of this post has been published here

wombat2combat makes unreasonable demands for verification on any thread dealing with t0mcat and DHL but ignores and lets slide almost any other topic.

to see proof of the bias in action you only need to browse through the history of this sub. recent examples:

  1. DHL market part II - wombat2combat requires verification
  2. Warning Don't use ServNet Hosting Hacked! Avoid! - no verification required
  3. Sourcery Market vulnerabilities posted - no verification required
  4. DHL IP leak original post (removed) - wombat2combat removes post and bans user
  5. AlphaBay security leak details - no verification required
  6. Omega Market Hacked - no verification
  7. [DreamMarket IP address disclosure]() - no verification

This is simple for anybody to verify.

Second part is the type of verification requested. From the DHL thread today:

when a vendor for example can confirm that tomcheck knows the contents of their messages then we can add one of those red warnings for dhl.

if you read the details of the exploit you'll see that it is based on extracting messages from the message ID. the ID suggests that there are probably a million message ID's. to get a message for a specific vendor you would need to request all of the messages

in the advisory tomcheck says:

We setup a script to start at the highest message count and then request the last 50 message ID's

so wombat2combat knows he only took 50 messages as a proof of concept, knows that it is based on requesting the message by id yet set the requirement of proof as being requesting a message for a specific vendor which would require making millions of requests

very clever - I don't think anybody noticed this.

edit: since some people did not understand this explanation I have gone into detail about the flaws within it in my comment here

second is the requirements that were set out in the thread about the leaked DHL server being a real DHL server or not

if you follow the thread from here you will see that wombat2combat progressively alters what his requirements for proof are - until he reaches a point where he is asking for something that is impossible to deliver - millisecond precision on matching times between two servers.

there is a ton of adequate proof in that thread including server fingerprinting (which is the standard way of doing that) but it was ignored

again - a bit less clever, but clever anyway since you can say that you were never given proof


Comments


[18 Points] t0mcheck:

..


[9 Points] Bigw0rmer:

Its true there needs to be a complete overthrow of that mod list,. Treat them as if they where a corrupt government and understand that it will take work from all to get them out, because they wont just step down because we all asked nicely , they will do everything to keep the power that fills there wallets . Its up to us as a community to keep speaking out and exposing the corruption . This has been a long time coming


[7 Points] Kazaa99:

Its really a laughing stack that so much distrust can come from this guy even with all those evidence.

I'm not really a Reddit sub guy, but made a new sub

/r/DarknetMarketHacks/

Where everybody can post their findings in peace, so people know what to look out for without reading a 10 page fight. Hope some guy would like to run it instead and maybe help get some donations going to the guys doing so much work to warn all the rest of the people!

Who knows how many people could have been hacked/doxxed/arrested if these findings still weren't found!!


[7 Points] DaRealDonaldTrump:

yep. Ive called him on it. He then threatened to ban me.

Ive never accused him of being a fed, or on anyones payroll. I have accused him of making mistakes.

He shrugs every thing off as speculation/no proof, unless he has hearsay. then it is 100% fact that people should go off of.


[9 Points] None:

[deleted]


[6 Points] BloxingAnsen:

Someone had the bright idea to archive the DHL IP leak post.

Here's a link in case you want to add the link to your thread: https://archive.fo/bmhQt


[5 Points] pinochetHA:

  1. I've verified the Servnet compromise. I've known they were insecure for months, even previously made a comment about their outdated resources which I assumed was a temporary slipup.

  2. Alphabay leaks were verified, and yes proof was required.

  3. Omega hack, again proof was required before it was posted.

Can't comment about Sourcery.


[5 Points] None:

I DEMAND WOMBATS BLOOD.


[5 Points] wombat2combat:

the list with 'no verification required' contains either:

the rest either got warnings on the superlist quickly [e.g. sourcery when they admitted to the msg leak] or with the dhl ip leak I updated my posts and comments accordingly and the warnings on the superlist have also been changed as well as the current sticky.

so wombat2combat knows he only took 50 messages as a proof of concept, knows that it is based on requesting the message by id yet set the requirement of proof as being requesting a message for a specific vendor which would require making millions of requests

so wombat2combat knows he only took 50 messages as a proof of concept, knows that it is based on requesting the message by id yet set the requirement of proof as being requesting a message for a specific vendor which would require making millions of requests

how am I able to follow the steps that he posted when dhl was down? he just posted about such a possibility. if he would have messaged a vendor for example with contents of his messages, it would show that he the steps actually work.


[3 Points] Iambraves:

Man, I don't know much about computers like some of yall do. But I know enough to be able to post on here, and let y'all know; that y'all some craaaazzy ass muthafuckas


[2 Points] FuckTheM0dz:

Easy now. wombat isn't the only shitty mod around here. Plenty of poop to fling at the others.


[1 Points] Inthewirelain:

DHL market part II - wombat2combat requires verification

...to sticky the post

Warning Don't use ServNet Hosting Hacked! Avoid! - no verification required

...never stickied

Sourcery Market vulnerabilities posted - no verification required

to be stacked.... but I am pretty sure prior to stick SourceryMarket did reply and say we're looking into these. so the market admins themselves confirmed it.

DHL IP leak original post (removed) - wombat2combat removes post and bans user

well it wasn't the DHL IP leak, was it? it was the test server leaked IP. and Wombat made a mistake, for sure, there. but also he was misled by admins and the fact that only old logins worked suggested to him (and others) this WASNT a DHL IP - it was some sort of database dump that someone hacked into their market and made some sort of clone. why? to show off? to phish? who knows. it turns out that was false, but there was a reason. yes tho wombat was hasty

AlphaBay security leak details - no verification required

actually even tho I disagree with him on AB, there was verification for all of them.

Omega Market Hacked - no verification

not sure on this one, link?

[DreamMarket IP address disclosure]() - no verification

....never stacked and debunked a year prior to the AB and Hansa busts


DHL message leaks

uhh what was leaked was a possibly faked (altho prob not) DB dump with clear text title and PGP encrypted messages. hard to prove from that, right?


[0 Points] CipherYou:

Updated Follow up to this post is here