Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

Reply to thread

Message

To answer some of your questions I have actually delve into some of the code base of what I could find for one the CDK system is designed around a.net framework to be more specific it was version before 1.4 the.net framework they’re using is from 2003 and the PDF reader is from 2008. It is actually so old you can’t download it from Adobe anymore. You have to usually go through a third-party site.

The way to intercept the packages from CDK is so easy that I was able to go ahead and manipulate it so that way you can run out of Mac via parallels and disabled the OS check.

The in infrastructure from CBK for the most part dealer level, not even gigabyte. The reason they had a breach is because they refuse to go ahead and invest any amount of money into their platform.

If any malicious attacker learned any basic vulnerabilities from .net or msdos that’s basically a wrap on the entire system. You have to also keep in mind that there is also translation layer because there seems to be an MSDos emulator built into CDK.

And in order to be able to dump all the data from CDK there is a backend code 100% there is a command because us as a dealer we need an authorization code to be able to do that but we can do it ourselves from the website and from CDK. Meaning we don’t CDK to do a command in the backend because that functionality is already in the front end. We just need the code that was provided when we were set up the system.

And because all the data is stored on their servers, that means that every single dealer that uses CDK, which is a majority in America and in Canada may have had their customer data leaked. If you ever look at CDK‘s offerings, everything is a patch job 180 is not even part of the same software sweep that got bought out from another dealer that had built it. E leads same thing so everything is very much a hack job when it comes to that company. Their software will crash if you look at it the wrong way and the reason it runs all with commands and it almost looks like a terminal cause it basically is the gui is basically just to format a bunch of terminal commands.

Also, they have publicly announced what the issue is. They just basically shut down everything for safety while they’re analyzing it. CDK is back up as of afternoon today, but 180 is still not up.

<blockquote data-quote="Fullsend" data-source="post: 74302" data-attributes="member: 17019">To answer some of your questions I have actually delve into some of the code base of what I could find for one the CDK system is designed around a.net framework to be more specific it was version before 1.4 the.net framework they’re using is from 2003 and the PDF reader is from 2008. It is actually so old you can’t download it from Adobe anymore. You have to usually go through a third-party site.The way to intercept the packages from CDK is so easy that I was able to go ahead and manipulate it so that way you can run out of Mac via parallels and disabled the OS check. The in infrastructure from CBK for the most part dealer level, not even gigabyte. The reason they had a breach is because they refuse to go ahead and invest any amount of money into their platform. If any malicious attacker learned any basic vulnerabilities from .net or msdos that’s basically a wrap on the entire system. You have to also keep in mind that there is also translation layer because there seems to be an MSDos emulator built into CDK.And in order to be able to dump all the data from CDK there is a backend code 100% there is a command because us as a dealer we need an authorization code to be able to do that but we can do it ourselves from the website and from CDK. Meaning we don’t CDK to do a command in the backend because that functionality is already in the front end. We just need the code that was provided when we were set up the system.And because all the data is stored on their servers, that means that every single dealer that uses CDK, which is a majority in America and in Canada may have had their customer data leaked. If you ever look at CDK‘s offerings, everything is a patch job 180 is not even part of the same software sweep that got bought out from another dealer that had built it.&nbsp; E leads same thing so everything is very much a hack job when it comes to that company. Their software will crash if you look at it the wrong way and the reason it runs all with commands and it almost looks like a terminal cause it basically is the gui is basically just to format a bunch of terminal commands. Also, they have publicly announced what the issue is. They just basically shut down everything for safety while they’re analyzing it. CDK is back up as of afternoon today, but 180 is still not up.</blockquote>

[QUOTE="Fullsend, post: 74302, member: 17019"] To answer some of your questions I have actually delve into some of the code base of what I could find for one the CDK system is designed around a.net framework to be more specific it was version before 1.4 the.net framework they’re using is from 2003 and the PDF reader is from 2008. It is actually so old you can’t download it from Adobe anymore. You have to usually go through a third-party site. The way to intercept the packages from CDK is so easy that I was able to go ahead and manipulate it so that way you can run out of Mac via parallels and disabled the OS check. The in infrastructure from CBK for the most part dealer level, not even gigabyte. The reason they had a breach is because they refuse to go ahead and invest any amount of money into their platform. If any malicious attacker learned any basic vulnerabilities from .net or msdos that’s basically a wrap on the entire system. You have to also keep in mind that there is also translation layer because there seems to be an MSDos emulator built into CDK. And in order to be able to dump all the data from CDK there is a backend code 100% there is a command because us as a dealer we need an authorization code to be able to do that but we can do it ourselves from the website and from CDK. Meaning we don’t CDK to do a command in the backend because that functionality is already in the front end. We just need the code that was provided when we were set up the system. And because all the data is stored on their servers, that means that every single dealer that uses CDK, which is a majority in America and in Canada may have had their customer data leaked. If you ever look at CDK‘s offerings, everything is a patch job 180 is not even part of the same software sweep that got bought out from another dealer that had built it. E leads same thing so everything is very much a hack job when it comes to that company. Their software will crash if you look at it the wrong way and the reason it runs all with commands and it almost looks like a terminal cause it basically is the gui is basically just to format a bunch of terminal commands. Also, they have publicly announced what the issue is. They just basically shut down everything for safety while they’re analyzing it. CDK is back up as of afternoon today, but 180 is still not up. [/QUOTE]

Verification

Top Bottom

Back

Search

Search

Reply to thread