Forums

(All updates are Central time)
Updates:
Updated 2:13am, 11/24/06 (Update #1)
Updated 2:16pm, 11/24/06 (Comment #13)
Updated 6:08pm, 11/24/06 (Update #2)
Updated 9:46pm, 11/24/06 (Comment #14)
Updated 10:00am, 11/25/06 (Comment #15)
Updated 12:42pm, 11/27/06 (Update #4)

     VERY IMPORTANT UPDATE
     Updated 10:22am, 11/25/06 (Update #3)
     (also added Hubert's details from 1passwd at beginning)

Note: Comment #8 had a URL that was replaced by us. We do not believe the URL to hold any significance, only the image displayed at the address.

Ok, so we had a forum user come forward & say "Me & my friends did all the blog comments" and then later on say "Just kidding, we didn't do the blog comments." We do, however, know that it is likely (by tracing the IP) that the blog comments are coming from the programmers of 1passwd. We do not know if this is something they have taken upon themselves for marketing purposes or if it is actually being done for the directorate as a part of a heist. There has been at least 1 instance where the IP address did not trace back to them.

Now, I'm going to outline the things that we know absolutely to be true.

First, I'm going to go ahead & list the information given for Hubert in 1passwod:

Title: Mr
First Name: Hubert
Initial: H
Last Name: Heist
Sex: Male
Date of Birth: 05/03/52
Place of Birth: Irovy Coast
Occupation: Connoisseur
Company: Heist Enterprises Ltd.
Department: Public Relations
Job Title: Connoisseur

Username: hubert
Reminder Question: Who is Hubert?
Reminder Answer: Don't talk about Hubert.
E-mail: hubert@1passwd.com
Web site: http://whoishubert.com
Forum Signature: (url link=http://whoishubert.com)Who is Hubert?(/url)

Address Line 1: 16715-12 Yonge St
Address Line 2: Suite 192
City: Newmarket
State: ON
Zip/Postal Code: L3X 1X4
Country: Canada
Location: Abroad

(Phone)
Default: 416-999-9999
Home: 905-999-9999
Cell: 519-999-9999
Business: 905-999-9999 (ext. 999)
Day: 905-999-9999
Evening: 905-999-9999

Credit Card Type: Visa
Card Number: 4111111111111111
Validation Code: 000
Expiration: 11/09
Card Holder's Name: Hubert H. Heist
Drivers License: 000000000
SSN/SIN: 000000000

1. When opening the keychain file for 1passwd, we find information that was not visible inside the software. The information is as follows:

(In Keychain Access)
Name: Zot Admin <zotadmin.com>
Kind: application password
Account: zotadmin.com
Where: Zot Admin
Comments: http://zotadmin.com
Show password: 1PWD0001Shttp://zotadmin.comMake your own nature, not the advice of others, your guide in life.TRusername
maczotPRpassword
appzapperrules

Let's break that down:

1PWD0001S
http://zotadmin.com
Make your own nature, not the advice of others, your guide in life.
username: maczot
password: appzapperrules

Now, previously we removed the TR & PR because we had agreed that these were in all files. But I disagree. When I open the keychain file through the actual OS X Keychain Access program, I find that in the password field for all my personal accounts, the password itself is the only thing in the password field. Now, these TR & PR may mean nothing, but do not count them out just yet.

2. Here we have the origin of the quote in the keychain file.

(Reference on quote from wikipedia)
At the time of Pompey the Great, Cicero, Pompey's ally, consulted the Oracle as to how he should find greatest fame and was told
"make your own nature, not the advice of others, your guide in life."
It was wise advice for Pompey was subsequently defeated by Julius Caesar.

3. A few days ago, the front page of maczot was:

Have you tried the burn?

Disco is the newest in line of "Delicious Generation" mac apps.

-Pushing the envelope
-Targeting the void
-Who is Hubert?

What inspires you to create the "smoke" in your life?

4. Interesting picture in the resources of cha-ching
http://i9.tinypic.com/35copsl.png

5. 1passwd forum post
"As you probably guessed we hid some goodies in the MacHeist version of 1Passwd.

Originally I planned on telling all you guys how to setup the MacHeist version on your machine so that you could find the clues yourself.

However, I decided this is too much work and can easily cause problems. I recommend you checkout the Backroom forum at MacHeist if you're interested. Those guys in the forums have found everything already!" David Taere - from the 1passwd support forums

6. macsecuritybook.com (thanks ageofinnosence)
on macsecuritybook.com if you input the username: hubert and the password GotBananas? you get an image of hubert with the text "I had a secret for you in my secure notes; but I deleted it by mistake."

UPDATE #1
More "civilized" list of Hubert's supposed comments.

Note: Any or all of these could be false. But let us not dismiss them in fear of missing key pieces of the puzzle. I have separated the ones that we agree have very little chance of holding any validity.

1. Nice app that 1Passwd is.

2. Me like 1Passwd too.
I'm shy and short on words.

3. I just returned from the Amazon and love what I see!

4. As much as spaghetti. Umm…spaghetti.

5. jd75h dh#jks5 sk3g t6h js@hm 5o ls df#g h #df sa

6. Here I am!

7. 1PWD0001S?What you see depends on what you look for.??H.

8. Here's my keychain (http://www.detroitsteelkillers.com/file … 144691.jpg).
H.

9. Ask and ye shall receive…

10. Remember, there are 2 keys.

11. Hubert was here. Can’t stay. Too many see and copy.

12. Hubert was here. Can’t stay. Wait until after the turkey.

13. Impostors arruinados todo! (Imposters ruined all)

14. Yield to Benedict Arnold.

Wait for the appetitive, the spirted, and the rational.

15. Can't.  Benedict Arnold abound.

-----
We believe the following to be false. These are common google earth sights, and can be easily found by visiting a google earth sight seeing website/forum.

1. The Edge: 52.49693,13.459003
2. From Hubert with love: 12.370982,23.321614
3. 33.746378,-112.633381
Rule #1
4. 43.026079,-88.011507
5. 38.671476,-90.391747

Little compilation by Nikto:
But I've found enough comments with this four coordinates:
The Edge: 52.49693,13.459003
43.026079,-88.011507
38.671476,-90.391747

From Hubert with love: 12.370982,23.321614

UPDATE #2:
In Hubert's information listed in 1passwd, it says his birth place is "Irovy Coast" - some of us believe this may be significant, we're not yet sure how.

UPDATE #3:
We have been told by the directorate that they have traced Hubert comments to a forum user. Now, it was not stated that all of them were traced to this user, but that the ones that were posted on their personal or their friend's blogs. So this means most likely the Hubert comments are false. But no word about the information found in 1passwd.

"The proper rewards are not simply tacked on to the activity for which they are given, but are the activity itself in consummation." - C.S. Lewis
http://www.jarlanddonnell.com

Obviously doesn't log in on maczot.com/admin or the front page of maczot. And zotadmin.com hasn't been registered.

"The proper rewards are not simply tacked on to the activity for which they are given, but are the activity itself in consummation." - C.S. Lewis
http://www.jarlanddonnell.com

...Yet.

Siggynature.

http://www.maczot.com/admin/index.php

password doesnt work though

From wikipedia...

http://en.wikipedia.org/wiki/Famous_ora … rom_Delphi

"The proper rewards are not simply tacked on to the activity for which they are given, but are the activity itself in consummation." - C.S. Lewis
http://www.jarlanddonnell.com

those usernames and passwords dont work on maczot.com/admin and zotadmin.com there is no content.

Maybe the oracle reference tells us its going to be a database file? Any ideas on the meaning of TR and PR?

"The proper rewards are not simply tacked on to the activity for which they are given, but are the activity itself in consummation." - C.S. Lewis
http://www.jarlanddonnell.com

the oracle of delphi is present in greek mythology

tr. abbreviation
• tare.
• tincture.
• trace.
• train.
• transaction.
• transitive.
• translated.
• translation.
• translator.
• transpose.
• transposition.
• treasurer.
• Music trill.
• troop.
• trust.
• trustee.

pr abbreviation
• pair : patterned gloves, $17.95/pr.
• archaic per : $6 pr day.

Pr can also stand for page rank, press release.

Buying 6 MH bundles for the needy

Home made avatars: RDF machine | Bug Zapper | Fortune Teller

The TR and PR seems to be there in all passwords saved by 1passwd.

Where did you find this?

Proud member of the Orange team!
Let's go into theAmazon.

Check the keychain that is created the first time that you start 1passwd.

The password for the keychain is the one you entered the first time you started it.

HMm.. there are no congratulations on the boom page. Does this mean the heist #2 is not done yet ?

Watch out for the clues on the Feeds maybe ...

Obviously maczot is involved somehow. Yesterday, the front page of maczot said this...

The news feed says...

"The proper rewards are not simply tacked on to the activity for which they are given, but are the activity itself in consummation." - C.S. Lewis
http://www.jarlanddonnell.com

I googled trpr and I got

trpr (Tcpdump Rate Plot Real-time)

Buying 6 MH bundles for the needy

Home made avatars: RDF machine | Bug Zapper | Fortune Teller

This was metioned in the Front room... In the resources of cha-ching this image was found:

http://i9.tinypic.com/35copsl.png

Not used in the application though!!

These conspiracy theories are driving me crazy!!!

Tiny breakthrough. I started thinking why this password is not shown in the 1passwd user interface.

I thought maybe there is some sort of check in the app to not show this before a certain time.

Using strings on the executable shows that the string Zot Admin is indeed in the app. I'll look more into it, but this certainly looks as if something that will be used in a future heist!

Ummm. AFAIK the congratulations for heist one didnt show up until it had been marked as completed.

---- Andrew Clark Macheist Moderator ----
MaxJG: i just imagined your computer sticking it's finger down it's throat and vomiting up oracle-owned bile
MaxJG: it was weird

I feel an odd draw to "disco" for something, but I don't know what.

"The proper rewards are not simply tacked on to the activity for which they are given, but are the activity itself in consummation." - C.S. Lewis
http://www.jarlanddonnell.com

I moved my date ahead, day by day, opening and closing the app, nothing new appeared

---- Andrew Clark Macheist Moderator ----
MaxJG: i just imagined your computer sticking it's finger down it's throat and vomiting up oracle-owned bile
MaxJG: it was weird

on the disco site, there's a link to appzapper

http://www.discoapp.com/

Buying 6 MH bundles for the needy

Home made avatars: RDF machine | Bug Zapper | Fortune Teller

That's because you had to blow up the balloon.

yeah, so... yeah

All of these mysterious pieces are just killing me.

Buying 6 MH bundles for the needy

Home made avatars: RDF machine | Bug Zapper | Fortune Teller

If the next heist is from maczot be sure that you'd get appzapper as the prize ..

As a long time buyer from maczot... thats the app they give out the most.:)
The password certainly points in that direction !

there is a monkey in the bottom right corner at discoapp.com with a link to "who is hubert?"

right from the first page on the disco app site about "smoke":

Everything about Disco is pushing the boundaries of interface, usability, and utter functional simplicity. Well, once you realize that Disco is emitting real time 3D interactive smoke as you burn, we start redefining the boundaries. Want to push it out of the way? Blow into your microphone and the smoke will react accordingly. Or, go ahead and flick at it with your mouse. Remember, you'll need a supported computer to run this.

Buying 6 MH bundles for the needy

Home made avatars: RDF machine | Bug Zapper | Fortune Teller

Yeah, I tried that as well. Unless they're using a specific time, I don't think this is it.

However, maybe it's never supposed to show up in the app, maybe it's for automatically providing us with the password for the website, without us knowing where it is from?

I found some interesting strings (and two that I will not put here, because I think they are the email address used to "register" this program and a hashed serial number).

The ones ending with a : are methods.

initWithName:
initJohnDoe:
initHubert
initNew:withPerson:
title
setTitle:

Onepasswd
416-999-9999
905-999-9999
519-999-9999
Joe.Onepasswd.%9d@pookmail.com
http://1passwd.com
Canada
000000000
Onepasswd Enterprises
16715-12 Yonge St
Suite 192
Newmarket
L3X 1X4
VISA
4111111111111111
JOE ONEPASSWD
j1p%9d
Favorite utility?
Web Surfer
1Passwd - [url link=http://1passwd.com]Password Manager for Mac OS X[/url]
Hubert
Heist
Connoisseur
hubert@1passwd.com
http://whoishubert.com
1952-05-04 10:45:32 +0600
Irovy Coast
Heist Enterprises Ltd.
Public Relations
Hubert H. Heist
hubert
hubert
Who is Hubert?
Don't talk about Hubert.
Abroad
[url link=http://whoishubert.com]Who is Hubert?[/url]

Hi there!  Great work on that heist!
Here is your reward:  KEYCHAIN ON STEROIDS!
Yes, 1Passwd builds on the keychain and takes it to the next level.  You'll love this prize!  Best of all, 1Passwd can be used on your future heists.
We'd love to see you join us in the forum:
    http://forum.agilewebsolutions.com
Cheers!
Dave & Roustem (co-authors of 1Passwd)
Welcome to 1Passwd!
Are you digging 1Passwd? Hubert loves 1Passwd too but he is shy and short on words.
Help Hubert to tell the world about 1Passwd on your blog or website. By the way, if you include a link to 1passwd.com and click on it, Hubert will be sure to stop by.
~$TRASH$~From Hubert
2006-11-30 12:00:00 -0500
Mac Security Book
macsecuritybook.com
http://macsecuritybook.com
What you see depends on what you look for.
GotBananas?
Zot Admin
zotadmin.com
http://zotadmin.com
Make your own nature, not the advice of others, your guide in life.
maczot
appzapperrules

New development:

Just went to the bottom of macsecuritybook.com and tried entering a couple passwords.  didn't work; then I clicked "Forgot password" and my browser issued the following notification:

"You should have used 1passwd to manage your passwords.  It never forgets"

Anyone take a look closely at the safe? It shows the piggy, the Key, the bill hanging from top, BUT also something is there in the background. The heist aint over yet!

"As you probably guessed we hid some goodies in the MacHeist version of 1Passwd.

Originally I planned on telling all you guys how to setup the MacHeist version on your machine so that you could find the clues yourself.

However, I decided this is too much work and can easily cause problems. I recommend you checkout the Backroom forum at MacHeist if you're interested. Those guys in the forums have found everything already!" David Taere - from the 1passwd support forums

http://forum.agilewebsolutions.com/view … ight=heist

on macsecuritybook.com if you input the username: hubert and the password GotBananas? you get an image of hubert with the text "I had a secret for you in my secure notes; but I deleted it by mistake."

Hmm.. I think as long as zotadmin.com doesn't ccome online there is nothing we can do.

Looks like the 1Passwd will be used heavily in the next phase (mini heist/phase 2 of Heist 2/ heist 3) hell I don;t know

Good find!

"The proper rewards are not simply tacked on to the activity for which they are given, but are the activity itself in consummation." - C.S. Lewis
http://www.jarlanddonnell.com

the username and the password is actually written right in the html source code, right above the html for the form in the little bit of javascript for the function called login().

Niiiiiice!!... Guess I should refresh before I post

Ironically it is supposed to be the site of macsecurity

I think we need to look at the Trash in the secure notes of the 1Passwd ...

What does it say ??

It says this

"The proper rewards are not simply tacked on to the activity for which they are given, but are the activity itself in consummation." - C.S. Lewis
http://www.jarlanddonnell.com

It's a Secure Note, which says this.

Name: From Hubert
Notes:
Are you digging 1Passwd? Hubert loves 1Passwd too but he is shy and short on words.

Help Hubert to tell the world about 1Passwd on your blog or website. By the way, if you include a link to 1passwd.com and click on it, Hubert will be sure to stop by.

I don't see any maczot entries in 1PW, but I do have these:

2 secure notes, one from Hubert: "If you blog it [1PW], he [Hubert] will come...", the other a standard Welcome to... note;
1 identity for one Hubert H. Heist, born 5-4-52 on the Irovy Coast

"When in doubt, change the rules" - James T. Kirk

Mh doesn't work for me <sniff>

MacOSXpert.de -- German Mac Mailing Lists • Deutsche Mac-Mailinglisten

Registrant:
Domains by Proxy, Inc.

DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: ZOTADMIN.COM
Created on: 20-Nov-06
Expires on: 20-Nov-07
Last Updated on:

Administrative Contact:
Private, Registration ZOTADMIN.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2599

Technical Contact:
Private, Registration ZOTADMIN.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2599

Domain servers in listed order:
NS51.1AND1.COM
NS52.1AND1.COM

yeah, so... yeah

This is nuts, I feel we are so close to it.

Just wanted to add, that the macsecuritybook.com-thing is probably just used as a hint to look into 1Passwd as all the info is hard-coded into the site and the login-routine has no other function than to show the hubert-message. Nothing that would lead to another side, upto now.

Never trust VIPs
but
It's easier to point the finger than to offer a helping hand

Sweet. Maybe they registered it right before the heist, so the registrars hadn't passed it around yet.

"The proper rewards are not simply tacked on to the activity for which they are given, but are the activity itself in consummation." - C.S. Lewis
http://www.jarlanddonnell.com

the blanks may be case sensitive so make sure you're using a capital G and a capital B in the password, and don't forget the question mark.

lets keep thinking and searching!!!

---Keep on Running the race...

I'm confused. I've got 1password, but where did you find that and what about it??

have you been trying the 1password  to fill in the forms on various websites?? using the Hubert identity.

Proud member of the ORANGE team

Has anyone emailed Hubert? I just sent one off, see if he is there.