"Mey wo bovul daanii meyz daanik. Mey wo boziik krif meyz dahmaan."
m9 wo bovul d1n3 m9z d1nik
?m9 wo boz3k krif m9z d4m1n
Here are the winning entries for our Dragon Cult Contest! Congratulations to tjp7154, Frinmulaar, and firelordstark for their creative work. There were a lot of great entries, and we hope you have fun reading them and using them for practice.
A first for our contests, the winning entries are also available as in-game books in a mod. Download it over at the Skyrim Nexus or Bethesda.net. See if you can hunt down the books in Bromjunaar while evading the ruin's hungry frost trolls! Let us know if you like seeing contest content in mods, and we'd be happy to continue doing this in the future. Enjoy!
Update: Special thanks to community member Ruvgein for helping make this mod available on Skyrim Special Edition on PC, Xbox One, and Playstation 4! For console players, find it by selecting "Mods" on the main menu and searching "Thuum.org".
Or, “Why We Can’t Have Nice Things, Part 3.”
Late this evening, I was notified that Thuum.org’s database was compromised. The hacker is confirmed to have accessed a small portion of the user table, which includes such information as emails and password hashes. It is unknown whether or not they accessed or dumped any other tables. At the time of writing, the vulnerability that led to the leak has been patched.
In the interest of full transparency, I’ll describe as much as I know about the issue and how it happened. In the meantime, I strongly urge all site members to change their passwords. If you updated your password already today due to the Cloudflare incident, I highly recommend updating your password again.
How did you learn about the compromise?
I received a message from a fake, Russian Facebook profile informing me with an accompanying screenshot of the database as proof, and demands of payment to identify the vulnerability. The screenshot indicated the hacker accessed the first hundred rows of the user table but did not access any further rows or tables. That said, the hacker would have had complete access to the database while it was vulnerable, and it is unknown whether they accessed or dumped additional information after the screenshot was taken.
I identified the vulnerability on my own and patched it as soon as I was able.
How was the database compromised?
At this time, I have no reason to believe the compromise is related the Cloudflare issue mentioned earlier today. The hack occurred through a method called SQL Injection. SQL Injection occurs when unsafe user input is passed into an SQL statement that interacts with the database. With SQL injection, a statement that selects words from a dictionary can instead be made to select entirely different tables.
For site veterans, this is the same type of attack that happened four years ago. Afterward, I shut down the vulnerable pages and spent several weeks rebuilding them to use safe methods. However, at the time and in the interest of getting the site running as quickly as possible, I did not fix every vulnerable page, only the ones that were the most obvious vectors of attack. Four years passed, and it didn’t occur to me that those pages were vulnerable in the same way. I was wrong. It was grossly ignorant and negligent of me to maintain those pages. An anonymous Russian may have pulled the trigger, but I loaded the gun. This is as much my fault as anyone’s and I apologize for any trouble this may have caused.
All site features developed since the 2013 incident use safe methods of communicating with the database, and are not vulnerable to this type of attack. This attack was made possible by the site’s very first pages I developed as a student back in 2012, and have lingered around since. Those pages have now been patched to fix the vulnerability.
What happens now?
Cloudflare is a Content Delivery Network (CDN) that Thuum.org and millions of other sites use to cache content and provide HTTPS. Just recently, Cloudflare discovered a memory leak issue. As a result of the leak, private data such as emails and passwords may have been exposed to and indexed by search engines. For full transparency, Cloudflare has informed us that Thuum.org is not among the known affected sites, but regardless, we urge all of you to immediately update your passwords on Thuum.org and other websites you visit.
Cloudflare reports that the bug is now solved. For the time being, we are still using Cloudflare to serve content. This issue has affected millions of other websites. You can find a list of potentially affected sites here.
We'll continue to update you if there are any developments relevant to Thuum.org. In the meantime, ensure your passwords are updated and secure.
An expedition to Bromjunaar, the ancient capital of Skyrim, has unearthed a cache of new artifacts, literature, and lore. What ancient secrets are now discovered? For this contest, write a short poem or story involving the Dragon Cult of Skyrim. Some ideas include:
- A prayer to the dragon gods
- Orders from a priest to the local Jarl
- A scholar's treatise on cult customs
- An acolyte's ruminations on the Thu'um
- An ancient Nord's studies in the secret dragon language
- A description of a new sect that worships a particular dragon
Winning entries will be featured in a collection here in the Library. You don’t need to be a member to enter, but if you are there’s also a 120 gold prize for the winning entries.
Contest Entry Guidelines
Send your entry in an email to [email protected] with the subject line: Dragon Cult Contest – your name. You can send your submission in the body of the email. If it's long, consider attaching it as a Word document or a Google doc. Please provide English translations where necessary. (Individual dragon words or small sentences don't need translations, but a translation would be helpful if you're writing a dragon poem or story.)
Your entry can be of any subject, but must relate to the Dragon Cult and make use of the dragon language in some significant way. If you have an entry idea you aren't sure about, feel free to share your idea in the comments below. Poetry entries should be at least 40 words in length, and story entries should be at least 250 words in length.
Entries should use the vocabulary found in the main dictionary. Entries that make use of vocabulary found in the Legacy Dictionary will not qualify for the contest. You are encouraged to make compound words and use the vocabulary as creatively as you see fit.
This contest will be open for entries until Sunday, February 26th. Pruzah pel!