Yeh good like i said it's not even me,Look do what you want you guy's are like a broken record same old shit.Is it alway's the 3 same numpty's who go around posting flame's.
Sorry, muhaa, I first want to say that I have nothing against you or anything, but I don`t think the danger of this exploid is any big, and I really... well I don`t trust you that much 
By looking on the other topics..well..
By looking on the other topics..well.. It's got nothing to do with trusting me,If you dont that is fair enough i've never used any of these exploit's to get into any ones computer's or for my own use.So please let's just drop this there is alot more problem's than this local buffer over flow to worry about.
It IS dangerous, but to be fair if you just don't open dodgy MPR's you'll be ok.
Muhaa, Tristan, Kev, drop this please, Muhaa may appear to type a little stupidly (sorry, it's true) but there's no reason to jump down his throat - he may have a funny way of doing things but he IS trying to help, and i feel the comparisons between him and "t3h 1337z0r script kiddie11!!!11!!!" are a little unfair.
I just saw your avatar.
Omg I can't stop laughing.
Nice edit :ices_rofl
Why lie about it?
What do I want? I want to you to fess up and quite being a silly ninny.
Your first post in this thread is handwaving about reporting it before it was released.
M8 it's not me if it was i would say so there is nothing wrong with the post that was on the dev shed forum's it was not a skiddy question,And if you guy's took the time to read the question the guy was asking why there was no static adress for the function he was talking about obviously you don't understand that.?Once more i will not argue over the fact some one googled and came up with that it has nothing to do with me what so ever.If it was i would say there is nothing to be ashamed of in the forum at all.
So stop the trolling looking for an argument im sure you have better thing's to do with your time .
So stop the trolling looking for an argument im sure you have better thing's to do with your time .
Rubbish.
If he was just trying to help, he simply would've contacted the devs directly and wouldn't have come in here trying to look amazing. And now that it's done, he also wouldn't have posted in this thread to begin with - pointing out that he's to thank for the fix. Who knows; he may be the guy that "released" it anyway.
I hadn't said anything before, but now that PM comfirms my gut feeling
The dev's were contacted straight away im not looking for any kind of thank's for the fix or to up my ego i come here to tell the public about the exploit.So they could be more carefull,You know what's to say some one has not found this before and used it to there own advantage not telling the dev's and just doing what they liked.I would rather make it public let all the lfs guy's know what the crack is about the exploit.Then people can make there own mind's up.On a different note may be i was in the wrong to come here to expect people to listen to what i was saying,Maybe i was naive to think people wouldn't flame and just take a little note that next time they open any replay file's they would remember what i said till the patch was released.But how wrong could i have been may be i should have sold the exploit.Then left it up to the researcher who brought it to do what he liked with the exploit.There is so many thing's i could have done i chose what i thought was the best option at the time.All i can do is appologise for my ignorance i didn't think people would take it the wrong way.
Well done got some thing right.!
I've never asked for a thank's or any recognition from any one for this exploit.Why wouldn't i post in this thread it concerns me so yes i will post in it.
The only thing I totally don´t understand why the devs don´t write a statement to the buffer overlow to the forum and the website and better also per E-Mail to warn every user.
Many are clever enough, but there are also many don´t know this leck and aren´t carefull and other who open every trojaner and worm in attachments of an E-Mail
Here are some very critical bugs have to be fixed and every of them weren´t commented by them
1. Buffer overlow in many file types of LFS which often will be shared
2. Heaviest cheating I ever read in LFS
Much faster driving and also beaming of a car.
3. Drive through penalty bug
There are two more you see in allowed car List and change names but which aren´t really critical.
I know every bad reputation isn´t good. But here the devs have to show how professional they are and that means handle such a problem offensive and public (transparent) way besides fix the bugs fast what they do I think.
Many are clever enough, but there are also many don´t know this leck and aren´t carefull and other who open every trojaner and worm in attachments of an E-Mail
Here are some very critical bugs have to be fixed and every of them weren´t commented by them
1. Buffer overlow in many file types of LFS which often will be shared
2. Heaviest cheating I ever read in LFS
Much faster driving and also beaming of a car.
3. Drive through penalty bug
There are two more you see in allowed car List and change names but which aren´t really critical.
I know every bad reputation isn´t good. But here the devs have to show how professional they are and that means handle such a problem offensive and public (transparent) way besides fix the bugs fast what they do I think.
More textual feces.
A) You didn't warn anyone about anything specific, but rather said that there was a problem of undisclosed nature, then you wouldn't drop it. You didn't warn anyone, you just said "Look at me! I found an exploit! It's serious! You're all doomed!" Then you said you wouldn't talk more until it's fixed, and yet now we have more information.
B) Posting to the public that there is an exploit; but not informing them what NOT to do get exploited is irresponsible. You could've (theoretically) initially said "don't open MPRs", but you refused to do that.
C) Without giving the public PROPER information, you should've ONLY told the devs about it.
The only, and I repeat only reason you came in here and posted how amazing you are with your snippet of ASM, is for your ego. And now that you're being dishonest about that posted PM, you have zero credibility in my eyes whatsoever. It's dreadfully obvious that you're dancing around the fact that is was you. "Even if it was me, blah blah blah".... :rolleyes:
[english accent]
I fart in your general direction!
[/english accent]
Ball Bearing Turbo just drop it this is finished with i am not going to argue with you over some thing so pathetic as that..The when the patch get's released it can get discussed in here if some one is having more problem's coz no doubt as soon as it's released i will be testing it again to make sure it's all ok.
As i said loads of time's i was not ready to release any information to any one about it till a little time had passed.
If you guy's were not flaming so much i would have let you know but i didnt know what to do at the time.
Not really where is there to say that i had to do any thing there is no rule's it's to do the moral thing which obviously i did try to do.Now stop going on about it.Your only doing it to boost your ego .
As i said loads of time's i was not ready to release any information to any one about it till a little time had passed.
If you guy's were not flaming so much i would have let you know but i didnt know what to do at the time.
Not really where is there to say that i had to do any thing there is no rule's it's to do the moral thing which obviously i did try to do.Now stop going on about it.Your only doing it to boost your ego .
Just to remind those who are upset by the reception this guy gets: He's the one who tried to distribute a hilariously inept trojan via BHMS, RSC and this forum.
tell me more about it
a bit off topic but
It's always hard to trust someone like him I think.
This is just my speculation and it's not him like he said!!!.
It' s just like lots of users seem to use all the same name,
http://forums.devshed.com/php- ... orm-generator-420709.html
spelling errors (haw)
http://forums.devshed.com/c-pr ... ting-to-linux-439129.html
and not use much of punctuation.
http://forums.devshed.com/php- ... orm-generator-420709.html
Some of these users were banned at RSC for trying to bring trojans to the people in Nov 2005
http://forum.rscnet.org/showthread.php?p=2760808#post2760808
http://209.85.135.104/search?q ... t=clnk&cd=2&gl=de
That the muhaa here joined in Dec 2005. Must be just another coincident of course.
But he told us his name in the hacking scene is n00b not muhaa.
So it's just another coincident the this noob there uses muhaa as a PW or things like "Pmsl"
http://www.binrev.com/forums/i ... d&start=0#entry266293
and sees himself as a black hat
http://www.binrev.com/forums/i ... p=264116&#entry264116
but this guy there is not hacking anymore he is now just an exploit dev (what a coincident hehe).
Looks like that all users who call themself muhaa spell how as haw
Have the same interests don't use much punctuation have something to do with coding exploits etc
Haw funny is that.
So many fortuities and I found many more but everyone should decide that for himself.
Really? I had no idea, and here I thought people were attacking him for no reason.
Let them. Most times the only reason are tristan and thenameistaken. It seems they have nothing else to do. Cause they ever attack hard and post allegations without arguments they find really fast many copycats :-D
I won´t say everything they say have no ground, but the kind they write it is what I complain. Some things a author should only think for himselv.
I won´t say everything they say have no ground, but the kind they write it is what I complain. Some things a author should only think for himselv.
http://forum.rscnet.org/showthread.php?p=2760808#post2760808
See above. Personally I don't like the idea of people distributing malware to users in this forum, but maybe you think it's OK.
Seems appropriate since you have no argument to bring. From all appearance you seems to be as stupid as some others think.
Oh good, I feel extra safe now. :rolleyes:
Then WHY on Earth did you bring it into the public eye? Why?
Nobody flamed you right away, not at all. Do you need me to get the thread or can you handle looking it over yourself?
People were very attentive to hear, but then it became obvious that you're a script kiddie looking for oohs and aahhs. You were asked politely a number of times about it, not for details HOW to do it, but the nature of it so it could be avoided. You wouldn't say, but rather came back with attempts at being condescending towards very learned people in the forum - and now you're sobbing that you're treated poorly?
Again, since you cannot fathom this, the moral thing to do would've been either: (read slowly please)
A) Tell only Scawen about it, so he could address it if he felt it necessary
B) Tell Scawen, and let the community know to be careful with MPRs.
Instead, the first thing you did was come here screaming about it. Then we told you to talk to Scawen, which you did, but had to further "impress" us all by posting snippets of support emails from Geraldine. Then you proceeded to tell everyone how ignorant they were and that they couldn't understand it if they wanted to.
Face it:
You're a pimply faced scraggly haired little puke looking for attention because you know what the word "assembler" means, and the ladies are not impressed by your stream of pseudo-jargon. Get over yourself, ASAP.
Wtf here we go again get one with it..
For **** sake get some real evidence before you go blaming people for shit simple as that realy.
Get some ip log's and stuff if your that sure it was me.I have nothing to fear as i know i was not the person that posted any of that.
For **** sake get some real evidence before you go blaming people for shit simple as that realy.
Get some ip log's and stuff if your that sure it was me.I have nothing to fear as i know i was not the person that posted any of that.
oh please ... at least own up to all that sillyness
:mad:
:bananadea
The post's at binrev is me i can vouch for that but that has nothing to do with this post.Any way ill see you guy's around becouse your obviously have nothing better to do.
You're not a white hat OR a black hat for sure; merely a dunce hat.
:dunce:
:dunce:
1
2
This thread is closed
Buffer Overflow - fixed yet?
(50 posts, closed, started )
FGED GREDG RDFGDR GSFDG