Translation: I just wish people had done as I had asked (see Tristans post above perhaps...?)
Translation: I just wish people had done as I had asked (see Tristans post above perhaps...?)
Oh come on mate, seriously what are you trying to pull here?
One moment you're all 'I'm here to help' then you're giving deadlines of when you're releasing your 'POC work' into the public. Sorry to say but you're nothing more then a script kiddie, you say you are not but I fail to see anything more then that.
Its obvious you want people to admire your 'talent/knowledge' but on the same hand you're trying to play the 'I'm here to help, and don't require public recognition' which just doesn't make an ounce of sense. To top if off you start to play the victim game and make out everyone's attacking you for what you've done, but in reality they're just not putting up with your ever changing attitude on the situation.
Besides this was a general thread concerning software exploits, the fact you've spent 3 pages making it all about 'muhaa' suggests that you want nothing more then attention. Your 'exploit' was really nothing big or dangerous in comparison to what this community has already gone through, just ask some of these clowns about our good mate Phlos (He actually keeps all his tidy exploits to himself - then informs the dev team of them)
Don't take this post personal I'm not here to attack you, I just don't agree with some of the things you've been saying.
K, Thnx Bye.
One moment you're all 'I'm here to help' then you're giving deadlines of when you're releasing your 'POC work' into the public. Sorry to say but you're nothing more then a script kiddie, you say you are not but I fail to see anything more then that.
Its obvious you want people to admire your 'talent/knowledge' but on the same hand you're trying to play the 'I'm here to help, and don't require public recognition' which just doesn't make an ounce of sense. To top if off you start to play the victim game and make out everyone's attacking you for what you've done, but in reality they're just not putting up with your ever changing attitude on the situation.
Besides this was a general thread concerning software exploits, the fact you've spent 3 pages making it all about 'muhaa' suggests that you want nothing more then attention. Your 'exploit' was really nothing big or dangerous in comparison to what this community has already gone through, just ask some of these clowns about our good mate Phlos (He actually keeps all his tidy exploits to himself - then informs the dev team of them)
Don't take this post personal I'm not here to attack you, I just don't agree with some of the things you've been saying.
K, Thnx Bye.
Denying responsibility isn't professional either, muhaa.
Becky Rose people make mistakes the only mistake i made was releasing the poc code to early for the local exploit.Not like you put it i had wrote the remote poc code.Any way Im not a hacker im not a defacer.I enjoy writing poc codes and testing softwear.Why didnt i just not post in here and run and hide for a little bit.The reason is because i have nothing to hide.
You people try to put me down as a bad person when im not.!!
Ive except responsibility for my actions ive already said that 1000 times.
You people try to put me down as a bad person when im not.!!
Ive except responsibility for my actions ive already said that 1000 times.
muhaa, let me try to understand. Did you write the POC for the remote server crashing exploit as well? I though you had done something with replays only...
To get the recognition that Scawen refused you.
Stop telling others to listen, start listening, stop hiding behind a finger. You did something stupid. Maybe this doesn't transform you in a bad person, but this transforms you in a programmer I'd manage to get fired instantly.
Gil07 - I got the crimes muddled, so many hacks in the last few weeks and so many people to ban because of them... I appologise for any confusion, he did the remote execution exploit. He denied it until faced with proof.
Really? Scawen said it was someone else IIRC. Anyway, as long as it all get fixed...
On Jun 16 2007 you told others in another forum under the "General Hacking" thread you started "...I my-self see that im a black hat..."
So forget it no one with a clear mind will trust you here again.
From the point of view of public disclosure, the original topic, I think this is so situational that to cover it with a blanket "security industry" approach is just wrong.
Take for instance a small shareware utility, perhaps with a small error. Now this might sound unusual but I have actually seen a small shareware utility with a published security breach in the past. What are the odds of that shareware author keeping tabs on the security industry? Well, my guess would be well under 1%... Most indi coders are interested in their own development, not in hacking other peoples.
You just cannot compare indi software, or cover it with the same point of view or policy statement, to corporates like Microsoft who can employ people to watch the security industry and to specialise in securing their products.
It could be argued that it is the responsibility for software vendors to launch secure products, and that that responsibility is equally important for indi's as well as corporates.
That just isn't the case though. To ensure that every step you take whilst developing your software is utterly secure adds extra layers of work that slow up development, it's far easier to secure a product after completion than during development - although some particular aspects are easiest done as you go along.
Hypothetically speaking, if LFS had a glitch that could enable people to run an intake restriction of 0% yet report it as 5% to others - sure we'd all like to stop people from doing that, but if the exploit sat unnoticed for eight months is it better to release the intake feature and fix it later if it happens to get exploited, or release it two weeks later after vigorously testing every feature and scenario one can think that might brake it.
It is hard enough releasing bug free software, without having to worry about security, and outside of the corporates most software hacks come entirely from the "security industry" and not from 'the wild'.
Take for instance a small shareware utility, perhaps with a small error. Now this might sound unusual but I have actually seen a small shareware utility with a published security breach in the past. What are the odds of that shareware author keeping tabs on the security industry? Well, my guess would be well under 1%... Most indi coders are interested in their own development, not in hacking other peoples.
You just cannot compare indi software, or cover it with the same point of view or policy statement, to corporates like Microsoft who can employ people to watch the security industry and to specialise in securing their products.
It could be argued that it is the responsibility for software vendors to launch secure products, and that that responsibility is equally important for indi's as well as corporates.
That just isn't the case though. To ensure that every step you take whilst developing your software is utterly secure adds extra layers of work that slow up development, it's far easier to secure a product after completion than during development - although some particular aspects are easiest done as you go along.
Hypothetically speaking, if LFS had a glitch that could enable people to run an intake restriction of 0% yet report it as 5% to others - sure we'd all like to stop people from doing that, but if the exploit sat unnoticed for eight months is it better to release the intake feature and fix it later if it happens to get exploited, or release it two weeks later after vigorously testing every feature and scenario one can think that might brake it.
It is hard enough releasing bug free software, without having to worry about security, and outside of the corporates most software hacks come entirely from the "security industry" and not from 'the wild'.
Becky Rose i did not write the remote poc code simple.So stop trying to say i did when i did not i can put the poc code here ive sent you a pm becky and you know who released it so.Stop pointing the fingure at me for that.
I dont care what you think any more ive heard enough of this crap already,Just drop this it is pointless.
I dont hack any thing BBO@BSR i just test softwear and that is it.
I dont care what you think any more ive heard enough of this crap already,Just drop this it is pointless.
I dont hack any thing BBO@BSR i just test softwear and that is it.
You wrote code to launch programs on other peoples computer yes? You did not need to be operating their computer yes? You probably have some special "industry" jargon for it but whatever...
I did not write a remote poc code im not responsible for the code that was released to crash the servers i found a bug in the mpr,Spr,Ply files that allowed us to run shell code.No one has used it for malicious acts as far as im awear.
I've got so much more i would rather be doing than sitting here explain my actions which i never had to do to any of you but i wanted to get my reasons for what i done.
You know what i actually stop testing this lfs because i was scared of finding any more problems with the software.
Exactly so dont blame me for that becky.
It not a crime unless you understand it fully dont bother posting.!!
Okay, but you released that POC and you relinquished control of it. Just because you're unaware of anyone using the POC you've published doesn't mean some little git out there isn't trying, and who knows? Maybe succeeding? Thanks to your publication, that seems all the more possible. The question that begs answering is.. what is it that you have started?
I don't think there's much further we can go with this thread. I would have been interested in a more general discussion about the future of the "security industry", since the legal noose is very obviously tightening, but I can't resist biting back when I read what I think is a load of crap for excuses/justifications, and I know a few others can't either. After the week we've just had, it might not be an unreasonable release of anger. I'm still pretty angry with the hackers and POC people in general.
It's up to you guys if we should leave it afloat, or draw a line under the whole thing and move on. +1 to keep the thread going or -1 to close.
[edit] btw, if you knew what I know about Becky, you wouldn't for a moment suggest that she doesn't know what she's talking about.
I don't think there's much further we can go with this thread. I would have been interested in a more general discussion about the future of the "security industry", since the legal noose is very obviously tightening, but I can't resist biting back when I read what I think is a load of crap for excuses/justifications, and I know a few others can't either. After the week we've just had, it might not be an unreasonable release of anger. I'm still pretty angry with the hackers and POC people in general.
It's up to you guys if we should leave it afloat, or draw a line under the whole thing and move on. +1 to keep the thread going or -1 to close.
[edit] btw, if you knew what I know about Becky, you wouldn't for a moment suggest that she doesn't know what she's talking about.
What that I was an elite, long before the word 'zor' was invented. Yeah, that's common knowledge now the statute of limitations has passed. I grew, I matured, I turned my skills to give back rather than take away. Although please dont confuse the stuff I did with what muhaa did. What I did was
A) On a much larger scale ( if you dont know me by now, dont try to imagine )
B) Had a [misguided] purpose
C) Was considerably harder to do than finding exploits in games
A) On a much larger scale ( if you dont know me by now, dont try to imagine )
B) Had a [misguided] purpose
C) Was considerably harder to do than finding exploits in games
-1. Please close this.
I can see both sides BUT with all the flaming going on, I say move on. It's solved so let's try and be a happy bunch of morons together.
I just hate all these threads about who's guilty of this and that etc. etc. finger pointing etc. flaming arrrghhhhhhhhh
I can see both sides BUT with all the flaming going on, I say move on. It's solved so let's try and be a happy bunch of morons together.
I just hate all these threads about who's guilty of this and that etc. etc. finger pointing etc. flaming arrrghhhhhhhhh
Oh oh, so much blabla here....
Can you guys be quiet? What you try to discuss has no end. Muhaa don´t understand that he should shut up after the mistake he did and Becky should know it better...
This was a nice thread where we discussed something else and again thats a flaming thread from two sides.
Can you guys be quiet? What you try to discuss has no end. Muhaa don´t understand that he should shut up after the mistake he did and Becky should know it better...
This was a nice thread where we discussed something else and again thats a flaming thread from two sides.
You do realise I didnt post until the 3rd page dont you... The argument over the poc had started, I just felt that muhaa's point of view should be taken in context so I said my piece. You are right though, I should know better than to carry on making my point, it's hard to resist posting when somebody addresses you by name though ... the nature of internet forums i'm affraid, like for instance me posting back on topic and that being ignored...
I vote close too...
I vote close too...
Okies.. I went for dinner, came back to 2 -1s and no other votes, so I reckon we're all done. 
This thread is closed
Software Exploits discussion
(121 posts, closed, started )
FGED GREDG RDFGDR GSFDG