Already done as this post states at the top Message for the devopers.
It is not a debate
.And unfortunately the other bugs i had worked on in lfs2 will be left to the developers to find and fix them self as ive put enough time into the one bug i did send them.Im not going out of my own way to help when all it is doing is causing problems.
Last edited by muhaa, .
You forget i put allot of time into testing bugs and developing exploits so you guys can have at least a half safe application to run on your computer.
Have you ever tried to talk to vendors before.Do some of the vendors take the security implications of there program seriously.Unfortinuatly in todays society no they don't.
As I've stated my reason for the threat im not going to go into this but one thing i can say is that atleast they are listening to what i have to say now.
Unless you have had to deal with vendors you cant really comment on that at all.
That was to prove that some times vendors will actually work with people like myself rather than against me.
If you cant see that im trying to help in some way then don't post.The lfs forums is a place where people like to flame for no reason and then bump there post count.
But i will leave lfs2 application well alone from now on.I wont waste any more time on help with the fixing of bugs when people start getting there computers hacked and stuff don't come complaining to the developers.
It cost allot of money to get application tested especially in closed source applications i would like to think i was doing it for nothing for the good of us all but obviously not we will let the developers sift through there code infuture or pay for a company to look into these bugs.
I'm pleased that some of the moderators and people that pm understand where im atleast coming from.But i can say i did expect nothing else from people like you.
Have you ever tried to talk to vendors before.Do some of the vendors take the security implications of there program seriously.Unfortinuatly in todays society no they don't.
As I've stated my reason for the threat im not going to go into this but one thing i can say is that atleast they are listening to what i have to say now.
Unless you have had to deal with vendors you cant really comment on that at all.
That was to prove that some times vendors will actually work with people like myself rather than against me.
If you cant see that im trying to help in some way then don't post.The lfs forums is a place where people like to flame for no reason and then bump there post count.
But i will leave lfs2 application well alone from now on.I wont waste any more time on help with the fixing of bugs when people start getting there computers hacked and stuff don't come complaining to the developers.
It cost allot of money to get application tested especially in closed source applications i would like to think i was doing it for nothing for the good of us all but obviously not we will let the developers sift through there code infuture or pay for a company to look into these bugs.
I'm pleased that some of the moderators and people that pm understand where im atleast coming from.But i can say i did expect nothing else from people like you.
Last edited by muhaa, .
I've spent over 50 to 80 hrs testing lfs2 alone for vulnerabilities and im still putting time into it to try and help get it secure for the final release.
If the community thinks it is better that i just disappear and not help with the lfs application then i will.Some one else can exploit these bugs and wreak other peoples fun.
Instead all im doing is trying to get the bugs fixed so every one is happy what saying that this bug has not been used by some one to take over the person pc.After all i was able to execute shell code on all windows from win xp sp3 to vista sp1 even with address randomization.
If the community thinks it is better that i just disappear and not help with the lfs application then i will.Some one else can exploit these bugs and wreak other peoples fun.
Instead all im doing is trying to get the bugs fixed so every one is happy what saying that this bug has not been used by some one to take over the person pc.After all i was able to execute shell code on all windows from win xp sp3 to vista sp1 even with address randomization.
SilverArrows77 i wont reply to you directly because i think you are just trolling the reason i asked for this post to be unlocked was because i wanted to point out im not as bad as you think.
My point is it was because of people like your self that the last exploits got released not the developers but because of people trolling.
I'm not after a thank you or any thing im just wanting the application i also payed for securing by the developers.I think since last year i grew up a lot and wont let people like your self put other lfs users at risk.
That is all and the reason i referenced the xbmc application is because i wanted to show that infact people like myself can help the developers of applications.
That is all im not on no ego trip i learn every thing i know my-self from programming to debugging to disassembly i don't need any one to up my ego at all.
I do agree that last year that things got a little heated and wrong decisions got made and i do accept responsibility for my actions i took and know they were wrong.But at the end of the day i was still learning my self how to approach developers with these kind of things.
I could have actually stoped a allot of people from getting there accounts stolen.Which would have been a real pain.For the victim and for the developers to put right.
You know with some developers you have to actually threaten them to get them to listen but you wouldn't know that.If you want to flame and make remarks like you have why not do it over pm.
My point is it was because of people like your self that the last exploits got released not the developers but because of people trolling.
I'm not after a thank you or any thing im just wanting the application i also payed for securing by the developers.I think since last year i grew up a lot and wont let people like your self put other lfs users at risk.
That is all and the reason i referenced the xbmc application is because i wanted to show that infact people like myself can help the developers of applications.
That is all im not on no ego trip i learn every thing i know my-self from programming to debugging to disassembly i don't need any one to up my ego at all.
I do agree that last year that things got a little heated and wrong decisions got made and i do accept responsibility for my actions i took and know they were wrong.But at the end of the day i was still learning my self how to approach developers with these kind of things.
I could have actually stoped a allot of people from getting there accounts stolen.Which would have been a real pain.For the victim and for the developers to put right.
You know with some developers you have to actually threaten them to get them to listen but you wouldn't know that.If you want to flame and make remarks like you have why not do it over pm.
Last edited by muhaa, .
I have managed to forward the information to the developers to get the vulnerability fixed and nothing will be released till i get word back from the developers.
And for you guys who like to flame look at the advisory here and take it the
way you wish but i would like to think i helped the XBMC team out.
Have a read of the change set.
http://www.securityfocus.com/bid/34334/references
And Also on there forum
http://xbmc.org/forum/showthread.php?t=48038
So please think before you flame infuture.
And for you guys who like to flame look at the advisory here and take it the
way you wish but i would like to think i helped the XBMC team out.
Have a read of the change set.
http://www.securityfocus.com/bid/34334/references
And Also on there forum
http://xbmc.org/forum/showthread.php?t=48038
So please think before you flame infuture.
They have 1 week to at least make an effort to get in touch.They have up until the 10th of june to get in touch with me if nothing then i will go with full disclosure fair ?
I've been trying to get in touch with them for over 2 weeks now.
You forget i put allot of time into testing bugs and developing exploits so you guys can have at least a half safe application to run on your computer.
If i get no word back from any of you guys ill just take it that you don't care about the implications of this bug and will go full public disclosure..
That is not a threat that's how it works.
I've been trying to get in touch with them for over 2 weeks now.
You forget i put allot of time into testing bugs and developing exploits so you guys can have at least a half safe application to run on your computer.
If i get no word back from any of you guys ill just take it that you don't care about the implications of this bug and will go full public disclosure..
That is not a threat that's how it works.
Last edited by muhaa, .
Oh well i can say i did try 4 to 5 times to get intouch with the devlopers.Im going to just make it public if they are no that bothered.
i can get a unlock faster than they can get back to me not even an email.If i get no word back from any of you guys ill just take it that you don't care about the implications of this bug and will go full public disclosure..
Shame on you
i can get a unlock faster than they can get back to me not even an email.If i get no word back from any of you guys ill just take it that you don't care about the implications of this bug and will go full public disclosure..
Shame on you
You know what i only posted this for the developers if they think i don't have information that will help them i can just make it public once again then i get Flamed For releasing the information and making the vulnerability public.
That email is just a email for my exploit development work that's all.If you guys can only flame don't post please.
Woot bob i did not realize you where from the northeast :_)
I lived there most of my life.
I have pm vic and waiting a response im not sure how many developers there are in the team and maybe vic is away on vacation or some thing so i though i might try see if there is another developer on these forums.
If you go to the site and click report bug it brings you here to report a bug but.Because it can put other lfs users at risk i cant post information on here.I don't have the developers email address if some one could pm me that would be great.
That email is just a email for my exploit development work that's all.If you guys can only flame don't post please.
Woot bob i did not realize you where from the northeast :_)
I lived there most of my life.
I have pm vic and waiting a response im not sure how many developers there are in the team and maybe vic is away on vacation or some thing so i though i might try see if there is another developer on these forums.
If you go to the site and click report bug it brings you here to report a bug but.Because it can put other lfs users at risk i cant post information on here.I don't have the developers email address if some one could pm me that would be great.
Last edited by muhaa, .
Message for the devopers
Can one of the developers get in touch please i had pm one of you guys and no reply i have some information that will benefit the lfs community.
I'm trying to go about this the right way unlike the communication problems we had last time.
I'm not going into the bug publicly so don't ask any question this is not debate.
I don't want a repeat from last time ive sent you guys emails and pms.I want to work with you guys rather than against so please hit me up on my email so i can forward the code.
If you guys at least make an effort to communicate with me about this bug things can go alot more easy.
My contact details.
[email protected]
I'm trying to go about this the right way unlike the communication problems we had last time.
I'm not going into the bug publicly so don't ask any question this is not debate.
I don't want a repeat from last time ive sent you guys emails and pms.I want to work with you guys rather than against so please hit me up on my email so i can forward the code.
If you guys at least make an effort to communicate with me about this bug things can go alot more easy.
My contact details.
[email protected]
No i dont u cock.!!You couldn't even get your head around it.What i done was totally different compared to your cheat engine skills.Get a life you cheated at lfs2 that is just possibly the worst thing you can do.In any game.What you done did not take any knowledge of debugging coding or any thing of that nature.Im sure if it did you would be stuck.
Im currently working on my own game and creating my own physics engine what are you doing.You sad waste of space.
By the looks of things i dont think by your license status that your welcome here.
Last edited by muhaa, .
Yeh lfs is great considering its not finished..
Any one who says other wise is a twat.
Any one who says other wise is a twat.I did not write a remote poc code im not responsible for the code that was released to crash the servers i found a bug in the mpr,Spr,Ply files that allowed us to run shell code.No one has used it for malicious acts as far as im awear.
I've got so much more i would rather be doing than sitting here explain my actions which i never had to do to any of you but i wanted to get my reasons for what i done.
You know what i actually stop testing this lfs because i was scared of finding any more problems with the software.
Exactly so dont blame me for that becky.
It not a crime unless you understand it fully dont bother posting.!!
Last edited by muhaa, .
Becky Rose i did not write the remote poc code simple.So stop trying to say i did when i did not i can put the poc code here ive sent you a pm becky and you know who released it so.Stop pointing the fingure at me for that.
I dont care what you think any more ive heard enough of this crap already,Just drop this it is pointless.
I dont hack any thing BBO@BSR i just test softwear and that is it.
I dont care what you think any more ive heard enough of this crap already,Just drop this it is pointless.
I dont hack any thing BBO@BSR i just test softwear and that is it.
Last edited by muhaa, .
Becky Rose people make mistakes the only mistake i made was releasing the poc code to early for the local exploit.Not like you put it i had wrote the remote poc code.Any way Im not a hacker im not a defacer.I enjoy writing poc codes and testing softwear.Why didnt i just not post in here and run and hide for a little bit.The reason is because i have nothing to hide.
You people try to put me down as a bad person when im not.!!
Ive except responsibility for my actions ive already said that 1000 times.
You people try to put me down as a bad person when im not.!!
Ive except responsibility for my actions ive already said that 1000 times.
Im going to leave it at that i think there has been enough public hanging of muhaa for one day.I just wish people would have listened more to what i was saying and it would have not got to this stage.
Becky i think you are wrong to put me in the ban list but do as you please.I dont go on the server any ways to much wind.Im disappointed by your actions but its your server and you can do as you wish.
Look there is no need i come here to explain my self i didnt want trouble from this then all of a sudden you want to ban me.Im not a ****ing hacker i do exploit development i have never defaced or hacked a site in my life.
I will make it easy for you all i will stop playing lfs which i payed for and let you all get on with it i did not come here for trouble.
I actualy feel damn bad i hope you are feeling good about your selfs i thought the lfs community was and is full of good people who would at least give me a chance to explain my self.How wrong could i have been.
Please let me explain i never wrote the code or found the bug for the lfs dedicated server that was not me..I have never attacked or used the code that was provided for the dedicated server.This is unbelive able im also geting the blame for the remote bugs in lfs that was not me please do some more research on this.
You could always contact the devs to see who did as im not going to name and shame.
I will make it easy for you all i will stop playing lfs which i payed for and let you all get on with it i did not come here for trouble.
I actualy feel damn bad i hope you are feeling good about your selfs i thought the lfs community was and is full of good people who would at least give me a chance to explain my self.How wrong could i have been.
Please let me explain i never wrote the code or found the bug for the lfs dedicated server that was not me..I have never attacked or used the code that was provided for the dedicated server.This is unbelive able im also geting the blame for the remote bugs in lfs that was not me please do some more research on this.
You could always contact the devs to see who did as im not going to name and shame.
Last edited by muhaa, .
Im not a member of zone-horg i used to know the admins there that is all.Please don't put me in the same leauge as some skiddy defacers..Im not a script skiddy.
Im very against defacers i dont like any thing they do.We have nothing in common i have no friends in the defacement archive of zone-horg.
zone-horg is full of little procks who think its good to wreak other peoples sites im not about that i think you got your lines mixed up some where.I test softwear nothing more.Im not saying that i didnt sign up there like i said i know one of the admins there.And u used to chat to him about exploit development via pm.That was over 2 years ago.
Im very against defacers i dont like any thing they do.We have nothing in common i have no friends in the defacement archive of zone-horg.
zone-horg is full of little procks who think its good to wreak other peoples sites im not about that i think you got your lines mixed up some where.I test softwear nothing more.Im not saying that i didnt sign up there like i said i know one of the admins there.And u used to chat to him about exploit development via pm.That was over 2 years ago.
Last edited by muhaa, .
Yes im sure if i knew it was only a 1 man band i wouldn't have even released the pocs at all.But i thought lfs was so big it must have had a huge company,With hundreds of programmer's.But i was wrong its one guy eating a ham and pickle sandwich and coding in the other hand.
And there wouldnt be sites and stuff that actualy sell exploit.
The only thing i can be held on account for is that i released the exploit to early big mistake like ive said i take full responsibility.And i wont do that again its a big learning curve.
The shouts are to some friends that don't mean any thing these friends i know for a long time.
The only thing i can be held on account for is that i released the exploit to early big mistake like ive said i take full responsibility.And i wont do that again its a big learning curve.
The shouts are to some friends that don't mean any thing these friends i know for a long time.
Last edited by muhaa, .
That looks like that was my major down fall i dont think i was thinking straight at the time i thought it was alot longer.But ive said i wont make the same mistake again.
Also has it made any difference to any one that the poc code was released no you know why no one is bothered about it.Its a local exploit and alot more comes into this than you think if people are running vista it wont work if people have dep switched on it wont work.If people have some third party stack protection the exploit wont work.If the wrong jmp register is not defined for the right service pack or language it wont work there are too many ifs.
It actually has not made any difference when the poc got released no one has actually used it.
Last edited by muhaa, .
Lol Bob.
Omfg what are you talking about a buffer over flow is not a serious bug..Wake up!!
the point is people do open replay files on this forum i have on many ocasions.By simply opening a modified replay file can take over your computer but don't worry its not serious.
The problem would always be there and some one would find it i can ensure you that it would have been only a matter of time they could have used it for illegal activities or sold it on the black market.
You have no idea on what your actualy talking about atleast put some good input across.
Omfg what are you talking about a buffer over flow is not a serious bug..Wake up!!
the point is people do open replay files on this forum i have on many ocasions.By simply opening a modified replay file can take over your computer but don't worry its not serious.
The problem would always be there and some one would find it i can ensure you that it would have been only a matter of time they could have used it for illegal activities or sold it on the black market.
You have no idea on what your actualy talking about atleast put some good input across.
Last edited by muhaa, .
No i dont think so at all from the time of getting in touch with the developers to actually release the exploit was 1 week nearly 2,Dont take any notice of the dates on the exploit.Hold on ill get the exact dates.
Date : August 1 2007 the date it was wrote.
2007-08-06
2007-08-06
2007-08-01
the actual dates of the release.It was about a week if not more.You have no idea on what date the bugs where actually found or when the developers where told about these issue.
Date : August 1 2007 the date it was wrote.
2007-08-06
2007-08-06
2007-08-01
the actual dates of the release.It was about a week if not more.You have no idea on what date the bugs where actually found or when the developers where told about these issue.
Last edited by muhaa, .
Wtf you know what why am even spending my time here talking to people who don't even understand what im talking about.Just discuss it amongst your selfs im not interested any more.
Its amazing how so many people can twist things.It must make your ego feel big to attack some one as a pack strength in numbers and all.
Look ive put my points across what way you chose to take them is up to you.If you want any more answer to your questions ill be more than happy to answer them via pm.
I didn't pick on a smaller company see what i mean about twisting things i was wrong or naive to think i could actually discuss this with people.
Its amazing how so many people can twist things.It must make your ego feel big to attack some one as a pack strength in numbers and all.
Look ive put my points across what way you chose to take them is up to you.If you want any more answer to your questions ill be more than happy to answer them via pm.
I didn't pick on a smaller company see what i mean about twisting things i was wrong or naive to think i could actually discuss this with people.
Wow common your blowing this way out of perportion.First of all i never set out to do any thing like make lfs developers look bad.
I want the game i payed the money for secured i want the people who use the software know the problems with the software.
And i wanted to let the security industry know of the problem
that is it.
And as for the legal side of things it would cost a company as small as this alot more money to take me to court,Than it would cost me,for a start ive found some bugs in huge company like opera fire fox.Did they start shouting where going to take legal action against you no do you know why it would cost thousands of pounds to.But hey they would have a tiny if not slim or none existing chance of actually getting criminal conviction.
I want the game i payed the money for secured i want the people who use the software know the problems with the software.
And i wanted to let the security industry know of the problem
that is it.
And as for the legal side of things it would cost a company as small as this alot more money to take me to court,Than it would cost me,for a start ive found some bugs in huge company like opera fire fox.Did they start shouting where going to take legal action against you no do you know why it would cost thousands of pounds to.But hey they would have a tiny if not slim or none existing chance of actually getting criminal conviction.
FGED GREDG RDFGDR GSFDG