Author Topic: Hello hello  (Read 15625 times)

0 Members and 7 Guests are viewing this topic.

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Hello hello
« Reply #30 on: October 19, 2007, 04:28:28 am »
That's right. Sidoh goes to school with felons. Don't mess with him.

As far as I know, that was total bullshit.  He found a vulnerability and got in trouble for showing an administrator a proof of concept.

I don't think showing administrators proof of concepts on public machines in your library is a good idea, but it shouldn't be a felony though.

Regardless, that's not what I'm talking about. :P
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Hello hello
« Reply #31 on: October 19, 2007, 06:34:43 am »
I don't think showing administrators proof of concepts on public machines in your library is a good idea, but it shouldn't be a felony though.

Read my mind. Explaining the vulnerability is good, but PoC was overkill. :|
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Hello hello
« Reply #32 on: October 19, 2007, 10:45:56 am »
I don't think showing administrators proof of concepts on public machines in your library is a good idea, but it shouldn't be a felony though.
Yes, it should be. It shouldn't be any different from breaking into somebody's house, sitting on their couch, and watching their TV until they came home.

In any case, the situation was more complicated than that. 

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Hello hello
« Reply #33 on: October 19, 2007, 12:29:22 pm »
I don't think showing administrators proof of concepts on public machines in your library is a good idea, but it shouldn't be a felony though.
Yes, it should be. It shouldn't be any different from breaking into somebody's house, sitting on their couch, and watching their TV until they came home.

In any case, the situation was more complicated than that. 

Correct me if I'm wrong, but isn't a proof of concept just showing that an vulnerability exists, without actually using it for anything malicious?

I'd say it's more like opening the door, leaving it alone and then demonstrating it for the person who owns the house so that they can fix the door, but maybe my definition is all screwy?

I've heard things about the situation, but I figured they were just rumors... I'm guessing I don't know much about it because I didn't really know anyone in the vL group very well around the time it happened.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Hello hello
« Reply #34 on: October 19, 2007, 01:00:38 pm »
Correct me if I'm wrong, but isn't a proof of concept just showing that an vulnerability exists, without actually using it for anything malicious?

I'd say it's more like opening the door, leaving it alone and then demonstrating it for the person who owns the house so that they can fix the door, but maybe my definition is all screwy?

I've heard things about the situation, but I figured they were just rumors... I'm guessing I don't know much about it because I didn't really know anyone in the vL group very well around the time it happened.
Yes, that's correct. However, the person in question (to summarize) found the vulnerability, used it to install software for his own purposes, and eventually alerted the staff. So I think the situation I posed makes sense. :)

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Hello hello
« Reply #35 on: October 19, 2007, 01:20:31 pm »
So basically he walked in to the house, made some popcorn and watched TV for an hour, then left leaving the door open? Gotcha.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Hello hello
« Reply #36 on: October 19, 2007, 01:48:39 pm »
Yes, that's correct. However, the person in question (to summarize) found the vulnerability, used it to install software for his own purposes, and eventually alerted the staff. So I think the situation I posed makes sense. :)

I see.  I totally agree, then.  I wasn't aware of anything else he did.

Offline Camel

  • Hero Member
  • *****
  • Posts: 1703
    • View Profile
    • BNU Bot
Re: Hello hello
« Reply #37 on: November 01, 2007, 02:30:59 pm »
So basically he walked in to the house, made some popcorn and watched TV for an hour, then left leaving the door open? Gotcha.

Leaving the door open would be inviting others who are unfamiliar with the door's lack of locks to come in.

I think in this case, he just left the lights and the heat on.

Mmm, popcorn.

<Camel> i said what what
<Blaze> in the butt
<Camel> you want to do it in my butt?
<Blaze> in my butt
<Camel> let's do it in the butt
<Blaze> Okay!

Offline Krazed

  • x86
  • Hero Member
  • *****
  • Posts: 1822
    • View Profile
Re: Hello hello
« Reply #38 on: March 04, 2008, 10:19:22 am »
Hey cool, we've gone up in the world. We're #236 on google now.
It is good to be good, but it is better to be lucky.