Pages:
1
..
3
4
5
6
7 |
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
You're called a script kiddie because of the script logs left by attempts to guess passwords for Lumen Christie, Facebook, and other organizations.
The vulnerability you exploited here was already public, though I suppose it is possible you discovered it independently: http://secunia.com/community/forum/thread/show/9946/xmb_cros...
Sadly, since XMB has fallen into disuse, there is no central development committee tracking bugs or working on bug fix releases any more. It will be
up to me to fix our own copy of XMB.
[Edited on 8-13-2014 by Polverone]
PGP Key and corresponding e-mail address
|
|
forgotpassword
Harmless
Posts: 47
Registered: 12-8-2014
Member Is Offline
Mood: No Mood
|
|
I am not sure where you are getting Kali Linux out of, I didn't even make use of it in this instance.
I do have remorse, perhaps I am not portraying it well within this text.
I was explaining my thought process behind this 'attack'.
I didn't mean any harm in fact I love this forum, it is full of great minds and ideas and the last thing I want is it gone.
Arkoma I have already apologised to you and I have apologised to Polverone in private and have supplied him with the knowledge needed to patch this
and I will continue to do so like originally intended.
|
|
arkoma
Redneck Overlord
Posts: 1761
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline
Mood: украї́нська
|
|
Young Man, I sincerely hope that you have learned a valuable life lesson from this. Your credibility is now FOREVER suspect here, whatever your
original intentions were.
"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social
status, nationality, citizenship, etc" z-lib
|
|
Texium
Administrator
Posts: 4566
Registered: 11-1-2014
Location: Salt Lake City
Member Is Offline
Mood: PhD candidate!
|
|
Quote: Originally posted by forgotpassword |
I do have remorse, perhaps I am not portraying it well within this text.
I was explaining my thought process behind this 'attack'.
I didn't mean any harm in fact I love this forum, it is full of great minds and ideas and the last thing I want is it gone.
Arkoma I have already apologised to you and I have apologised to Polverone in private and have supplied him with the knowledge needed to patch this
and I will continue to do so like originally intended. | I don't think that all of this apology after the fact
of being caught is going to do you much good. The damage is already done, and you'll just have to accept that you blocked yourself out of this forum
that you say you love. That's all on you.
|
|
The Volatile Chemist
International Hazard
Posts: 1981
Registered: 22-3-2014
Location: 'Stil' in the lab...
Member Is Offline
Mood: Copious
|
|
Quote: Originally posted by zts16 | Quote: Originally posted by forgotpassword |
I do have remorse, perhaps I am not portraying it well within this text.
I was explaining my thought process behind this 'attack'.
I didn't mean any harm in fact I love this forum, it is full of great minds and ideas and the last thing I want is it gone.
Arkoma I have already apologised to you and I have apologised to Polverone in private and have supplied him with the knowledge needed to patch this
and I will continue to do so like originally intended. | I don't think that all of this apology after the fact
of being caught is going to do you much good. The damage is already done, and you'll just have to accept that you blocked yourself out of this forum
that you say you love. That's all on you. |
I agree. It was fun tracking you, etc. but now that the fun of the mystery is over, the damage must be tallied. And you are lacking. I vote ban... But
wait, is forgotten password ACTUALLY manifest?
|
|
forgotpassword
Harmless
Posts: 47
Registered: 12-8-2014
Member Is Offline
Mood: No Mood
|
|
Well I didn't really bother covering my tracks because I was doing it here and I was going to give myself up anyway, I didn't expect you to be so
sharp.
You can also send U2U's on a users behalf.
Click here to see the code used
Click here to see it work to send me a U2U.
EDIT: Polverone has blocked my VPS's IP, it wont work but the code is still there.
No, my name is FORGOTpassword not FORGOTTENpassword.
He is innocent.
[Edited on 13-8-2014 by forgotpassword]
|
|
Texium
Administrator
Posts: 4566
Registered: 11-1-2014
Location: Salt Lake City
Member Is Offline
Mood: PhD candidate!
|
|
Quote: Originally posted by The Volatile Chemist | I agree. It was fun tracking you, etc. but now that the fun of the mystery is over, the damage must be tallied. And you are lacking. I vote ban... But
wait, is forgotten password ACTUALLY manifest? | As pointed out earlier, forgottenpassword is not an alternate
account of Manifest, but an innocent and unrelated member, while forgotpassword is Manifest's alternate account. I would also vote ban, if there was a
vote, because as arkoma said, his credibility is now forever in question.
|
|
DrAldehyde
Hazard to Self
Posts: 82
Registered: 12-1-2014
Member Is Offline
Mood: No Mood
|
|
I suggest doing a Google search of "how to apologize". You seem to be making some classic mistakes. Most people are pretty forgiving if you offer a
sincere meaningful apology. Good luck to you.
|
|
forgotpassword
Harmless
Posts: 47
Registered: 12-8-2014
Member Is Offline
Mood: No Mood
|
|
I have offered a meaningful apology 1 page ago.
You're taking me out of context I didn't cover my tracks because I was going to inform Polverone it was me anyway.
I sincerely hope it doesn't come to a ban as stated before I love this site.
I am also sincerely sorry for wasting Polverone's time and for wasting yours also.
I'm sure I might have made a few of you fear that your security was at risk so I am also very sorry for that.
[Edited on 13-8-2014 by forgotpassword]
|
|
Brain&Force
Hazard to Lanthanides
Posts: 1302
Registered: 13-11-2013
Location: UW-Madison
Member Is Offline
Mood: Incommensurately modulated
|
|
Also vote ban, ESPECIALLY because you deleted my posts and tricked zts16 into thinking I was faking it. And you sockpuppeted Mr_Magnesium - so you've
also killed the credibilities of other members, at least temporarily.
At the end of the day, simulating atoms doesn't beat working with the real things...
|
|
forgotpassword
Harmless
Posts: 47
Registered: 12-8-2014
Member Is Offline
Mood: No Mood
|
|
Well if that's your opinion I have got to respect that.
|
|
arkoma
Redneck Overlord
Posts: 1761
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline
Mood: украї́нська
|
|
ban
"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social
status, nationality, citizenship, etc" z-lib
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
Making restitution
If you want to get your account back, and you want the big page of evidence about what you've done to go away and not show up in search engine
results, fix the CSRF vulnerability in XMB:
https://github.com/mattbernst/xmbforum
You write the fixes, I'll do the code reviews and merge your pull requests. Maybe someone has already fixed them in another fork/derivative of XMB I'm
unaware of. I don't care if you crib from fixes written elsewhere, but the fixes must be merged into the version I've put up on github, since that's
the version we are using on sciencemadness.
You can get a sanitized, virtualized version of the forum to use for populating a test database, and seeing how the configuration works, here: https://www.sciencemadness.org/whisper/viewthread.php?tid=12...
If you aren't fluent with PHP or git now is a great time to learn.
PGP Key and corresponding e-mail address
|
|
HeYBrO
Hazard to Others
Posts: 289
Registered: 6-12-2013
Location: 'straya
Member Is Offline
Mood:
|
|
I have my account back. Thanks woelen and Polverone.
|
|
forgotpassword
Harmless
Posts: 47
Registered: 12-8-2014
Member Is Offline
Mood: No Mood
|
|
Okay, but I feel I am better to this forum unbanned than banned, I am a genuine user, I have 229 posts.
What I feel are high quality posts.
If I came here to hack or be a nuisance I wouldn't post 229 times.
|
|
arkoma
Redneck Overlord
Posts: 1761
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline
Mood: украї́нська
|
|
QUIT JUSTIFYING AND GET BUSY CODING
"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social
status, nationality, citizenship, etc" z-lib
|
|
forgotpassword
Harmless
Posts: 47
Registered: 12-8-2014
Member Is Offline
Mood: No Mood
|
|
Will do sir.
|
|
gdflp
Super Moderator
Posts: 1320
Registered: 14-2-2014
Location: NY, USA
Member Is Offline
Mood: Staring at code
|
|
Quote: Originally posted by forgotpassword | Okay, but I feel I am better to this forum unbanned than banned, I am a genuine user, I have 229 posts.
What I feel are high quality posts.
If I came here to hack or be a nuisance I wouldn't post 229 times. |
Obviously the forum, including me, disagrees.
|
|
arkoma
Redneck Overlord
Posts: 1761
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline
Mood: украї́нська
|
|
You obviously have the talent.........use it PRODUCTIVELY as Polv has so graciously allowed
"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social
status, nationality, citizenship, etc" z-lib
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
No, a new backup drive is cheap. I want restitution in kind. And the restitution process will improve Manifest's skills for legal employment in
software development, so win/win.
PGP Key and corresponding e-mail address
|
|
arkoma
Redneck Overlord
Posts: 1761
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline
Mood: украї́нська
|
|
Quote: Originally posted by Polverone | No, a new backup drive is cheap. I want restitution in kind. And the restitution process will improve Manifest's skills for legal employment in
software development, so win/win. |
King Solomon could not do better IMHO
edit--messed up quote
[Edited on 8-13-2014 by arkoma]
"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social
status, nationality, citizenship, etc" z-lib
|
|
WGTR
National Hazard
Posts: 971
Registered: 29-9-2013
Location: Online
Member Is Offline
Mood: Outline
|
|
I crafted this exquisite masterpiece of a post, and then realized it was already a page out of date when I posted it. This thread is moving fast
(or maybe I'm just slow).
|
|
adamsium
Hazard to Others
Posts: 180
Registered: 9-4-2012
Location: \ƚooɿ\
Member Is Offline
Mood: uprooting
|
|
Given that this is not the first time that Manifest has made a forum-related 'hack', it is rather difficult to accept his explanation.
See the IRC logs for what Manifest likes to do when he feels butthurt. (hint: he likes to launch DoS attacks in a feeble attempt to display some sort
of 'superiority').
Regardless, let's hope he actually does something useful now and properly patches the vulnerability.
|
|
elementcollector1
International Hazard
Posts: 2684
Registered: 28-12-2011
Location: The Known Universe
Member Is Offline
Mood: Molten
|
|
Polverone, I hate to give you more work after what you've been through, but I hope you double- and triple-check Manifest's fix - it would not surprise
me if he left additional back doors somewhere to cause even worse damage.
Elements Collected:52/87
Latest Acquired: Cl
Next in Line: Nd
|
|
APO
National Hazard
Posts: 627
Registered: 28-12-2012
Location: China Lake
Member Is Offline
Mood: Refluxing
|
|
Seconded, I definitely think that he'll just add security holes, rather than fix any. At most he would just hide them. He doesn't deserve a second
chance in my opinion. Ban his IP address and freeze all his accounts.
"Damn it George! I told you not to drop me!"
|
|
Pages:
1
..
3
4
5
6
7 |