Jump to content

So have you ever had this happen?


K1u
 Share

Recommended Posts

Now I never thought I would have this experience... but strangely I did.

I join a forum to help out there community activity, I merely suggest for them to upgrade to 1.1.4 (smf). What precedes is rather strange... instead of merely going on and upgrading there vulnerable board they actually refuse and think that I am insulting them... if you wish to see the thread PM me, I do not want to make a fool out of the admin or users due to there lets just say ignorance. This just shows how ignorant people are when regarding security, I mean the number of Wordpress blogs running 2.1.1 still is insane.

Just to give you a good laugh...

Some selections

Is it unsafe to browse an un-updated forum now?

It doesn't have to be up-to-date at all.
Link to comment
Share on other sites

You're a twat, K1u, a complete and utter twat.

Of course they're going to feel offended if some new guy walks in and starts shitting on their efforts.

You'd have appeared more polite had you said "Hey guys, you suck donkey dick while your mother's eating the donkey's shit" and let's be realistic, that wouldn't go down well, would it?

Grow some common sense, social grace and try again. Better luck next time 'cos frankly you need it.

Link to comment
Share on other sites

You're a twat, K1u, a complete and utter twat.

Of course they're going to feel offended if some new guy walks in and starts shitting on their efforts.

You'd have appeared more polite had you said "Hey guys, you suck donkey dick while your mother's eating the donkey's shit" and let's be realistic, that wouldn't go down well, would it?

Grow some common sense, social grace and try again. Better luck next time 'cos frankly you need it.

I was doing it so that no random asshole would use a public exploit to attack there site. I can see how you are saying it could of been taken rudely, but it was in the best interest of security for that community.

Link to comment
Share on other sites

On a nother topic, I am still waiting for that ignore button. You know, the one where you don't have to see any posts by certain users whos posts you don't wish to see.

Link to comment
Share on other sites

  • 2 weeks later...

Its a hard call to make, I've found similar wholes before and my usual task list is to email the admin (privately) with a: the problem, b: why it shouldn't be ignored and c: instructions on how to fix it. Only a few people have ever gotten back in touch and said "hey, thanks for the heads up", mostly I've been banned, insulted and on occasion threated with the police. Its really hard for people to see any outsider offering assistance as anything other than interference, even when you've given them step by step instructions on fixing a long term issue. My only advice would be to always deal with things like this discretely, making sure no one looses face. I'm sure if some random yahoo turned up on these forums with a list of security issues most people would attack them rather than asking them to quietly get in contact with me.

BTW, if there is an issue you have spotted, i can be contacted on vako@hak5.org or forums@hak5.org and I will be more than happy to listen.

Link to comment
Share on other sites

i think k1u has done so just to help them no big deal

but k1u on k0h.org i saw : 243 MEMBERS ACCOUNTS DELETED. Due to inactivity.

hope you didn't delete root  :grin:

Yeah those were all script kiddies registering just to download programs we coded. I am eventually going to tell my team to stop providing executables for anyone and just source... I am sure that will make the script kiddies go "huuuh?".

Its a hard call to make, I've found similar wholes before and my usual task list is to email the admin (privately) with a: the problem, b: why it shouldn't be ignored and c: instructions on how to fix it. Only a few people have ever gotten back in touch and said "hey, thanks for the heads up", mostly I've been banned, insulted and on occasion threated with the police. Its really hard for people to see any outsider offering assistance as anything other than interference, even when you've given them step by step instructions on fixing a long term issue. My only advice would be to always deal with things like this discretely, making sure no one looses face. I'm sure if some random yahoo turned up on these forums with a list of security issues most people would attack them rather than asking them to quietly get in contact with me.

BTW, if there is an issue you have spotted, i can be contacted on vako@hak5.org or forums@hak5.org and I will be more than happy to listen.

Yeah... I have never had anyone threaten me with the police but I have had thankyou's. I mainly just point out XSS vulnerabilities or tell the Admin to upgrade there forum/cms/whatever software. The thought of having a 12 year old skid google for a exploit and deface a site just angers me then they call it hacking. Defacing is not hacking.

Yeah... I totally agree, I should have probably suggested it quietly instead of making a big fuss out of it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...