K1u Posted November 10, 2007 Share Posted November 10, 2007 Now I never thought I would have this experience... but strangely I did. I join a forum to help out there community activity, I merely suggest for them to upgrade to 1.1.4 (smf). What precedes is rather strange... instead of merely going on and upgrading there vulnerable board they actually refuse and think that I am insulting them... if you wish to see the thread PM me, I do not want to make a fool out of the admin or users due to there lets just say ignorance. This just shows how ignorant people are when regarding security, I mean the number of Wordpress blogs running 2.1.1 still is insane. Just to give you a good laugh... Some selections Is it unsafe to browse an un-updated forum now? It doesn't have to be up-to-date at all. Quote Link to comment Share on other sites More sharing options...
moonlit Posted November 10, 2007 Share Posted November 10, 2007 You're a twat, K1u, a complete and utter twat. Of course they're going to feel offended if some new guy walks in and starts shitting on their efforts. You'd have appeared more polite had you said "Hey guys, you suck donkey dick while your mother's eating the donkey's shit" and let's be realistic, that wouldn't go down well, would it? Grow some common sense, social grace and try again. Better luck next time 'cos frankly you need it. Quote Link to comment Share on other sites More sharing options...
K1u Posted November 10, 2007 Author Share Posted November 10, 2007 You're a twat, K1u, a complete and utter twat. Of course they're going to feel offended if some new guy walks in and starts shitting on their efforts. You'd have appeared more polite had you said "Hey guys, you suck donkey dick while your mother's eating the donkey's shit" and let's be realistic, that wouldn't go down well, would it? Grow some common sense, social grace and try again. Better luck next time 'cos frankly you need it. I was doing it so that no random asshole would use a public exploit to attack there site. I can see how you are saying it could of been taken rudely, but it was in the best interest of security for that community. Quote Link to comment Share on other sites More sharing options...
digip Posted November 10, 2007 Share Posted November 10, 2007 On a nother topic, I am still waiting for that ignore button. You know, the one where you don't have to see any posts by certain users whos posts you don't wish to see. Quote Link to comment Share on other sites More sharing options...
racc00n Posted November 21, 2007 Share Posted November 21, 2007 i think k1u has done so just to help them no big deal but k1u on k0h.org i saw : 243 MEMBERS ACCOUNTS DELETED. Due to inactivity. hope you didn't delete root Quote Link to comment Share on other sites More sharing options...
VaKo Posted November 21, 2007 Share Posted November 21, 2007 Its a hard call to make, I've found similar wholes before and my usual task list is to email the admin (privately) with a: the problem, b: why it shouldn't be ignored and c: instructions on how to fix it. Only a few people have ever gotten back in touch and said "hey, thanks for the heads up", mostly I've been banned, insulted and on occasion threated with the police. Its really hard for people to see any outsider offering assistance as anything other than interference, even when you've given them step by step instructions on fixing a long term issue. My only advice would be to always deal with things like this discretely, making sure no one looses face. I'm sure if some random yahoo turned up on these forums with a list of security issues most people would attack them rather than asking them to quietly get in contact with me. BTW, if there is an issue you have spotted, i can be contacted on vako@hak5.org or forums@hak5.org and I will be more than happy to listen. Quote Link to comment Share on other sites More sharing options...
K1u Posted November 22, 2007 Author Share Posted November 22, 2007 i think k1u has done so just to help them no big deal but k1u on k0h.org i saw : 243 MEMBERS ACCOUNTS DELETED. Due to inactivity. hope you didn't delete root Yeah those were all script kiddies registering just to download programs we coded. I am eventually going to tell my team to stop providing executables for anyone and just source... I am sure that will make the script kiddies go "huuuh?". Its a hard call to make, I've found similar wholes before and my usual task list is to email the admin (privately) with a: the problem, b: why it shouldn't be ignored and c: instructions on how to fix it. Only a few people have ever gotten back in touch and said "hey, thanks for the heads up", mostly I've been banned, insulted and on occasion threated with the police. Its really hard for people to see any outsider offering assistance as anything other than interference, even when you've given them step by step instructions on fixing a long term issue. My only advice would be to always deal with things like this discretely, making sure no one looses face. I'm sure if some random yahoo turned up on these forums with a list of security issues most people would attack them rather than asking them to quietly get in contact with me. BTW, if there is an issue you have spotted, i can be contacted on vako@hak5.org or forums@hak5.org and I will be more than happy to listen. Yeah... I have never had anyone threaten me with the police but I have had thankyou's. I mainly just point out XSS vulnerabilities or tell the Admin to upgrade there forum/cms/whatever software. The thought of having a 12 year old skid google for a exploit and deface a site just angers me then they call it hacking. Defacing is not hacking. Yeah... I totally agree, I should have probably suggested it quietly instead of making a big fuss out of it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.