Thank you, Curtis G and I worked hard to make it happen.
opcorn:
opcorn:You want Curtis G, and me banned? Put up a poll asking if Curtis G and m should be banned. If the majority of the forum thinks that, then ban us.
opcorn:
Last edited by a moderator:
I think banned these people, no matter how annoying, will not help. It might be somewhat helpful to have them here.You want Curtis G, and me banned? Put up a poll asking if Curtis G and m should be banned. If the majority of the forum thinks that, then ban us.
jarland
The ocean is digital
No it won't. They only want attention. They're feeding off the "lulz" here so deprive them of that by banning every new name they make and encouraging hosts to deal with these matters quietly so long as clients are not directly impacted. They are nothing more than children who demand to be heard. I hope one day they grow up and realize that the world doesn't revolve around them, but until then I'd settle for everyone effected filing civil lawsuits for lost income when they step over the line. Sure it's expensive, but kids need to learn. With that said, they'll no longer be acknowledged by me, Ryan, or Don as a part of Catalyst Host. We don't negotiate with skids. Anything further that we have to communicate to them can be done by certified/registered mail, should any reason present itself.
Last edited by a moderator:
Now to ban netnub too.
For what? Making your security better...
SolusVM, WHMCS, Hostbill are at fault here, not me. I simply abuse the software and find the exploits, I don't develop their shit software.
Its your fault for using the horrible the software in the first place. In my "defense", I used my best-efforts to contact the developers, was ignored. Therefore they're stupid for ignoring me.
As for you Jarland, I really have nothing to say to you, besides without people like me you wouldn't understand the concept of security. If we're going to bash people who expose vulnerabilities, why don't we blame every security researcher/exploiter on the internet; too many to count.
As for suing people, thats just pure out bullshit. The fact you want to sue the person who disclosed them is pure stupidy, you should be sueing the companies for not understanding the concept of security. I really hate when people like you want to say you can sue anyone for any reason, as that just doesn't work for me. You can't simply sue people for assisting in finding security issues.
As for all the companies like SolusVM, WHMCS,hostbill,spbas,etc. that think they're safe, well they're not. They will never be, as long as they still rely on encoders to make them 'un-exploitable' then people will decode + find vulnerabilities and then expose them.
No matter how much you want to deny what I've said here it'd be very hard for you to do that as its all facts that I'm posting. I was asked multiple times to contact them first, so I did, I even showed proof! Then I disclosed some, hell even Humza(Infinity on LET) gave them proof of vulnerabilities, however in a blog post they denied that noone sent them anyone.
Unless companies take credit for they're mistakes then they'll never learn. Now I'm not going to say you can never be 100% "unhackable", because anything written by people can be exploited, reverse engineered, etc. For example, SolusVM knows what it has to do because someone told it what to do in lines of code, however they f**ked up majorly by not sanatizing the variables.
Therefore, referring to the point above, the company who developed the commerical product is at fault, not the security researchers.
Now I feel I've ranted enough at 12:05 AM in the morning.
.
Last edited by a moderator:
jarland
The ocean is digital
I second this motion.
titanicsaled
New Member
Yup, it's about time I think.
It just shows that he hasn't changed at all since his amazing contributions to LET.
@jarland netub posted this thread a while back asking about needing a DDoS protected server: http://vpsboard.com/topic/495-251gbs-attack-incoming-flood-advice/?hl=ddos
... just to see how many providers would jump at offering him something; then he started sending private messages to providers, including myself, asking them if they would want to resell DDoS Protection Services from HostKVM.net. I mean why in God's name would I want to do that when we already provide DDoS mitigation for free, and we can also provide IP filtering for a price, all of which is built into our DCs infrastructure.
I'm for banning him as well. Such behaviour is unacceptable and bellow the standards of vpsBoard IMHO.
Oh boy - here goes
With regards to security over all, I think we should cast our minds back to the posts on LET where you claimed to be coding a billing system. No, wait, a ticket system. No, wait, a VPS panel. No wait... you get the picture. Each and every one of them was picked apart by the community within minutes because the code was so bad and.... wait for it... full of holes. Our self-proclaimed expert on security here is producing code with more air than Swiss cheese.
All you've done on this forum is cry wolf, make bold claims with no proof and prove yourself to be incredibly stupid. You've been rude and disruptive on IRC and you fail to see why people have a problem with you. I would suggest you put the sock away, go outside, play on your go-kart for a while then come back with fresh eyes. No-one here takes you seriously and your attempt to re-brand yourself from "CurtisG" to "netnub" has failed catastrophically. Do us all a favour; grow up.
Please share with the community where exactly you made anyone's security better and how fault lies solely at the feet of these software vendors. We'll touch back on this in a moment.
Wrong, once again. You didn't use any 'best-efforts' to contact the developers. You submitted a ticket and used their contact form with a ridiculous title relating to their clock ticking away.. and that if they didn't reply you would release some information (of which no-one has seen anything of any value)
Suing isn't ridiculous here. Different way to look at it, you put the business of many providers on hold for a day claiming you had 18 vulnerabilities to disclose. What you actually had.. was sweet naff all. Are you going to hold your hands up and apologies to the huge number of providers you caused issues for? Oh, and again, you disclosed nothing.
I'm sure I'm not alone here in wondering where all these facts are. You were asked to contact them first (something anyone with 2 braincells would have done before taking their 2" hardon public) but you didn't. It wasn't until mid-afternoon you bothered to contact them. You didn't show them any proof at all, you submitted a lame-ass ticket with no information at all apart from, yet again, your raging hardon for attention. You disclosed some? No, again, wrong. You disclosed nothing of any value at all. With regards to Humza, you should probably speak to him again about that - your wires are quite crossed there. What you provided was a few snippets of code where you used 'grep' to find any instance of 'exec' and treated it as though it was some kind of vulnerability. l33t h4x0r. The blog post was made to confirm that no information relating to any exploits had been given and that was true. Really, what Solus should have done is write a blog post saying "Some kid with a hardon is going around trying to scare providers. Being responsible, we're looking in to all of the code to see if any of this is true. Unfortunately, said kid is too busy wanking in to an old sock over forum posts to get in touch. We'll continue to look for any possible issues in the meantime."
With regards to security over all, I think we should cast our minds back to the posts on LET where you claimed to be coding a billing system. No, wait, a ticket system. No, wait, a VPS panel. No wait... you get the picture. Each and every one of them was picked apart by the community within minutes because the code was so bad and.... wait for it... full of holes. Our self-proclaimed expert on security here is producing code with more air than Swiss cheese.
All you've done on this forum is cry wolf, make bold claims with no proof and prove yourself to be incredibly stupid. You've been rude and disruptive on IRC and you fail to see why people have a problem with you. I would suggest you put the sock away, go outside, play on your go-kart for a while then come back with fresh eyes. No-one here takes you seriously and your attempt to re-brand yourself from "CurtisG" to "netnub" has failed catastrophically. Do us all a favour; grow up.
My business? I'm a customer and a provider that was affected. I'm also a reasonable guy that can't tolerate idiots.
