Kerry
Member
Registered: 5th Oct 01
Location: Norwich
User status: Offline
|
u gained access to another members account and sent u2u and posted in threads
wot do u call that if it isnt hacking??? or cracking wotever bull crap name u give it???
stil out of order
|
Joff
Member
Registered: 17th Oct 00
Location: Cambridgeshire
User status: Offline
|
I didn't "gain access" that's just the point you're missing.
I tried to explain it to you on Sunday, but you weren't interested. I've explained it all to Tim and Trotty however, so hopefully the way the CS board software is written will improve.
|
Joff
Member
Registered: 17th Oct 00
Location: Cambridgeshire
User status: Offline
|
quote:
Originally posted by Kerry
u ... sent u2u and posted in threads
Two U2U's were sent - one to Vibrio whilst testing the vunerability and one to Tim demonstrating the exploit.
The same was done with the posts - one for Vibrio and one for Tim. None had malicious content and were just done to show how insecure the site can be.
A post was also edited - one of Vibrio's from about a week ago that was long forgotten (like most of his threads), so hardly crime of the century.
|
Kerry
Member
Registered: 5th Oct 01
Location: Norwich
User status: Offline
|
yeh but u shouldnt of even tried, the page didnt just miraculously pop up
i didnt go lookin for access so u shouldnt of
|
Joff
Member
Registered: 17th Oct 00
Location: Cambridgeshire
User status: Offline
|
Perhaps, but I'm sure someone else would have and wouldn't have reported it to Admin.
|
Kerry
Member
Registered: 5th Oct 01
Location: Norwich
User status: Offline
|
oh please u are tryin to be a saviour now 
maybe someone else would of but i dont trust that many people.............
|
Joff
Member
Registered: 17th Oct 00
Location: Cambridgeshire
User status: Offline
|
Not trying to be all righteous or the saviour of CorsaSport (well maybe the latter) but if there's a way around something I tend to look at how to do it. It's what I do.
Yes it's probably not the "right thing to do" but it's done now and Troty's been assured by myself (and hopefully Tim) that his password was never disclosed or used to make/edit/delete posts and U2U's on CS.
|
Kerry
Member
Registered: 5th Oct 01
Location: Norwich
User status: Offline
|
quote:
Originally posted by Joff
but if there's a way around something I tend to look at how to do it. It's what I do.
hacker
|
Joff
Member
Registered: 17th Oct 00
Location: Cambridgeshire
User status: Offline
|
Cracker.
|
Kerry
Member
Registered: 5th Oct 01
Location: Norwich
User status: Offline
|
stil out of order wot ever u wish to call it
|
Trotty
Member
Registered: 22nd Feb 01
Location: Bristol
User status: Offline
|
quote:
Originally posted by Kerry
stil out of order wot ever u wish to call it
Yesh 
|
Joff
Member
Registered: 17th Oct 00
Location: Cambridgeshire
User status: Offline
|
But it's done now.
[Edited on 30-12-2003 by Joff]
|
Kerry
Member
Registered: 5th Oct 01
Location: Norwich
User status: Offline
|
its not the first time though is it joff so i doubt it will be the last with u
be warned everyone
|
Joff
Member
Registered: 17th Oct 00
Location: Cambridgeshire
User status: Offline
|
Yes everyone, BE WARNED
|
SetH
Member
Registered: 15th Jul 01
User status: Offline
|
fcuking heads will roll if any cnut tries that sh1t on me, i`d be well pissed off if i was trotty or Tim.
|
Joff
Member
Registered: 17th Oct 00
Location: Cambridgeshire
User status: Offline
|
Yes.
|
SetH
Member
Registered: 15th Jul 01
User status: Offline
|
I only say what i did because i had a forum account comprimised by somebody once who then proceeded to cause a lot of damage, wasnt nice for all parties involved. 
|
Joff
Member
Registered: 17th Oct 00
Location: Cambridgeshire
User status: Offline
|
Exactly so it's important that board software is secure.
I'd rather Ian/Tim et al had endless time on their hands to test every possibility for getting around CS security, but it's not feasible.
It would be even better if they had a separate site that people could test exploits on, but that's also not going to happen.
I feel I did what I did as responsibly as I could and yes, apologies to Trotty for giving him a scare and worrying him shitless.
|
vibrio
Banned
Registered: 28th Feb 01
Location: POAH
User status: Offline
|
quote:
Originally posted by Joff
quote:
Originally posted by Kerry
u ... sent u2u and posted in threads
Two U2U's were sent - one to Vibrio whilst testing the vunerability and one to Tim demonstrating the exploit.
The same was done with the posts - one for Vibrio and one for Tim. None had malicious content and were just done to show how insecure the site can be.
A post was also edited - one of Vibrio's from about a week ago that was long forgotten (like most of his threads), so hardly crime of the century.
PGTF
|
vibrio
Banned
Registered: 28th Feb 01
Location: POAH
User status: Offline
|
I think keryy should stop going on like a scratched record
|
big eck
Member
Registered: 20th Apr 03
Location: Tullibody. Drives - Audi B8 S4 & Fiesta Zetec-S
User status: Offline
|
Vibs this has fuk all to do with you, why you gettin involved in it??
|
Mistamist
Member
Registered: 16th Jul 03
Location: Gillingham, Kent
User status: Offline
|
Everyone has their valid point, fair enough trotty was made the scape goat for this, maybe it would have been a better idea and create a new user and go about your business with that account.
All sites are/should be tested in this way as its really the only way you can make a site secure. Microsoft employ "hackers" to test the vulnerability of their sites.
kerry i see your point, you are a very moral person which is good, maybe joff should have conducted his experiments in a more user friendly manner (if that makes sence) 
|
Joff
Member
Registered: 17th Oct 00
Location: Cambridgeshire
User status: Offline
|
The way my experiments were carried out were in a completely user friendly manner - Trotty's account was used because of the information I had, which turned out to be successful.
After my initial test post, which I deleted after about 10 minutes, I waited until Tim was online later that evening before demonstrating it to him.
There's no point into going into the details of the exploit, because it's not healthy for CS as to how or what was done, but generally people don't have anything to fear with regards to the security of their CS accounts.
|
vibrio
Banned
Registered: 28th Feb 01
Location: POAH
User status: Offline
|
quote:
Originally posted by big eck
Vibs this has fuk all to do with you, why you gettin involved in it??
it also has fuck all to do with you 
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Hotmail can be hacked, but not easierly. Was at one point, because it had loads of loop holes and were at one point running on MS servers, however, they use linux now
As for joff, well played mate Fair enough, you should have a created a test account and done it, but you found out the exploit in the forum software and reported it - which will hopefully be dealt with and stop other people doing the same. So well done mate  And to the people that think he's a hacker, he isnt...hes a cracker  and stop moaning about it it was for the best and majority of crackers, crack for good, helping to improve on software and stop the little script kiddies with their sub7 shite pissing about 
|
